Chat with AI
Deck 11: Personnel and Security
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/60
Play
Full screen (f)
Deck 11: Personnel and Security
1
Which of the following is NOT a typical task performed by the security technician?
A) Configure firewalls and IDPSs
B) Decvelop security policy
C) Coordinate with systems and network administrators
D) Implement advanced security appliances
A) Configure firewalls and IDPSs
B) Decvelop security policy
C) Coordinate with systems and network administrators
D) Implement advanced security appliances
B
2
Most hiring organizations are aware of the precise value of information security certifications because these programs have been in existence for a long time.
False
3
ISACA offers the CGEIT certification that is targeted at upper-level executives such as CISOs and CIOs,directors,and consultants with knowledge and experience in IT operations..____________
False
governance
governance
4
A(n)credit check can uncover past criminal behavior or other information that suggests a potential for future misconduct or a vulnerability that might render a candidate susceptible to coercion or blackmail..____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
5
According to Schwartz et al.,employees who create and install security solutions fall under which classification of InfoSec positions?
A) Definers
B) Administers
C) Builders
D) Architects
A) Definers
B) Administers
C) Builders
D) Architects
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
6
Integrating InfoSec into the hiring process begins with reviewing and updating job descriptions to include InfoSec responsibilities.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
7
To move the InfoSec discipline forward,organizations should take all but which of the following steps?
A) Learn more about the requirements and qualifications for InfoSec and IT positions
B) Learn more about InfoSec budgetary and personnel needs
C) Insist all mid-level and upper-level management take introductory InfoSec courses
D) Grant the InfoSec function an appropriate level of influence and prestige
A) Learn more about the requirements and qualifications for InfoSec and IT positions
B) Learn more about InfoSec budgetary and personnel needs
C) Insist all mid-level and upper-level management take introductory InfoSec courses
D) Grant the InfoSec function an appropriate level of influence and prestige
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
8
A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions is known as racketeering.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
9
The SSCP certification is more applicable to the security manager than the security technician.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
10
InfoSec is a profession with little personnel turnover - most InfoSec professionals stay in their positions for a very long time.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is typically true about the CISO position?
A) Business managers first and technologists second
B) Accountable for the day-to-day operation of all or part of the InfoSec program
C) Frequently reports directly to the Chief Executive Officer
D) Technically qualified individual whomay configure firewalls and IDPSs
A) Business managers first and technologists second
B) Accountable for the day-to-day operation of all or part of the InfoSec program
C) Frequently reports directly to the Chief Executive Officer
D) Technically qualified individual whomay configure firewalls and IDPSs
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
12
Maintaining a secure environment requires that the information security (InfoSec)department be carefully structured and staffed with appropriately skilled and screened personnel..____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
13
A technically qualified individual who may configure firewalls and IDPSs, implement security software,diagnose and troubleshoot problems,and coordinate with systems and network administrators to ensure that security technical controls are properly implemented is known as a security architect.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
14
The most common qualification for a CISO includes the CISSP and CISM certifications.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
15
A requirement that all employees take time off from work,which allows the organization to audit the individual's areas of responsibility is known as a mandatory vacation policy.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
16
Temporary workers-often called temps-may not be subject to the contractual obligations or general policies that govern other employees.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
17
A security manager is accountable for the day-to-day operation of all or part of the InfoSec program..____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following InfoSec positions is responsible for the day-to-day operation of the InfoSec program?
A) CISO
B) Security manager
C) Security officer
D) Security technician
A) CISO
B) Security manager
C) Security officer
D) Security technician
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
19
CISO's should follow six key principles to shape their careers. Which of the following is NOT among those six principles?
A) Practice business engagement
B) Deliver services
C) Manage relationships
D) Demonstrate technical competence
A) Practice business engagement
B) Deliver services
C) Manage relationships
D) Demonstrate technical competence
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
20
Ideally,a candidate for the CISO position should have experience in what other InfoSec position?
A) Security officer
B) Security consultant
C) Security technician
D) Security manager
A) Security officer
B) Security consultant
C) Security technician
D) Security manager
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
21
Which of the following is NOT among the areas covered as part of the Certified Computer Examiner (CCE)certification process?
A) Server hardware construction and theory
B) General computer hardware used in data collection
C) Ethics in practice
D) Forensics data seizure procedures
A) Server hardware construction and theory
B) General computer hardware used in data collection
C) Ethics in practice
D) Forensics data seizure procedures
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
22
A security ____________________ is the typical information security entry-level position.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
23
Ultimately,the _______________________ is the spokesperson for the security team and is responsible for the overall InfoSec program.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
24
In the classification of information security positions,senior people with a lot of broad knowledge,but often not a lot of depth,fall under the category of those that ____________________.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
25
Before hiring security personnel,which of the following should be conducted before the organization extends an offer to any candidate,regardless of job level?
A) New hire orientation
B) Covert surveillance
C) Organizational tour
D) Background check
A) New hire orientation
B) Covert surveillance
C) Organizational tour
D) Background check
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
26
Which of the following policies requires that every employee be able to perform the work of at least one other staff member?
A) Collusion
B) Job rotation
C) Two-person control
D) Separation of duties
A) Collusion
B) Job rotation
C) Two-person control
D) Separation of duties
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?
A) Task rotation
B) Mandatory vacations
C) Separation of duties
D) Job rotation
A) Task rotation
B) Mandatory vacations
C) Separation of duties
D) Job rotation
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
28
Which of the following is expected of the security technician?
A) To be expert, certified and proficient
B) To possess technical qualifications which may vary by position
C) To possess experience with a particular hardware and/or software package
D) All of these
A) To be expert, certified and proficient
B) To possess technical qualifications which may vary by position
C) To possess experience with a particular hardware and/or software package
D) All of these
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
29
Which of the following is a responsibility of an information security department manager?
