Scribd
Upload
4 views

Question 1

The document consists of a series of multiple-choice questions related to information security, certifications, and project management methodologies. It covers topics such as the roles of security professionals, various certifications, and best practices in information security management. Each question is designed to assess the reader's knowledge and understanding of the field.

Uploaded by

oye.bhandu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views

Question 1

The document consists of a series of multiple-choice questions related to information security, certifications, and project management methodologies. It covers topics such as the roles of security professionals, various certifications, and best practices in information security management. Each question is designed to assess the reader's knowledge and understanding of the field.

Uploaded by

oye.bhandu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Question 1 (1 point)

Saved

The most common credential for a CISO-level position is the Security+ certification. _____

Question 1 options:

True

False

Question 2 (1 point)

Saved

The _____ is the title most commonly associated with the top information security officer in the
organization.

Question 2 options:

CISO

CFO

CTO

CEO

Question 3 (1 point)

Saved

The (ISC)2 CISSP-ISSEP concentrationfocuses on the knowledge area including systems lifecycle
management, threat intelligence and incident managements.

Question 3 options:

True

False

Question 4 (1 point)

Saved

A background check must always be conducted to determine the level of trust the business can place
in a candidate for an information security position.
Question 4 options:

True

False

Question 5 (1 point)

Saved

_____ are hired by the organization to serve in a temporary position or to supplement the existing
workforce.

Question 5 options:

Temporary employees

Consultants

Contractors

Self-employees

Question 6 (1 point)

Saved

Like the CISSP, the SSCP certification is more applicable to the security_____ than to the security
_____.

Question 6 options:

technician, manager

manager, engineer

manager, technician

technician, executive

Question 7 (1 point)

Saved

The model commonly used by large organizations places the information security department within
the _____ department.

Question 7 options:
management

information technology

physical security

production

Question 8 (1 point)

Saved

In project planning, the tasks or action steps that come before the specific task at hand are
commonly referred to as milestones. _____

Question 8 options:

True

False

Question 9 (1 point)

Saved

The parallel operations strategy works well when an isolated group can serve as a test area, which
prevents any problems with the new system dramatically interfering with the performance of the
organization as a whole. _____

Question 9 options:

True

False

Question 10 (1 point)

Saved

A direct changeover is also known as going “fast turnkey.” _____

Question 10 options:

True

False

Question 11 (1 point)
Saved

Some cases of _____ are simple, such as requiring employees to begin using a new password on an
announced date.

Question 11 options:

phased implementation

direct changeover

pilot implementation

wrap-up

Question 12 (1 point)

Saved

The SSCP examination is much more rigorous than the CISSP examination.

Question 12 options:

True

False

Question 13 (1 point)

Saved

CompTIA offers a vendor-specific certification program called the Security+ certification.

Question 13 options:

True

False

Question 14 (1 point)

Saved

Existing information security-related certifications are typically well understood by those responsible
for hiring in organizations.

Question 14 options:

True
False

Question 15 (1 point)

Saved

Many who enter the field of information security are technical professionals such as _____ who find
themselves working on information security applications and processes more often than traditional
IT assignments.

Question 15 options:

networking experts or systems administrators

database administrators

programmers

All of the other answers are correct

Question 16 (1 point)

Saved

A methodology and formal development strategy for the design and implementation of an
information system is referred to as a _____.

Question 16 options:

systems design

development life project

systems development life cycle

systems schema

Question 17 (1 point)

Saved

The implementation phase is the longest and most expensive phase of the systems development life
cycle (SDLC).

Question 17 options:

True

False
Question 18 (1 point)

Saved

_____ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Question 18 options:

Fire suppression

Business separation

Separation of duties

Collusion

Question 19 (1 point)

Saved

ISSMP stands for Information Systems Security Monitoring Professional. _____

Question 19 options:

True

False

Question 20 (1 point)

Saved

The size of the organization and the normal conduct of business may preclude a large training
program on new security procedures or technologies.

