Intro to Cyberspace & Cybersec Modules 7-12 Review Assignments

Upper management should learn more about the budgetary needs of the information security function and the positions within it. _____

True

False

True

The position of security analyst can be an entry-level position.

True

False

True

ISSEP stands for Information Systems Security Experienced Professional. _____

True

False

False

The general management community of interest must plan for the proper staffing of the information security function. _____

True

False

False

The use of standardized job descriptions can increase the degree of professionalism in the information security field.

True

False

True

Many who enter the field of information security are technical professionals such as _____ who find themselves working on information security applications and processes more often than traditional IT assignments.

All of the other answers are correct

networking experts or systems administrators

programmers

database administrators

All of the other answers are correct

When new employees are introduced into the organization's culture and workflow, they should receive an extensive information security briefing as part of their employee _____.

orientation

In many organizations, information security teams lack established rules and responsibilities.

True

False

False

_____ is the requirement that every employee be able to perform the work of another employee.

Two-man control

Duty exchange

Task rotation

Collusion

Task rotation

Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting. _____

True

False

False

Like the CISSP, the SSCP certification is more applicable to the security_____ than to the security _____.

technician, manager

manager, engineer

manager, technician

technician, executive

manager, technician

Which of the following is not one of the categories of positions defined by Schwartz?

Builder

Definer

User

Administrator

User

Many organizations use a(n) _____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.

hostile

departure

exit

termination

exit

Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and _____ areas.

policy

The ISSEP concentration allows CISSP certificate holders to demonstrate expert knowledge of all of the following except _____.

international laws

technical management

systems security engineering

certification and accreditation/risk management framework

international laws

The _____ acts as the spokesperson for the information security team.

CISO

The process of integrating information security perspectives into the hiring process includes with reviewing and updating all job descriptions.

True

False

True

The information security function cannot be placed within physical security, as a peer of physical security or protective services.

True

False

False

Mandatory training provides the organization with the ability to audit the work of an individual. _____

True

False

False

The (ISC)2 CISSP concentrations are available for currently certified CISSP professionals to demonstrate knowledge that is part of the CISSP common body of knowledge.

True

False

False

The CISA credential is promoted by ISACA as the certification that is appropriate for all but which type of professionals?

accounting

auditing

networking

security

accounting

The security manager position is much more general than that of the CISO.

True

False

False

ISSAP stands for Information Systems Security Architecture Professional. _____

True

False

True

ISACA promotes the CISA certification as being appropriate for accounting, networking, and security professionals. _____

True

False

False

The (ISC)2 _____ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's common body of knowledge.

C|CISO

CISSP

CISA

CISM

CISSP

The CISSP certification requires both the successful completion of the examination and a(n) _____ by a qualified third party, typically another similarly certified professional, the candidate's employer, or a licensed, certified, or commissioned professional.

endorsement

The advice "Know more than you say, and be more skillful than you let on" for information security professionals indicates that an information security professional should avoid speaking to users in technical jargon.

True

False

False

The Cybersecurity Analyst+ certification from _____ is an intermediate certification with both knowledge-based and performance-based assessment.

SANS

ISACA

ACM

CompTIA

CompTIA

To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.

True

False

True

"Builders" in the field of information security provide day-to-day systems monitoring and are used to support an organization's goals and objectives.

True

False

False

The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization.

True

False

True

_____ departures include resignation, retirement, promotion, or relocation.

Friendly

ISSMP stands for Information Systems Security Monitoring Professional. _____

True

False

False

The Associate of (ISC)2 program is geared toward those who want to take the CISSP or SSCP exam before obtaining the requisite _____ for certification.

experience

Many who move to business-oriented information security were formerly_____ who were often involved in national security or cybersecurity.

military personnel

lawyers

marketing managers

business analysts

military personnel

_____ are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Consultants

Temporary employees

Self-employees

Contractors

Temporary employees

SANS developed a series of technical security certifications in 1999 that are known as the Global Information _____ Certification or GIAC family of certifications.

Assurance

In many cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.

True

False

True

Because the goals and objectives of _____ and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a common manager."

CIOs

_____ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.

CSOs

CISOs

Security managers

Security analysts

Security analysts

_____________ are contracted workers hired for a specific one-time purpose, commonly to provide expertise the organization does not have internally.

Consultants

The former System Administration, Networking, and Security Organization is now better known as _____.

SANO

SANSO

SANS

SAN

SANS

An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.

True

False

True

_____ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Business separation

Separation of duties

Fire suppression

Collusion

Separation of duties

The breadth and depth covered in each of the domains makes the _____ one of the most difficult-to-attain certifications on the market.

CISA

ISEP

Security+

CISSP

CISSP

The model commonly used by large organizations places the information security department within the _____ department.

production

physical security

management

information technology

information technology

In some organizations, the CISO's position may be combined with physical security responsibilities or may even

report to a security manager who is responsible for both logical (information) security and physical security and such a

position is generally referred to as a _____.

