Chapter 13, 14, & 15
In what area does the Internet Architecture Board (IAB) provide oversight on behalf of the Internet Engineering Task Force (IETF)? Architecture for Internet protocols and procedures Strengthening the U.S. marketplace within the global economy Developing alternate methods used to document operational specifications Subject matter expertise on routing and switching
Architecture for Internet protocols and procedures The IAB provides oversight for architecture for Internet protocols and procedures, processes used to create standards, editorial and publication procedures for requests for comments, and confirmation of IETF chair and technical area directors.
Jiang is pursuing a career in information security. He wants to eventually achieve the (ISC)2 Certified Information Systems Security Professional (CISSP) certification but does not have the required experience. If he passes the CISSP exam now, which credential will Jiang get? CISSP-ISSAP Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) Associate of (ISC)2
Associate of (ISC)2
Hajar has been an (ISC)2 Certified Information Systems Security Professional (CISSP) for 10 years. She would like to earn an advanced certification that demonstrates her ability in systems security engineering. Which of the following CISSP concentrations would meet Hajar's needs? CISSP-ISASP CISSP-ISSEP CISSP-ISSMP CISSP-ISSAP
CISSP-ISSEP The CISSP-ISSEP certification is a CISSP concentration that focuses on incorporating security into projects, applications, business processes, and all information systems. The "E" in ISSEP stands for "engineering."
Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors? Children's Online Privacy Protection Act (COPPA) Sarbanes-Oxley Act (SOX) Family Educational Rights and Privacy Act (FERPA) Children's Internet Protection Act (CIPA)
Children's Internet Protection Act (CIPA) The purpose of CIPA is to protect children from exposure to offensive Internet content. CIPA requires public school systems and public library systems that participate in E-Rate federal funding to be in compliance with CIPA.
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) Reference Model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI? Ocean Surveillance Information System (OSIS) International Organization for Standardization (ISO) National Institute of Standards and Technology (NIST) Information Systems Audit and Control Association (ISACA)
International Organization for Standardization (ISO) The ISO publishes many standards for nearly all industries. Perhaps the best-known ISO standard is the OSI Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.
Alison retrieved data from a company database containing personal information on customers. When she looks at the Social Security number (SSN) field, she sees values that look like this: "XXX-XX-9142." What has happened to these records? Encryption Truncation Hashing Masking
Masking Organizations typically implement role-based access control mechanisms in their applications to ensure the confidentiality of sensitive data. Masking is used to "X out" pertinent characters of sensitive data.
Ben is working toward a position as a senior security administrator. He would like to earn his first International Information Systems Security Certification Consortium (ISC)2 certification. Which certification is most appropriate for his needs? Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cloud Security Professional (CCSP)
Systems Security Certified Practitioner (SSCP) The SSCP certification is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators.
True or False? All Check Point certification exams involve some hands-on experience. True False
True
True or False? Certified Internet Web Professional (CIW) offers several credentials that focus on both general and web-related security. True False
True
True or False? ISO/IEC 27002 provides organizations with best-practice recommendations on information security management. True False
True
True or False? Juniper Networks offers vendor-specific certifications for its networking product line. True False
True
True or False? One of the goals of the American National Standards Institute (ANSI) is to ensure the safety and health of consumers and the protection of the environment. True False
True
True or False? One requirement of the GIAC Security Expert (GSE) credential is that candidates must hold three GIAC credentials, with two of the credentials being Gold. True False
True
True or False? Protected health information (PHI) is any individually identifiable information about a person's health. True False
True
True or False? RSA provides security, risk, and compliance solutions for enterprise environments. True False
True
True or False? Sarbanes-Oxley Act (SOX) Section 404 requires an organization's executive officers to establish, maintain, review, and report on the effectiveness of the company's internal controls over financial reporting (ICFR). True False
True
True or False? Schools that violate the Family Educational Rights and Privacy Act (FERPA) can lose their federal funding. True False
True
True or False? The Federal Information Security Modernization Act (FISMA) of 2014 assigned the Department of Homeland Security (DHS) the responsibility for developing, implementing, and ensuring federal government-wide compliance as per FISMA information security policies, procedures, and security controls. True False
True
True or False? The Institute of Electrical and Electronics Engineers (IEEE) develops and distributes standards that relate to electricity and electronics. True False
True
Devaki is a network engineer. She is diagnosing an issue with a small business customer's wireless local area network (WLAN). She knows the Institute of Electrical and Electronics Engineers (IEEE) has created the standards involved in various network technologies. While WLAN standards cover a wide array of subsets, which general standard does she need to consult that addresses all WLANs? 802.3 802.11 802.16 802.18
802.11 The IEEE 802.11 series of standards covers wireless LAN technology, including 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and 802.11ax.
Helen has no security experience. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her? Certified Information Systems Security Professional (CISSP) CompTIA Security+ GIAC Assessing Wireless Networks (GAWN) Certified Internet Web Professional (CIW)
CompTIA Security+ The Security+ certification is a vendor-neutral certification from CompTIA that has become the entry-level information security certification of choice for IT professionals.
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X? Customer Covered entity Nonaffiliated third party Consumer
Consumer The Gramm-Leach-Bliley Act (GLBA) distinguishes between customers and consumers for its notice requirements. A consumer is any person who gets a consumer financial product or service from a financial institution. A customer is a consumer who has a continuing relationship with the institution. An example of a consumer without a customer relationship is people who withdraw cash from an ATM that does not belong to their personal bank. They are consumers of the bank's ATM service but are not customers of that bank.
True or False? CompTIA Security+ is an expert-level security certification. True False
False CompTIA Security+ is an entry-level security certification.
True or False? Symantec Certified Specialist (SCS) certifications focus on troubleshooting of Symantec solutions. True False
False SCS certifications focus on administration of Symantec solutions.
True or False? Symantec offers vendor-neutral certifications as well as certifications for its product lines. True False
False Symantec offers certifications only for its product lines.
True or False? A website designer seeking guidance on how to incorporate Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML) would most likely consult Internet Engineering Task Force (IETF) requests for comments (RFCs). True False
False The website designer would most likely consult World Wide Web Consortium (W3C) standards and specifications.
Gary is troubleshooting a security issue on an Ethernet network. He would like to look at the relevant Ethernet standard. What publication should he seek out? NIST 800-53 IEEE 802.3 ANSI X.1199 ISO 17799
IEEE 802.3 The Institute of Electrical and Electronics Engineers (IEEE) standard 802.3 contains the specification for Ethernet networking.
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? ISO 17799 ISO 9000 ISO 27002 ISO 14001
ISO 27002 ISO 27002 is the current guidance on information security management issued by the ISO. It replaces the older ISO 17799 that covered the same topic.
True or False? Standards provide guidelines to ensure that products in today's computing environments work together. True False
True