IS456 Ch.13&15
Personally owned devices
A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment?
False
Symantec offers vendor-neutral certifications as well as certifications for its product lines.
True
A common method for identifying what skills a security professional possesses is his or her level of certification.
True
A GIAC credential holder may submit a technical paper that covers an important area of information security. If the paper is accepted, it adds the Gold credential to the base GIAC credential.
Certified Secure Software Lifecycle Professional (CSSLP)
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?
True
CompTIA Security+ is an entry-level security certification.
True
The (ISC)2 Systems Security Certified Practitioner (SSCP) credential covers the seven domains of best practices for information security.
False
The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems.
True
The HealthCare Certified Information Security and Privacy Practitioner (HCISPP) credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations.
False
The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements.
Annually
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees?
International Council of E-Commerce Consultants (EC-Council)
Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact?
8
How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam?
Four
How many years of post-secondary education are typically required to earn a bachelor's degree in a non-accelerated program?
Two
How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations?
False
Information Systems Security Certification Consortium, Inc. (ISC)2 is the baseline for federal and DoD work-role definitions.
Certified Information Systems Auditor (CISA)
What certification focuses on information systems audit, control, and security professionals?
Associate's degree
What level of academic degree requires the shortest period of time to earn and does NOT require any other postsecondary degree as a prerequisite?
ISACA
What organization offers a variety of security certifications that are focused on the requirements of auditors?
Zero-day
What type of malware does NOT have an anti-malware solution and should be covered in security awareness training?
Education
What type of security communication effort focuses on a common body of knowledge?
Senior System Manager
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012?
Risk Analysts
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4016?
MBA
Which of the following graduate degree programs focuses on managing the process of securing information systems, rather than the technical aspects of information security?
Self-study programs
Which of the following study options provides little to no opportunity for feedback?
True
Certified Internet Webmaster (CIW) offers several credentials that focus on both general and web-related security.
Accredited
________ refers to a program of study approved by the State Department of Education in the state that a school operates.
Awareness
__________ is a continuous process designed to keep all personnel vigilant.
True
A certification is an official statement that validates that a person has satisfied specific job requirements.
False
DoD Directive 8570.01 is a voluntary certification requirement.
True
DoD and NSA have adopted several training standards to serve as a pathway to satisfy Directive 8140. Although they are called standards, they are really training requirements for specific job responsibilities.
False
The CISSP-ISSEP concentration requires that a candidate demonstrate two years of professional experience in the area of architecture.
CCSA
Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices?
GIAC Certified Forensic Examiner (GCFE)
Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities?
True
Juniper Networks offers vendor-specific certifications.
True
One requirement of the GIAC Security Expert (GSE) credential is that candidates must hold three GIAC credentials, with two of the credentials being Gold.
True
RSA is a global provider of security, risk, and compliance solutions for enterprise environments.
Cisco Certified Internetwork Expert (CCIE) Security
Which of the following Cisco certifications demonstrates the most advanced level of security knowledge?
Certified Information Security Manager (CISM)
Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications?
Certified Information Systems Security Professional (CISSP)
Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals?
Systems Security Certified Practitioner (SSCP)
Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC)2 certification. Which certification is most appropriate for his needs?
False
Cisco offers certifications only at the Associate, Professional, and Expert levels.
True
Defense Information Systems Agency (DISA) is the agency arm of the U.S. Department of Defense that provides information technology and communications support to the White House, Secretary of Defense, and all military sectors that contribute to the defense of the United States of America.
Security+
Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her?
Master's degree
Helen is an experienced information security professional who earned a four-year degree while a full-time student. She would like to continue her studies on a part-time basis. What is the next logical degree for Helen to earn?
Certified Information Security Manager (CISM)
Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard?
CISSP-ISSAP
Rod has been a Certified Information Systems Security Professional (CISSP) for 10 years. He would like to earn an advanced certification that demonstrates his ability in information security architecture. Which of the following CISSP concentrations would meet Rod's needs?
True
The Certified Cloud Security Professional (CCSP) certification was created by both (ISC)2 and the Cloud Security Alliance (CSA).