CH. 12-15
Security training programs typically differ from security education programs in their focus on ______________.
hands-on skills
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?
800
What DoD directive requires that information security professionals in the government earn professional certifications?
8140
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees?
Annually
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with?
Application and Session
__________ is a continuous process designed to keep all personnel vigilant.
Awareness
What certification focuses on information systems audit, control, and security professionals?
Certified Information Systems Auditor (CISA)
Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals?
Certified Information Systems Security Professional (CISSP)
Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?
Credit card information
What is the highest level of academic degree that may be earned in the field of information security?
Doctor of philosophy (PhD)
Which organization creates information security standards that specifically apply within the European Union?
European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)
Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system?
Federal Information Security Management Act (FISMA)
Vincent recently went to work for a hospital system. He is reading about various regulations that apply to his new industry. What law applies specifically to health records?
Health Insurance Portability and Accountability Act (HIPAA)
Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve?
Integrity
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?
International Organization for Standardization (ISO)
Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records?
Masking
What federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries?
National Institute of Standards and Technology (NIST)
Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?
Network
Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability Act (HIPAA). Which of the following topics must be included?
Password management
A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment?
Personally owned devices
Which of the following programs requires passing a standardized examination that is based upon a job-task analysis?
Professional certification
What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act?
Publicly traded companies
What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?
Request for comment (RFC)
Which of the following items would generally NOT be considered personally identifiable information (PII)?
Trade secret
Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information?
World Wide Web Consortium (W3C)