Fundamental Information Security Chapter 14: Information Security Professional Certifications

Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC) 2 certification. Which certification is most appropriate for his needs? Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cloud Security Professional (CCSP)

Systems Security Certified Practitioner (SSCP)

What DoD directive requires that information security professionals in the government earn professional certifications? 8088 8140 8270 8540

8140

How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations? Two Three Four Five

Two

How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? 7 8 9 10

8

Which of the following is NOT a role described in DoD Directive 8140, which covers cyber security training? Attack Protect and defend Operate and maintain Investigate

Attack

Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications? Security+ GIAC Certified Firewall Analyst (GCFW) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose? Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cyber Forensics Professional (CCFP) HealthCare Certified Information Security Privacy Practitioner (HCISPP)

Certified Secure Software Lifecycle Professional (CSSLP)

Which of the following Cisco certifications demonstrates the most advanced level of security knowledge? Cisco Certified Technician (CCT) Security Cisco Certified Network Associate (CCNA) Security Cisco Certified Network Professional (CCNP) Security Cisco Certified Internetwork Expert (CCIE) Security

Cisco Certified Internetwork Expert (CCIE) Security

Cisco offers certifications only at the Associate, Professional, and Expert levels. True False

False

DoD Directive 8570.01 is a voluntary certification requirement. True False

False

What organization offers a variety of security certifications that are focused on the requirements of auditors? International Information Systems Security Certification Consortium, Inc. (ISC)2 CompTIA Global Information Assurance Certification (GIAC) ISACA

ISACA

Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact? High Tech Crime Network International Council of E-Commerce Consultants (EC-Council) Software Engineering Institute - Carnegie Mellon University The International Society of Forensic Computer Examiners

International Council of E-Commerce Consultants (EC-Council)

What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4016? Senior System Managers System Administrators Information Assurance Officers Risk Analysts

Risk Analysts

What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012? Senior System Managers System Administrators Information Assurance Officers Risk Analysts

Senior System Manager

Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her? Certified Information Systems Security Professional (CISSP) GIAC Security Expert (GSE) Security+ CompTIA Advanced Security Practitioner (CASP)

Security+

Juniper Networks offers vendor-specific certifications. True False

True

A GIAC credential holder may submit a technical paper that covers an important area of information security. If the paper is accepted, it adds the Gold credential to the base GIAC credential. True False

True

What certification organization began as an offshoot of the SANS Institute training programs? International Information Systems Security Certification Consortium, Inc. (ISC)2 CompTIA Certified Internet Webmaster (CIW) Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices? CISSP CCIE Security+ CCSA

CCSA

Rod has been a Certified Information Systems Security Professional (CISSP) for 10 years. He would like to earn an advanced certification that demonstrates his ability in information security architecture. Which of the following CISSP concentrations would meet Rod's needs? CISSP-ISASP CISSP-ISSEP CISSP-ISSMP CISSP-ISSAP

CISSP-ISSAP

Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard? Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)

Certified Information Security Manager (CISM)

What certification focuses on information systems audit, control, and security professionals? Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)

Certified Information Systems Auditor (CISA)

Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC) 2 certification and the gold standard for information security professionals? Certified Authorization Professional (CAP) Certified Cloud Security Professional (CCSP) Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP)

Certified Information Systems Security Professional (CISSP)

Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities? GIAC Systems and Network Auditor (GSNA) GIAC Certified Forensic Examiner (GCFE) GIAC Certified Firewall Analyst (GCFW) GIAC Certified Penetration Tester (GPEN)

GIAC Certified Forensic Examiner (GCFE)

Information Systems Security Certification Consortium, Inc. (ISC)2 is the baseline for federal and DoD work-role definitions. True False

False

The CISSP-ISSEP concentration requires that a candidate demonstrate two years of professional experience in the area of architecture. True False

False

The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems. True False

False

The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements. True False

False

A certification is an official statement that validates that a person has satisfied specific job requirements. True False

True

A common method for identifying what skills a security professional possesses is his or her level of certification. True False

True

CompTIA Security+ is an entry-level security certification. True False

True

Defense Information Systems Agency (DISA) is the agency arm of the U.S. Department of Defense that provides information technology and communications support to the White House, Secretary of Defense, and all military sectors that contribute to the defense of the United States of America. True False

True

DoD and NSA have adopted several training standards to serve as a pathway to satisfy Directive 8140. Although they are called standards, they are really training requirements for specific job responsibilities. True False

True

One requirement of the GIAC Security Expert (GSE) credential is that candidates must hold three GIAC credentials, with two of the credentials being Gold. True False

True

RSA is a global provider of security, risk, and compliance solutions for enterprise environments. True False

True

The (ISC) 2 Systems Security Certified Practitioner (SSCP) credential covers the seven domains of best practices for information security. True False

True

The Certified Cloud Security Professional (CCSP) certification was created by both (ISC) 2 and the Cloud Security Alliance (CSA). True False

True

The HealthCare Certified Information Security and Privacy Practitioner (HCISPP) credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations. True False

True