Chapter 11 Quiz Question Bank - CIST1601-Information Security Fund

¡Supera tus tareas y exámenes ahora con Quizwiz!

According to Schwartz, Erwin, Weafer, and Briney "__________" are the real techies who create and install security solutions. A) Builders B) Administrators C) Engineers D) Definers

A) Builders

The __________ position is typically considered the top information security officer in the organization. A) CISO B) CFO C) CTO D) CEO

A) CISO

__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce. A) Temporary employees B) Consultants C) Contractors D) Self-employees

A) Temporary employees

A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position. A) True B) False

A) True

In many organizations, information security teams lacks established roles and responsibilities. A) True B) False

A) True

Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _________________________ A) True B) False

A) True

The International Society of Forensic Computer Examiners (ISFCE) offers two levels of certification, the Certified Computer Examiner (CCE) and the Master ​​Certified Computer Examiner (MCCE). _________________________ A) True B) False

A) True

The general management community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization. A) True B) False

A) True

The organization should integrate the security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training. A) True B) False

A) True

The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions. A) True B) False

A) True

The use of standard job descriptions can increase the degree of professionalism in the information security field. A) True B) False

A) True

Upper management should learn more about the budgetary needs of the information security function and the positions within it. _________________________ A) True B) False

A) True

The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals? A) accounting B) security C) networking D) auditing

A) accounting

​"Know more than you say, and be more skillful than you let on" advise for information security professionals indicates the actions taken to protect information should not interfere with users' actions. A) True B) False

B) False

The model commonly used by large organizations places the information security department within the __________ department. A) management B) information technology C) financial D) production

B) information technology

Which of the following is not one of the categories of positions as defined by Schwartz, Erwin, Weafer, and Briney? A) definer B) user C) builder D) administrator

B) user

"Administrators" provide the policies, guidelines and standards in the Schwartz, Erwin,Weafer, and Briney classification. _________________________ A) True B) False

B) False

A mandatory furlough provides the organization with the ability to audit the work of an individual. _________________________ A) True B) False

B) False

CompTIA offers a vendor-specific certification program called the Security+ certification. A) True B) False

B) False

Existing information security-related certifications are typically well understood by those responsible for hiring in the organizations. A) True B) False

B) False

Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting. _________________________ A) True B) False

B) False

GIAC stands for Global Information Architecture Certification. _________________________ A) True B) False

B) False

ISACA touts the CISA certification as being appropriate for accounting, networking, and security professionals. _________________________ A) True B) False

B) False

ISSMP stands for Information Systems Security Monitoring Professional. _________________________ A) True B) False

B) False

Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _________________________ A) True B) False

B) False

Organizations are not required by law to protect employee information that is sensitive or personal. A) True B) False

B) False

The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _________________________ A) True B) False

B) False

The CISSP-ISSEP concentration focuses on the knowledge areas that are part of enterprise security management. A) True B) False

B) False

The SSCP examination is much more rigorous that the CISSP examination. A) True B) False

B) False

The general management community of interest must plan for the proper staffing for the information security function. _________________________ A) True B) False

B) False

The general management community of interest must plan for the proper staffing for the information security function. _________________________ A) True B) False

B) False

The information security function cannot be placed within protective services. A) True B) False

B) False

The most common credential for a CISO-level position is the Security+ certification. _________________________ A) True B) False

B) False

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications? A) Certified Computer Examiner (CCE) B) Master Certified Computer Examiner (MCCE) C) both a & b D) neither a nor b

C) both a & b

Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization. A) hostile B) departure C) exit D) termination

C) exit

The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market. A) NSA B) CISO C) CISSP D) ISEP

C) CISSP

The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market. A) NSA B) CISO C) CISSP D) ISEP

C) CISSP

The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of these except __________. A) Systems security engineering B) Technical management C) International laws D) Certification and accreditation/risk management framework

C) International laws

System Administration, Networking, and Security Organization is better known as __________. A) SANO B) SAN C) SANS D) SANSO

C) SANS

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss. A) Fire suppression B) Business separation C) Separation of duties D) Collusion

C) Separation of duties

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss. A) Fire suppression B) Business separation C) Separation of duties D) Collusion

C) Separation of duties

The information security function can be placed within the __________. A) insurance and risk management function B) administrative services function C) legal department D) All of the above

D) All of the above

The information security function can be placed within the __________. A) insurance and risk management function B) administrative services function C) legal department D) All of the above

D) All of the above

In recent years, the __________ certification program has added a set of concentration exams. A) ISSEP B) ISSMP C) ISSAP D) CISSP

D) CISSP

__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented. A) CSOs B) CISOs C) Security managers D) Security technicians

D) Security technicians

__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented. A) CSOs B) CISOs C) Security managers D) Security technicians

D) Security technicians

__________ is the requirement that every employee be able to perform the work of another employee. A) Two-man control B) Collusion C) Duty exchange D) Task rotation

D) Task rotation


Conjuntos de estudio relacionados

Chapter 1: Nutrition, Food Choices, and Health

View Set

Cultural Anthropology: Midterm Exam

View Set

Chapter 5: Adult Health and Nutritional Assessment

View Set

Week 1: Intro/Navigating the System

View Set