Fundamental Information Security Chapter 14: Information Security Professional Certifications
Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC) 2 certification. Which certification is most appropriate for his needs? Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cloud Security Professional (CCSP)
Systems Security Certified Practitioner (SSCP)
What DoD directive requires that information security professionals in the government earn professional certifications? 8088 8140 8270 8540
8140
How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations? Two Three Four Five
Two
How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? 7 8 9 10
8
Which of the following is NOT a role described in DoD Directive 8140, which covers cyber security training? Attack Protect and defend Operate and maintain Investigate
Attack
Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications? Security+ GIAC Certified Firewall Analyst (GCFW) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose? Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cyber Forensics Professional (CCFP) HealthCare Certified Information Security Privacy Practitioner (HCISPP)
Certified Secure Software Lifecycle Professional (CSSLP)
Which of the following Cisco certifications demonstrates the most advanced level of security knowledge? Cisco Certified Technician (CCT) Security Cisco Certified Network Associate (CCNA) Security Cisco Certified Network Professional (CCNP) Security Cisco Certified Internetwork Expert (CCIE) Security
Cisco Certified Internetwork Expert (CCIE) Security
Cisco offers certifications only at the Associate, Professional, and Expert levels. True False
False
DoD Directive 8570.01 is a voluntary certification requirement. True False
False
What organization offers a variety of security certifications that are focused on the requirements of auditors? International Information Systems Security Certification Consortium, Inc. (ISC)2 CompTIA Global Information Assurance Certification (GIAC) ISACA
ISACA
Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact? High Tech Crime Network International Council of E-Commerce Consultants (EC-Council) Software Engineering Institute - Carnegie Mellon University The International Society of Forensic Computer Examiners
International Council of E-Commerce Consultants (EC-Council)
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4016? Senior System Managers System Administrators Information Assurance Officers Risk Analysts
Risk Analysts
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012? Senior System Managers System Administrators Information Assurance Officers Risk Analysts
Senior System Manager
Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her? Certified Information Systems Security Professional (CISSP) GIAC Security Expert (GSE) Security+ CompTIA Advanced Security Practitioner (CASP)
Security+
Juniper Networks offers vendor-specific certifications. True False
True
A GIAC credential holder may submit a technical paper that covers an important area of information security. If the paper is accepted, it adds the Gold credential to the base GIAC credential. True False
True
What certification organization began as an offshoot of the SANS Institute training programs? International Information Systems Security Certification Consortium, Inc. (ISC)2 CompTIA Certified Internet Webmaster (CIW) Global Information Assurance Certification (GIAC)
Global Information Assurance Certification (GIAC)
Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices? CISSP CCIE Security+ CCSA
CCSA
Rod has been a Certified Information Systems Security Professional (CISSP) for 10 years. He would like to earn an advanced certification that demonstrates his ability in information security architecture. Which of the following CISSP concentrations would meet Rod's needs? CISSP-ISASP CISSP-ISSEP CISSP-ISSMP CISSP-ISSAP
CISSP-ISSAP
Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard? Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)
Certified Information Security Manager (CISM)
What certification focuses on information systems audit, control, and security professionals? Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC) 2 certification and the gold standard for information security professionals? Certified Authorization Professional (CAP) Certified Cloud Security Professional (CCSP) Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP)
Certified Information Systems Security Professional (CISSP)
Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities? GIAC Systems and Network Auditor (GSNA) GIAC Certified Forensic Examiner (GCFE) GIAC Certified Firewall Analyst (GCFW) GIAC Certified Penetration Tester (GPEN)
GIAC Certified Forensic Examiner (GCFE)
Information Systems Security Certification Consortium, Inc. (ISC)2 is the baseline for federal and DoD work-role definitions. True False
False
The CISSP-ISSEP concentration requires that a candidate demonstrate two years of professional experience in the area of architecture. True False
False
The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems. True False
False
The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements. True False
False
A certification is an official statement that validates that a person has satisfied specific job requirements. True False
True
A common method for identifying what skills a security professional possesses is his or her level of certification. True False
True
CompTIA Security+ is an entry-level security certification. True False
True
Defense Information Systems Agency (DISA) is the agency arm of the U.S. Department of Defense that provides information technology and communications support to the White House, Secretary of Defense, and all military sectors that contribute to the defense of the United States of America. True False
True
DoD and NSA have adopted several training standards to serve as a pathway to satisfy Directive 8140. Although they are called standards, they are really training requirements for specific job responsibilities. True False
True
One requirement of the GIAC Security Expert (GSE) credential is that candidates must hold three GIAC credentials, with two of the credentials being Gold. True False
True
RSA is a global provider of security, risk, and compliance solutions for enterprise environments. True False
True
The (ISC) 2 Systems Security Certified Practitioner (SSCP) credential covers the seven domains of best practices for information security. True False
True
The Certified Cloud Security Professional (CCSP) certification was created by both (ISC) 2 and the Cloud Security Alliance (CSA). True False
True
The HealthCare Certified Information Security and Privacy Practitioner (HCISPP) credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations. True False
True