Management of Information Security 4th Edition by Michael E. Whitman, Herbert J. Mattord – Test Bank

MULTIPLE CHOICE

1. To move the InfoSec discipline forward, organizations should take all but which of the following steps?
a. learn more about the requirements and qualifications for InfoSec and IT positions c. insist all mid-level and upper-level management take introductory InfoSec courses
b. learn more about InfoSec budgetary and personnel needs d. grant the InfoSec function an appropriate level of influence and prestige

ANS: C PTS: 1 REF: 402

2. Employees who create and install security solutions fall under which classification of InfoSec positions?
a. definers c. builders
b. administers d. analyzers

ANS: C PTS: 1 REF: 403

3. Which of the following is typically true about the CISO position?
a. business managers first and technologists second c. develop appropriate InfoSec policies, standards, guidelines, and procedures
b. accountable for the day-to-day operation of all or part of the InfoSec program d. technically qualified individual who
may configure firewalls and IDPSs

ANS: A PTS: 1 REF: 404

4. Ideally, a candidate for the CISO position should have experience in what other InfoSec position?
a. security officer c. security technician
b. security consultant d. security manager

ANS: D PTS: 1 REF: 404

5. Which of the following InfoSec positions is responsible for the day-to-day operation of the InfoSec program?
a. CISO c. security officer
b. security manager d. security technician

ANS: B PTS: 1 REF: 409

6. CISO’s should follow six key principles to shape their careers. Which of the following is NOT among those six principles?
a. business engagement c. relationship management
b. service delivery d. technical excellence

ANS: D PTS: 1 REF: 409

7. Which of the following is NOT a typical task performed by the security technician?
a. configure firewalls and IDPSs c. coordinate with systems and network administrators
b. participate in short-term and long-term planning d. specialize in advanced security appliances

ANS: B PTS: 1 REF: 411

8. Which of the following is a responsibility of an information security department manager?
a. offering technical information security consulting services to network administrators
b. running vulnerability identification software packages
c. preparing postmortem analyses of information security breaches
d. training Access Control System administrators to set up firewalls

ANS: C PTS: 1 REF: 405-406

9. Which of the following is a responsibility of an InfoSec technician?
a. developing InfoSec requirements for the organization
b. providing hands-on technical consulting services to teams of technical specialists
c. establishing procedures for the identification of information assets
d. managing the development of InfoSec policies

ANS: B PTS: 1 REF: 412

10. Which of the following job titles with InfoSec elements is part of the IT community of interest?
a. access control system administrator c. physical asset protection specialist
b. local InfoSec coordinator d. help desk specialist

ANS: D PTS: 1 REF: 414-415

11. Which security certification is considered the most prestigious for security managers and CISOs?
a. CISSP c. SSCP
b. GIAC d. SCP

ANS: A PTS: 1 REF: 416

12. Which of the following is a domain of the CISSP certification?
a. cryptography c. monitoring and analysis
b. risk, response, and recovery d. malicious code and activity

ANS: A PTS: 1 REF: 400

13. Which of the following is NOT a CISSP concentration?
a. ISSAP c. ISSMP
b. ISACA d. ISSEP

ANS: B PTS: 1 REF: 417

14. Which certification program has certifications that require the applicant to complete a written practical assignment that tests the applicant’s ability to apply skills and knowledge.
a. GIAC c. CRISC
b. CGEIT d. CISA

ANS: A PTS: 1 REF: 422

15. Which of the following is NOT among the areas covered as part of the Certified Computer Examiner (CCE) certification process?
a. server hardware construction and theory
b. general computer hardware used in data collection
c. ethics in practice
d. forensics data seizure procedures

ANS: A PTS: 1 REF: 425

16. Before hiring security personnel, which of the following should be conducted before the organization extends an offer to any candidate, regardless of job level?
a. new hire orientation c. exit interview
b. covert surveillance d. background check

ANS: D PTS: 1 REF: 429

17. Which of the following is NOT a task that must be performed if an employee is terminated?
a. former employee must return all media
b. former employee’s home computer must be audited
c. former employee’s office computer must be secured
d. former employee should be escorted from the premises

ANS: B PTS: 1 REF: 431

18. Which of the following is NOT a common type of background check that may be performed on a potential employee?
a. identity check c. motor vehicle records
b. political activism d. drug history

ANS: B PTS: 1 REF: 429-430

19. Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?
a. task rotation c. separation of duties
b. two-man control d. job rotation

ANS: C PTS: 1 REF: 432

20. Which of the following policies requires that two individuals review and approve each other’s work before the task is considered complete?
a. task rotation c. separation of duties
b. two-person control d. job rotation

ANS: B PTS: 1 REF: 432