CSO

CNSO

CTO

CPSO

CSO

The (ISC)2 CISSP-ISSEP concentrationfocuses on the knowledge area including systems lifecycle management, threat intelligence and incident managements.

True

False

False

Existing information security-related certifications are typically well understood by those responsible for hiring in organizations.

True

False

False

A(n) _____ agency provides specifically qualified individuals at the paid request of another company.

temp

The SSCP examination is much more rigorous than the CISSP examination.

True

False

False

A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position.

True

False

True

It is important to gather employee _____ early about the information security program and respond to it quickly.

feedback

In most cases, organizations look for a technically qualified information security _____ who has a solid understanding of how an organization operates.

expert

specialist

generalist

internist

generalist

Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _____

True

False

True

Security _____ are accountable for the day-to-day operation of the information security program.

managers

The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _____

True

False

False

Security managers accomplish _____ identified by the CISO and resolve issues identified by technicians

tasks

objectives

tactics

strategies

objectives

According to Schwartz, "_____" are the real techies who create and install security solutions.

Builders

Administrators

Definers

Engineers

Builders

To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a behavioral feasibility study before the program is _____.

planned

considered

budgeted

implemented

implemented

The latest forecasts for information security-related positions expect _____ openings than in many previous years..

fewer

more

the same number of

many fewer

more

The _____ is the title most commonly associated with the top information security officer in the organization.

CEO

CFO

CTO

CISO

CISO

Organizations are not required by law to protect employee information that is sensitive or personal.

True

False

False

Separation of _____ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information.

duties

Once a candidate has accepted a job offer, the employment _____ becomes an important security instrument.

contract

ISACA offers the CGEIT as well as the CISA and _____ certifications.

CISM

The ISSMP concentration examination is designed to provide CISSPs with a mechanism to demonstrate competence in _____.

business continuity planning and disaster recovery planning

enterprise security management practices

security management practices

All of these answers are correct

All of these answers are correct

_____ are designed to recognize experts in their respective fields.

Certifications

CompTIA offers a vendor-specific certification program called the Security+ certification.

True

False

False

Security administrators are accountable to provide day-to-day systems monitoring to support an organization's goals

and objectives.

True

False

True

Security administrators provide day-to-day systems monitoring to support an organization's goals and objectives.

True

False

True

To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a _____feasibility study before the program is implemented.

behavioral

In many organizations, information security teams lack established roles and responsibilities.

True

False

True

The information security function can be placed within the _____.

All of the other answers are correct

legal department

administrative services function

insurance and risk management function

All of the other answers are correct

Many hiring managers in information security prefer to recruit a security professional who alreadyhas proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _____

True

False

False

"Administrators" provide the policies, guidelines, and standards in the Schwartz classification. _____

True

False

False

The most common credential for a CISO-level position is the Security+ certification. _____

True

False

False

The process of ensuring that no unnecessary access to data exists and that employees are able to perform only the minimum operations necessary on a set of data is referred to as the principle of _____.

(2 Words)

least privilege

Related to the concept of separation of duties is that of _____, the requirement that two individuals review and approve each other's work before the task is categorized as finished.

two-person control

Job _____ can greatly increase the chance that an employee's misuse of the system or abuse of information will be detected by another employee.

rotation

GIAC stands for Global Information Architecture Certification. _____

True

False

False

A firewall device must never be accessible directly from the _____ network.

public

In most common implementation models, the content filter has two components: _____.

rating and filtering

allow and deny

filtering and encoding

rating and decryption

rating and filtering

The static packet filtering firewall can react to an emergent event and update or create rules to deal with that event. _____

True

False

False

Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients.

True

False

False

The architecture of a(n) _____ firewall protects a DMZ.

(2 Words)

screened subnet

When a bastion host approach is used, the host contains two CPUs, forcing all traffic to go through the device. _____

True

False

False

Discretionary access control is an approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.

True

False

False

Authentication is a mechanism whereby unverified entities who seek access to a resource provide a label by which they are known to the system. _____

True

False

False

Because the _____ host stands as a sole defender on the network perimeter, it is commonly referred to as the sacrificial host.

trusted

DMZ

domain

bastion

bastion

A(n) intranet ​is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _____

True

False

False

The application firewall is also known as a(n) application layer _____ server.

proxy

_____ inspection firewalls keep track of each network connection between internal and external systems.

Stateful

Dynamic

Static

Stateless

Stateful

When Web services are offered outside the firewall, SMTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. _____

True

False

False

Authentication is the process of validating and verifying an unauthenticated entity's purported identity.

True

False

True

_____ filtering requires that the firewall's filtering rules for allowing and denying packets are manually developed and installed with the firewall.

Dynamic

Stateful

Static

Stateless

Static

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) _____.

VPN

ticket

PAC

ECMA

PAC

The _____ is an intermediate area between a trusted network and an untrusted network.

DMZ

domain

firewall

perimeter

DMZ

Kerberos _____ provides tickets to clients who request services.

AS

KDS

TGS

VPN

TGS

The DMZ can be a dedicated port on the firewall device linking a single bastion host.

True

False

True