SECURITY AND PERSONNEL

Question 1

1. The general management community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization.

Answer 1

T

Question 2

2. The information security function cannot be placed within protective services.

Answer 2

F

Question 3

. In many organizations, information security teams lacks established roles and responsibilities.

Answer 3

T

Question 4

In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.

Answer 4

T

Question 5

5. The use of standard job descriptions can increase the degree of professionalism in the information security field.

Answer 5

T

Question 6

6. Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes, performing all the day-to-day work.

Answer 6

F

Question 7

7. Security managers are accountable for the day-to-day operation of the information security program.

Answer 7

T

Question 8

8. The security manager position is much more general than that of CISO.

Answer 8

F

Question 9

9. The position of security technician can be offered as an entry-level position.

Answer 9

T

Question 10

10. All of the existing certifications are fully understood by hiring organizations.

Answer 10

F

Question 11

11. ISSEP was developed under a joint agreement between the FBI and the United States National Security Agency, Information Assurance Directorate.

Answer 11

F

Question 12

12. Each CISSP concentration exam consists of 25 to 50 questions.

Answer 12

F

Question 13

13. The SSCP covers ten domains.

Answer 13

F

Question 14

14. The SCNA track focuses on firewalls and intrusion detection.

Answer 14

F

Question 15

15. Information security should be visible to the users.

Answer 15

F

Question 16

16. The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions.

Answer 16

T

Question 17

18. The organization should integrate the security awareness education into a new hire’s ongoing job orientation and make it a part of every employee’s on-the-job security training.

Answer 17

T

Question 18

17. In the business world, background checks determine the individual’s level of security classification, a requirement for many positions.

Answer 18

F

Question 19

19. To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.

Answer 19

T

Question 20

20. Organizations are not required by law to protect employee information that is sensitive or personal.

Answer 20

F

Question 21

1. The model used often by large organizations places the information security department within the ____ department.
   a.
   management
   c.
   financial
   b.
   information technology
   d.
   production

Answer 21

b.
information technology

Question 22

2. The information security function can be placed within the ____.
   a.
   insurance and risk management function
   b.
   administrative services function
   c.
   legal department
   d.
   All of the above

Answer 22

d.
All of the above

Question 23

3. ____ are often involved in national security and cyber-security tasks and move from those environments into the more business-oriented world of information security.
   a.
   Marketing managers
   c.
   Business analysts
   b.
   Military personnel
   d.
   Lawyers

Answer 23

b.
Military personnel

Question 24

4. Many information security professionals enter the field from traditional ____ assignments.
   a.
   HR
   c.
   IT
   b.
   BA
   d.
   All of the above

Answer 24

c.
IT

Question 25

5. A study of information security positions, done by Schwartz, Erwin,Weafer, and Briney, found that positions can be classified into one of ____ areas.
   a.
   two
   c.
   four
   b.
   three
   d.
   five

Answer 25

b.
three

Question 26

6. ____ are the real techies who create and install security solutions.
   a.
   Builders
   c.
   Senior managers
   b.
   Administrators
   d.
   Definers

Answer 26

a.
Builders

Question 27

7. The ____ position is typically considered the top information security officer in the organization.
   a.
   CISO
   c.
   CTO
   b.
   CFO
   d.
   CEO

Answer 27

a.
CISO

Question 28

8. ____ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization’s security technology is properly implemented.
   a.
   CSOs
   c.
   Security managers
   b.
   CISOs
   d.
   Security technicians

Answer 28

d.
Security technicians

Question 29

9. The breadth and depth covered in each of the domains makes the ____ one of the most difficult-to-attain certifications on the market.
   a.
   NSA
   c.
   CISSP
   b.
   CISO
   d.
   ISEP

Answer 29

d.
ISEP

Question 30

10. In recent years, the ____ certification program has added a set of concentration exams.
    a. ISSEP c. ISSAP
    b. ISSMP d. CISSP

Answer 30

d. CISSP

Question 31

11. The ____ examination is designed to provide CISSPs with a mechanism to demonstrate competence in the more in-depth and concentrated requirements of information security manage-ment.
    a. ISSMP c. CISSPM
    b. ISSAP d. CISSMP

Answer 31

a. ISSMP

Question 32

12. ____ was designed to recognize mastery of an international standard for information secu-rity and a common body of knowledge (sometimes called the CBK).
    a. CISSP c. SSCP
    b. ISSMP d. All of the above

Answer 32

c. SSCP

Question 33

13. The SSCP exam consists of ____ multiple-choice questions, and must be completed within three hours.
    a. 75 c. 125
    b. 100 d. 225

Answer 33

c. 125

Question 34

14. System Administration, Networking, and Security Organization is better known as ____.
    a. SANO c. SANS
    b. SAN d. SANSO

Answer 34

c. SANS

Question 35

15. The applicant for the CISM must provide evidence of ____ years of professional work ex-perience in the field of information security, with a waiver or substitution of up to two years for education or previous certification.
    a. five c. ten
    b. eight d. twelve

Answer 35

a. five

Question 36

16. The ____ program focuses more on building trusted networks, including biometrics and PKI.
    a. NFC c. PKI
    b. SCNP d. SCNA

Answer 36

d. SCNA

Question 37

17. Many organizations use a(n) ____ interview to remind the employee of contractual obliga-tions, such as nondisclosure agreements, and to obtain feedback on the employee’s tenure in the organization.
    a. hostile c. exit
    b. departure d. termination

Answer 37

c. exit

Question 38

18. ____ are hired by the organization to serve in a temporary position or to supplement the ex-isting workforce.
    a. Temporary em-ployees c. Contractors
    b. Consultants d. Self-employees

Answer 38

a. Temporary em-ployees

Question 39

19. ____ is a cornerstone in the protection of information assets and in the prevention of finan-cial loss.
    a. Fire protection c. Separation of duties
    b. Business separation d. Collusion

Answer 39

c. Separation of duties

Question 40

20. ____ is the requirement that every employee be able to perform the work of another em-ployee.
    a. Two-man control c. Duty exchange
    b. Collusion d. Task rotation

Answer 40

d. Task rotation