A) Offering technical information security consulting services to network administrators
B) Running vulnerability identification software packages
C) Preparing postmortem analyses of information security breaches
D) Training Access Control System administrators to set up firewalls
A) Offering technical information security consulting services to network administrators
B) Running vulnerability identification software packages
C) Preparing postmortem analyses of information security breaches
D) Training Access Control System administrators to set up firewalls
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
30
Which of the following is NOT a CISSP concentration?
A) ISSAP
B) ISSTP
C) ISSMP
D) ISSEP
A) ISSAP
B) ISSTP
C) ISSMP
D) ISSEP
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following is a responsibility of an InfoSec technician?
A) Developing InfoSec requirements for the organization
B) Providing hands-on technical consulting services to teams of technical specialists
C) Establishing procedures for the identification of information assets
D) Managing the development of InfoSec policies
A) Developing InfoSec requirements for the organization
B) Providing hands-on technical consulting services to teams of technical specialists
C) Establishing procedures for the identification of information assets
D) Managing the development of InfoSec policies
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
32
The CompTIA ____________________ certification tests an individual's security knowledge mastery and requires two years on-the-job networking experience,with emphasis on security.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following security certifications is considered the most prestigious for security managers and CISOs?
A) CISSP
B) GIAC
C) SSCP
D) SCP
A) CISSP
B) GIAC
C) SSCP
D) SCP
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
34
Which of the following is NOT a task that must be performed if an employee is terminated?
A) Former employee must return all media
B) Former employee's home computer must be audited
C) Former employee's office computer must be secured
D) Former employee should be escorted from the premises
A) Former employee must return all media
B) Former employee's home computer must be audited
C) Former employee's office computer must be secured
D) Former employee should be escorted from the premises
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
35
Which of the following is a domain of the CISSP examination?
A) Cryptography
B) Risk, response, and recovery
C) Monitoring and analysis
D) Malicious code and activity
A) Cryptography
B) Risk, response, and recovery
C) Monitoring and analysis
D) Malicious code and activity
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
36
Which certification program has certifications that require the applicant to complete a written practical assignment that tests the applicant's ability to apply skills and knowledge.
A) GIAC
B) CGEIT
C) CRISC
D) CISA
A) GIAC
B) CGEIT
C) CRISC
D) CISA
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
37
Temporary hires called contract employees - or simply contractors - should not be allowed to do what?
A) Work on the premises
B) Wander freely in and out of buildings
C) Visit the facility without specific, prior coordination
D) Compensated by the organization based on hourly rates
A) Work on the premises
B) Wander freely in and out of buildings
C) Visit the facility without specific, prior coordination
D) Compensated by the organization based on hourly rates
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
38
It is the responsibility of a _______________________ to develop appropriate InfoSec policies,standards,guidelines,and procedures.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
39
Which of the following is NOT a common type of background check that may be performed on a potential employee?
A) Identity check
B) Political activism
C) Motor vehicle records
D) Drug history
A) Identity check
B) Political activism
C) Motor vehicle records
D) Drug history
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following policies requires that two individuals review and approve each other's work before the task is considered complete?
A) Task rotation
B) Two-person control
C) Separation of duties
D) Job rotation
A) Task rotation
B) Two-person control
C) Separation of duties
D) Job rotation
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
41
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
provide the policies,guidelines,and standards,performing conulting and risk assessment and develop technical architectures
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
provide the policies,guidelines,and standards,performing conulting and risk assessment and develop technical architectures
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
42
Describe the certifications developed by SANS. How are they different from InfoSec certifications like CISSP and SSCP?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
43
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a technically qualified individual who may configure firewalls and IDPSs,implement security software,diagnose and troubleshoot problems,and coordinate with systemsand network administrators to ensure that security technical controls are properly implemented
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a technically qualified individual who may configure firewalls and IDPSs,implement security software,diagnose and troubleshoot problems,and coordinate with systemsand network administrators to ensure that security technical controls are properly implemented
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
44
Briefly describe at least five types of background checks.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
45
Describe the position of security manager.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
46
What is the Security+ certification and who is a typical candidate for this certification?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
47
Briefly describe the two outprocessing methods of handling employees who leave their positions at a company.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
48
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
computer forensics certification from ISFCE
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
computer forensics certification from ISFCE
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
49
What are the qualifications and position requirements of a typical security technician?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
50
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a member of the general business community having an information security related role
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a member of the general business community having an information security related role
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
51
Briefly describe the classifications of InfoSec positions as defined by Schwartz et al.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
52
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
accountable for the day-to-day operation of all or part of the InfoSec program and assigned objectives identified by the CISO
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
accountable for the day-to-day operation of all or part of the InfoSec program and assigned objectives identified by the CISO
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
53
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an ISC2 certificate that is often considered to be the most prestigious certification for security managers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an ISC2 certificate that is often considered to be the most prestigious certification for security managers
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
54
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
create and install security solutions
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
create and install security solutions
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
55
List the six key principles that should shape the career of a CISO.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
56
Describe the SSCP certification. How does it compare to the CISSP?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
57
What are some of the common qualifications for a CISO?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
58
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an organization that developed a series of technical security certifications such as the GIAC
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an organization that developed a series of technical security certifications such as the GIAC
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
59
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an ISC2 certification that focuses on practices,roles,and responsibilities as defined by experts
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an ISC2 certification that focuses on practices,roles,and responsibilities as defined by experts
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
60
a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a member of the IT community often responsible for complex operating system programs
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a member of the IT community often responsible for complex operating system programs
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
