CISM Certified Information Security
Manager Exam
A fence - ANSWER-An example of a preventative control is:
A hash function creates a fixed length hash regardless of input message length -
ANSWER-What is the length of a digest created by a hash function?
a person that takes ownership of each activity - ANSWER-The implementation of a
security program requires:
A security awareness program - ANSWER-The most effective tool a security
department has is:
Accreditation - ANSWER-Ensuring that a system is not implemented until it has been
formally approved by a senior manager is part of:
Address the ley distribution problems of asymmetric encryption - ANSWER-A primary
reason for the development of public key cryptography was to:
Administrative controls - ANSWER-An information classification policy is what form of
control?
Alignment with the goals and objectives of the organization - ANSWER-The foundation
of an information security program is:
an enterprise = wide approach to security architecture - ANSWER-The Sherwood
Applied Business Security Architecture SABSA is primarily concerned with
Any event or action that could cause harm to the organization - ANSWER-What is a
threat?
Assist in the management of a complex project by breaking it into individual steps -
ANSWER-The purpose of a life cycle as used in the Systems Development Life Cycle
SDLC is to:
At each stage starting at project initiation - ANSWER-At which stage of a project should
risk management be performed?
business assurance - ANSWER-Audit is a form of:
Certification - ANSWER-The testing and evaluation of the security of a system made in
support of the decision to implement the system is known as
, Change control - ANSWER-To ensure the quality and adherence to standards for a
modification to a system the organization enforces:
Compare the current state of security with the desired state - ANSWER-The use of a
baseline can help the organization to:
confidentiality - ANSWER-An benefit provided by a symmetric algorithm is:
Confidentiality - ANSWER-One of the most important considerations when two
organizations are considering a merger is?
Confidentiality, Integrity, and Availability - ANSWER-The core principles of an
information security program are
Countermeasure - ANSWER-Encryption is an example of a:
Create a secure tunnel to allow transmission of sensitive data over an insecure network
- ANSWER-A Virtual Private Network (VPN) is used to:
Detective control - ANSWER-An audit log is an example of a:
Determine the desired state of security - ANSWER-The first step in an information
security strategy is to:
Determine the disparity between current and desired state - ANSWER-A gap analysis
can be used to:
determine the priorities for recovery of business processes and systems - ANSWER-
The ultimate goal of BIA is to:
development of a business case - ANSWER-What is a primary method for justifying
investments in information security?
Digital signatures - ANSWER-Asymmetric algorithms are often used in:
Discourage inappropriate behavior - ANSWER-A deterrent control can be used to:
Encryption of large amounts of data - ANSWER-Symmetric key algorithms are best
used for:
Enforce policies at a desktop level - ANSWER-The use of a policy compliant system
may enable an organization to:
Ensure all data is removed or destroyed by the outsource service provider - ANSWER-
When an outsourcing contract expires the organization must:
Manager Exam
A fence - ANSWER-An example of a preventative control is:
A hash function creates a fixed length hash regardless of input message length -
ANSWER-What is the length of a digest created by a hash function?
a person that takes ownership of each activity - ANSWER-The implementation of a
security program requires:
A security awareness program - ANSWER-The most effective tool a security
department has is:
Accreditation - ANSWER-Ensuring that a system is not implemented until it has been
formally approved by a senior manager is part of:
Address the ley distribution problems of asymmetric encryption - ANSWER-A primary
reason for the development of public key cryptography was to:
Administrative controls - ANSWER-An information classification policy is what form of
control?
Alignment with the goals and objectives of the organization - ANSWER-The foundation
of an information security program is:
an enterprise = wide approach to security architecture - ANSWER-The Sherwood
Applied Business Security Architecture SABSA is primarily concerned with
Any event or action that could cause harm to the organization - ANSWER-What is a
threat?
Assist in the management of a complex project by breaking it into individual steps -
ANSWER-The purpose of a life cycle as used in the Systems Development Life Cycle
SDLC is to:
At each stage starting at project initiation - ANSWER-At which stage of a project should
risk management be performed?
business assurance - ANSWER-Audit is a form of:
Certification - ANSWER-The testing and evaluation of the security of a system made in
support of the decision to implement the system is known as
, Change control - ANSWER-To ensure the quality and adherence to standards for a
modification to a system the organization enforces:
Compare the current state of security with the desired state - ANSWER-The use of a
baseline can help the organization to:
confidentiality - ANSWER-An benefit provided by a symmetric algorithm is:
Confidentiality - ANSWER-One of the most important considerations when two
organizations are considering a merger is?
Confidentiality, Integrity, and Availability - ANSWER-The core principles of an
information security program are
Countermeasure - ANSWER-Encryption is an example of a:
Create a secure tunnel to allow transmission of sensitive data over an insecure network
- ANSWER-A Virtual Private Network (VPN) is used to:
Detective control - ANSWER-An audit log is an example of a:
Determine the desired state of security - ANSWER-The first step in an information
security strategy is to:
Determine the disparity between current and desired state - ANSWER-A gap analysis
can be used to:
determine the priorities for recovery of business processes and systems - ANSWER-
The ultimate goal of BIA is to:
development of a business case - ANSWER-What is a primary method for justifying
investments in information security?
Digital signatures - ANSWER-Asymmetric algorithms are often used in:
Discourage inappropriate behavior - ANSWER-A deterrent control can be used to:
Encryption of large amounts of data - ANSWER-Symmetric key algorithms are best
used for:
Enforce policies at a desktop level - ANSWER-The use of a policy compliant system
may enable an organization to:
Ensure all data is removed or destroyed by the outsource service provider - ANSWER-
When an outsourcing contract expires the organization must:
