Certificate in Information Security Management Principles (CISMP) Quiz Questions and Answers

How should the implementation of an information assurance system be seen within an organisation?

Answer :
  • As a whole organisation issue.

How should the use of an international standard for information security be viewed by senior managers within an organisation?

Answer :
  • As implementing best practice.

If the accuracy of information is a major concern, which of the following would be used to ensure this is covered effectively?

Answer :
  • Integrity.

When a user logs onto a computer system and is asked for their mother’s maiden name, which of the following aspects is the system ensuring?

Answer :
  • Authentication.

Quantitative risk assessment is__________.

Answer :
  • A numerical means to measure comparative risks.

The best approach to risk assessment is to__________.

Answer :
  • Compile a risk register against all information assets.

Which of the following statements best describes an information security architecture?

Answer :
  • A framework of assurance controls that can be applied across the enterprise to protect its information assets.

Which of the following is the security standard that applies to the accreditation of security controls within products?

Answer :
  • ISO 15408.

Which would be the best way to hear about and plan for any regulatory changes to your industry that may affect information assurance?

Answer :
  • Maintaining a relationship with regulatory bodies for the industry.

Writing a security policy is important because__________.

Answer :
  • It sets out the organisation’s formal stance on security for staff and contractors to see