Question 20 options:

True

False

Question 21 (1 point)

Saved

A(n) _____ determines the impact that a specific technology or approach can have on the
organization’s information assets and what it may cost.

Question 21 options:
RFP

WBS

SDLC

CBA

Question 22 (1 point)

Saved

ISACA promotes the CISA certification as being appropriate for accounting, networking, and security
professionals. _____

Question 22 options:

True

False

Question 23 (1 point)

Saved

The first step in the work breakdown structure (WBS) is to break down the project plan into its action
steps.

Question 23 options:

True

False

Question 24 (1 point)

Saved

The investigation phase of the SDLC involves specification of the objectives, constraints, and scope of
the project.

Question 24 options:

True

False

Question 25 (1 point)
Saved

Weak management support, with overly delegated responsibility and no champion, sentences a
project to almost-certain failure.

Question 25 options:

True

False

Question 26 (1 point)

Saved

In most cases, organizations look for a technically qualified information security _____ who has a
solid understanding of how an organization operates.

Question 26 options:

generalist

specialist

internist

expert

Question 27 (1 point)

Saved

"Administrators" provide the policies, guidelines, and standards in the Schwartz classification. _____

Question 27 options:

True

False

Question 28 (1 point)

Saved

To maintain a secure facility, all contract employees should be escorted from room to room, as well
as into and out of the facility.

Question 28 options:

True
False

Question 29 (1 point)

Saved

ISSEP stands for Information Systems Security Experienced Professional. _____

Question 29 options:

True

False

Question 30 (1 point)

Saved

By managing the _____, the organization can reduce unintended consequences by having a process
to resolve the potential conflict and disruption that uncoordinated change can introduce.

Question 30 options:

conversion process

wrap-up

process of change

governance

Question 31 (1 point)

Saved

Planning for the implementation phase requires the creation of a detailed request for proposal,
which is often assigned either to a project manager or the project champion. _____

Question 31 options:

True

False

Question 32 (1 point)

Saved
An ideal organization fosters resilience to change, meaning the the organization understands that
change is a necessary part of the culture and that embracing change is more productive than fighting
it.. _____

Question 32 options:

True

False

Question 33 (1 point)

Saved

Organizations are moving toward more _____-focused development approaches, seeking to improve
not only the functionality of the systems they have in place, but consumer confidence in their
product.

Question 33 options:

security

reliability

accessibility

availability

Question 34 (1 point)

Saved

Each organization has to determine its own project management methodology for IT and information
security projects.

Question 34 options:

True

False

Question 35 (1 point)

Saved

In some organizations, the CISO’s position may be combined with physical security responsibilities or
may even
report to a security manager who is responsible for both logical (information) security and physical
security and such a
position is generally referred to as a _____.
Question 35 options:

CSO

CPSO

CTO

CNSO

Question 36 (1 point)

Saved

The goal of the _____ is to resolve any pending project-related issues, critique the overall effort of
the project, and draw conclusions about how to improve the project management process for the
future.

Question 36 options:

direct changeover

project wrap-up

phased implementation

pilot implementation

Question 37 (1 point)

Saved

A proven method for prioritizing a program of complex change is the bull’s-eye method. _____

Question 37 options:

True

False

Question 38 (1 point)

Saved

The ISSEP concentration allows CISSP certificate holders to demonstrate expert knowledge of all of
the following except _____.

Question 38 options:
systems security engineering

technical management

international laws

certification and accreditation/risk management framework

Question 39 (1 point)

Saved

Many hiring managers in information security prefer to recruit a security professional


who already has proven HR skills and professional experience, since qualified candidates with
information security experience are scarce. _____

Question 39 options:

True

False

Question 40 (1 point)

Saved

Performance management is the process of identifying and controlling the resources applied to a
project as well as measuring progress and adjusting the process as progress is made toward the goal.
_____

Question 40 options:

True

False

You might also like