Chapter 11 Quiz Question Bank - CIST1601-Information Security Fund
According to Schwartz, Erwin, Weafer, and Briney "__________" are the real techies who create and install security solutions. A) Builders B) Administrators C) Engineers D) Definers
A) Builders
The __________ position is typically considered the top information security officer in the organization. A) CISO B) CFO C) CTO D) CEO
A) CISO
__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce. A) Temporary employees B) Consultants C) Contractors D) Self-employees
A) Temporary employees
A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position. A) True B) False
A) True
In many organizations, information security teams lacks established roles and responsibilities. A) True B) False
A) True
Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _________________________ A) True B) False
A) True
The International Society of Forensic Computer Examiners (ISFCE) offers two levels of certification, the Certified Computer Examiner (CCE) and the Master Certified Computer Examiner (MCCE). _________________________ A) True B) False
A) True
The general management community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization. A) True B) False
A) True
The organization should integrate the security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training. A) True B) False
A) True
The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions. A) True B) False
A) True
The use of standard job descriptions can increase the degree of professionalism in the information security field. A) True B) False
A) True
Upper management should learn more about the budgetary needs of the information security function and the positions within it. _________________________ A) True B) False
A) True
The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals? A) accounting B) security C) networking D) auditing
A) accounting
"Know more than you say, and be more skillful than you let on" advise for information security professionals indicates the actions taken to protect information should not interfere with users' actions. A) True B) False
B) False
The model commonly used by large organizations places the information security department within the __________ department. A) management B) information technology C) financial D) production
B) information technology
Which of the following is not one of the categories of positions as defined by Schwartz, Erwin, Weafer, and Briney? A) definer B) user C) builder D) administrator
B) user
"Administrators" provide the policies, guidelines and standards in the Schwartz, Erwin,Weafer, and Briney classification. _________________________ A) True B) False
B) False
A mandatory furlough provides the organization with the ability to audit the work of an individual. _________________________ A) True B) False
B) False
CompTIA offers a vendor-specific certification program called the Security+ certification. A) True B) False
B) False
Existing information security-related certifications are typically well understood by those responsible for hiring in the organizations. A) True B) False
B) False
Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting. _________________________ A) True B) False
B) False
GIAC stands for Global Information Architecture Certification. _________________________ A) True B) False
B) False
ISACA touts the CISA certification as being appropriate for accounting, networking, and security professionals. _________________________ A) True B) False
B) False
ISSMP stands for Information Systems Security Monitoring Professional. _________________________ A) True B) False
B) False
Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _________________________ A) True B) False
B) False
Organizations are not required by law to protect employee information that is sensitive or personal. A) True B) False
B) False
The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _________________________ A) True B) False
B) False
The CISSP-ISSEP concentration focuses on the knowledge areas that are part of enterprise security management. A) True B) False
B) False
The SSCP examination is much more rigorous that the CISSP examination. A) True B) False
B) False
The general management community of interest must plan for the proper staffing for the information security function. _________________________ A) True B) False
B) False
The general management community of interest must plan for the proper staffing for the information security function. _________________________ A) True B) False
B) False
The information security function cannot be placed within protective services. A) True B) False
B) False
The most common credential for a CISO-level position is the Security+ certification. _________________________ A) True B) False
B) False
The International Society of Forensic Computer Examiners (ISFCE) offers which certifications? A) Certified Computer Examiner (CCE) B) Master Certified Computer Examiner (MCCE) C) both a & b D) neither a nor b
C) both a & b
Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization. A) hostile B) departure C) exit D) termination
C) exit
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market. A) NSA B) CISO C) CISSP D) ISEP
C) CISSP
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market. A) NSA B) CISO C) CISSP D) ISEP
C) CISSP
The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of these except __________. A) Systems security engineering B) Technical management C) International laws D) Certification and accreditation/risk management framework
C) International laws
System Administration, Networking, and Security Organization is better known as __________. A) SANO B) SAN C) SANS D) SANSO
C) SANS
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss. A) Fire suppression B) Business separation C) Separation of duties D) Collusion
C) Separation of duties
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss. A) Fire suppression B) Business separation C) Separation of duties D) Collusion
C) Separation of duties
The information security function can be placed within the __________. A) insurance and risk management function B) administrative services function C) legal department D) All of the above
D) All of the above
The information security function can be placed within the __________. A) insurance and risk management function B) administrative services function C) legal department D) All of the above
D) All of the above
In recent years, the __________ certification program has added a set of concentration exams. A) ISSEP B) ISSMP C) ISSAP D) CISSP
D) CISSP
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented. A) CSOs B) CISOs C) Security managers D) Security technicians
D) Security technicians
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented. A) CSOs B) CISOs C) Security managers D) Security technicians
D) Security technicians
__________ is the requirement that every employee be able to perform the work of another employee. A) Two-man control B) Collusion C) Duty exchange D) Task rotation
D) Task rotation
