Quiz 14 - Information Security Professional Certification

Document Content and Description Below

Quiz 14 - Information Security Professional Certification What organization offers a variety of security certifications that are focused on the requirements of auditors? - ANS - ISACA Colin is a s... oftware developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose? - ANS - Certified Secure Software Lifecycle Professional (CSSLP) What DoD directive requires that information security professionals in the government earn professional certifications? - ANS - 8140 How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? - ANS - 8 Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact? - ANS - International Council of E-Commerce Consultants (ECCouncil) Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities? - ANS - GIAC Certified Forensic Examiner (GCFE) Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her? - ANS - Security+ What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012? - ANS - Senior System Manager Which of the following Cisco certifications demonstrates the most advanced level of security knowledge? - ANS - Cisco Certified Internetwork Expert (CCIE) Security Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications? - ANS - Certified Information Security Manager (CISM) What certification organization began as an offshoot of the SANS Institute training programs? - ANS - Global Information Assurance Certification (GIAC) Rod has been a Certified Information Systems Security Professional (CISSP) for 10 years. He would like to earn an advanced certification that demonstrates his ability in information security architecture. Which of the following CISSP concentrations would meet Rod's needs? - ANS - CISSP-ISSAP Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices? - ANS - CCSA What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4016? - ANS - Risk Analysts Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard? - ANS - Certified Information Security Manager (CISM) Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC)2 certification. Which certification is most appropriate for his needs? - ANS - Systems Security Certified Practitioner (SSCP) Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals? - ANS - Certified Information Systems Security Professional (CISSP) What certification focuses on information systems audit, control, and security professionals? - ANS - Certified Information Systems Auditor (CISA) How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations? - ANS - Two Which of the following is NOT a role described in DoD Directive 8140, which covers cybersecurity training? - ANS - Attack CompTIA Security+ is an entry-level security certification. - ANS - True. A GIAC credential holder may submit a technical paper that covers an important area of information security. If the paper is accepted, it adds the Gold credential to the base GIAC credential. - ANS - True. The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems. - ANS - False. The Certified Secure Software Lifecycle Professional (CSSLP) is one of the few credentials that address developing secure software. The CSSLP credential evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications. The HealthCare Certified Information Security and Privacy Practitioner (HCISPP) credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations. - ANS - True. Cisco offers certifications only at the Associate, Professional, and Expert levels. - ANS - False. • Entry • Associate • Professional • Expert • Architect The CISSP-ISSEP concentration requires that a candidate demonstrate two years of professional experience in the area of architecture. - ANS - False. The ISSMP concentration requires that a candidate demonstrate two years of professional experience in the area of enterprise-wide security operations and management. Symantec offers vendor-neutral certifications as well as certifications for its product lines. - ANS - False. RSA is a global provider of security, risk, and compliance solutions for enterprise environments. - ANS - True. One requirement of the GIAC Security Expert (GSE) credential is that candidates must hold three GIAC credentials, with two of the credentials being Gold. - ANS - True. The Certified Cloud Security Professional (CCSP) certification was created by both (ISC)2 and the Cloud Security Alliance (CSA). - ANS - True. The (ISC)2 Systems Security Certified Practitioner (SSCP) credential covers the seven domains of best practices for information security. - ANS - True. Information Systems Security Certification Consortium, Inc. (ISC)2 is the baseline for federal and DoD work-role definitions. - ANS - False. The National Initiative for Cybersecurity Education (NICE) will be the baseline for federal and DoD work-role definitions Juniper Networks offers vendor-specific certifications. - ANS - True. A certification is an official statement that validates that a person has satisfied specific job requirements. - ANS - True. A common method for identifying what skills a security professional possesses is his or her level of certification. - ANS - True. DoD and NSA have adopted several training standards to serve as a pathway to satisfy Directive 8140. Although they are called standards, they are really training requirements for specific job responsibilities. - ANS - True. Certified Internet Webmaster (CIW) offers several credentials that focus on both general and webrelated security. - ANS - True. DoD Directive 8570.01 is a voluntary certification requirement. - ANS - False. DoD Directive 8570.01 requires "all DoD personnel and contractors who conduct information assurance functions in assigned duty positions to achieve very specific levels of certification." Defense Information Systems Agency (DISA) is the agency arm of the U.S. Department of Defense that provides information technology and communications support to the White House, Secretary of Defense, and all military sectors that contribute to the defense of the United States of America. - ANS - True. The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements. - ANS - False. The CRISC certification applies to a wide range of security professionals. This certification focuses on the knowledge and skills required to design, deploy, monitor, and manage security controls to address risk. CRISC addresses all risk management areas, including identification, assessment, response, and monitoring. [Show More]

Last updated: 2 years ago

Preview 1 out of 5 pages