Management of Information Security 4th Edition by Michael E. Whitman, Herbert J. Mattord – Test Bank
1. To move the InfoSec discipline forward, organizations should take all but which of the following steps?
a. learn more about the requirements and qualifications for InfoSec and IT positions c. insist all mid-level and upper-level management take introductory InfoSec courses
b. learn more about InfoSec budgetary and personnel needs d. grant the InfoSec function an appropriate level of influence and prestige
ANS: C PTS: 1 REF: 402
2. Employees who create and install security solutions fall under which classification of InfoSec positions?
a. definers c. builders
b. administers d. analyzers
ANS: C PTS: 1 REF: 403
3. Which of the following is typically true about the CISO position?
a. business managers first and technologists second c. develop appropriate InfoSec policies, standards, guidelines, and procedures
b. accountable for the day-to-day operation of all or part of the InfoSec program d. technically qualified individual who
may configure firewalls and IDPSs
ANS: A PTS: 1 REF: 404
4. Ideally, a candidate for the CISO position should have experience in what other InfoSec position?
a. security officer c. security technician
b. security consultant d. security manager
ANS: D PTS: 1 REF: 404
5. Which of the following InfoSec positions is responsible for the day-to-day operation of the InfoSec program?
a. CISO c. security officer
b. security manager d. security technician
ANS: B PTS: 1 REF: 409
6. CISO’s should follow six key principles to shape their careers. Which of the following is NOT among those six principles?
a. business engagement c. relationship management
b. service delivery d. technical excellence
ANS: D PTS: 1 REF: 409
7. Which of the following is NOT a typical task performed by the security technician?
a. configure firewalls and IDPSs c. coordinate with systems and network administrators
b. participate in short-term and long-term planning d. specialize in advanced security appliances
ANS: B PTS: 1 REF: 411
8. Which of the following is a responsibility of an information security department manager?
a. offering technical information security consulting services to network administrators
b. running vulnerability identification software packages
c. preparing postmortem analyses of information security breaches
d. training Access Control System administrators to set up firewalls
ANS: C PTS: 1 REF: 405-406
9. Which of the following is a responsibility of an InfoSec technician?
a. developing InfoSec requirements for the organization
b. providing hands-on technical consulting services to teams of technical specialists
c. establishing procedures for the identification of information assets
d. managing the development of InfoSec policies
ANS: B PTS: 1 REF: 412
10. Which of the following job titles with InfoSec elements is part of the IT community of interest?
a. access control system administrator c. physical asset protection specialist
b. local InfoSec coordinator d. help desk specialist
ANS: D PTS: 1 REF: 414-415
11. Which security certification is considered the most prestigious for security managers and CISOs?
a. CISSP c. SSCP
b. GIAC d. SCP
ANS: A PTS: 1 REF: 416
12. Which of the following is a domain of the CISSP certification?
a. cryptography c. monitoring and analysis
b. risk, response, and recovery d. malicious code and activity
ANS: A PTS: 1 REF: 400
13. Which of the following is NOT a CISSP concentration?
a. ISSAP c. ISSMP
b. ISACA d. ISSEP
ANS: B PTS: 1 REF: 417
14. Which certification program has certifications that require the applicant to complete a written practical assignment that tests the applicant’s ability to apply skills and knowledge.
a. GIAC c. CRISC
b. CGEIT d. CISA
ANS: A PTS: 1 REF: 422
15. Which of the following is NOT among the areas covered as part of the Certified Computer Examiner (CCE) certification process?
a. server hardware construction and theory
b. general computer hardware used in data collection
c. ethics in practice
d. forensics data seizure procedures
ANS: A PTS: 1 REF: 425
16. Before hiring security personnel, which of the following should be conducted before the organization extends an offer to any candidate, regardless of job level?
a. new hire orientation c. exit interview
b. covert surveillance d. background check
ANS: D PTS: 1 REF: 429
17. Which of the following is NOT a task that must be performed if an employee is terminated?
a. former employee must return all media
b. former employee’s home computer must be audited
c. former employee’s office computer must be secured
d. former employee should be escorted from the premises
ANS: B PTS: 1 REF: 431
18. Which of the following is NOT a common type of background check that may be performed on a potential employee?
a. identity check c. motor vehicle records
b. political activism d. drug history
ANS: B PTS: 1 REF: 429-430
19. Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?
a. task rotation c. separation of duties
b. two-man control d. job rotation
ANS: C PTS: 1 REF: 432
20. Which of the following policies requires that two individuals review and approve each other’s work before the task is considered complete?
a. task rotation c. separation of duties
b. two-person control d. job rotation
ANS: B PTS: 1 REF: 432