Question 1

In the early stages of planning,the project planner should attempt to specify completion dates only for major employees within the project._________________________

Accepted Answer

milestones

Question 2

Threats from insiders are more likely in a small organization than in a large one.

Accepted Answer

Insider threats can occur in organizations of any size, but large organizations often have more employees, which statistically increases the potential for insider threats due to the larger pool of insiders and potentially more complex systems and processes that might be harder to monitor effectively.

Question 3

Which of the following variables is the most influential in determining how to structure an information security program?&#160;&#10;A)&#160;Security capital budget&#10;B)&#160;Organizational size&#160;&#10;C)&#160;Security personnel budget&#10;D)&#160;Organizational culture

Accepted Answer

Organizational culture is the most influential variable in determining how to structure an information security program because it shapes employee behavior towards security and determines the level of importance given to security initiatives. Other variables such as budget and size may also impact the structure, but they are not as influential as organizational culture.

Question 4

Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk?&#160;&#10;A)&#160;Risk management&#10;B)&#160;Risk assessment&#160;&#10;C)&#160;Systems testing&#10;D)&#160;Vulnerability assessment

Accepted Answer

The answer of Which of the following functions includes identifying...

Question 5

Which of the following would be responsible for configuring firewalls and IDPSs,implementing security software,and diagnosing and troubleshooting problems?&#160;&#10;A)&#160;A security technician&#10;B)&#160;A security analyst&#160;&#10;C)&#160;A security consultant&#10;D)&#160;The security manager

Accepted Answer

Configuring firewalls and IDPSs, implementing security software, and diagnosing and troubleshooting problems are typical responsibilities of a security technician. They are responsible for implementing and maintaining security solutions as directed by security policies and standards.

Question 6

The work breakdown structure (WBS)can only be prepared with a complex specialized desktop PC application.

Accepted Answer

The work breakdown structure (WBS) can be prepared using a variety of software applications, including Microsoft Excel, Microsoft Project, and online tools such as Trello or Asana. These applications are readily available and can be used on desktops, laptops, and even mobile devices.

Question 7

Most information security projects require a trained project developer._________________________

Accepted Answer

manager

Question 8

Which of the following is true about the security staffing,budget,and needs of a medium-sized organization?&#160;&#10;A)&#160;they have a larger security staff than a small organization&#160;&#10;B)&#160;they have a larger security budget (as percent of IT budget) than a small organization&#160;&#10;C)&#160;they have a smaller security budget (as percent of IT budget) than a large organization&#160;&#10;D)&#160;they have larger information security needs than a small organization

Accepted Answer

The answer of Which of the following is true about...

Question 9

Small organizations spend more per user on security than medium- and large-sized organizations.

Accepted Answer

Small organizations have less resources to devote to security, which often results in higher costs per user. Large organizations may have the resources to invest in more cost-effective security solutions.

Question 10

Which function needed to implement the information security program includes researching,creating,maintaining,and promoting information security plans?&#160;&#10;A)&#160;compliance&#10;B)&#160;policy&#160;&#10;C)&#160;planning&#10;D)&#160;systems security administration

Accepted Answer

Planning is the function that involves researching, creating, maintaining, and promoting information security plans. Compliance refers to ensuring adherence to policies and regulations, policy is a statement of intent, and systems security administration involves implementing and managing security controls.

Question 11

GGG security is commonly used to describe which aspect of security?&#160;&#10;A)&#160;technical&#10;B)&#160;software&#160;&#10;C)&#160;physical&#10;D)&#160;theoretical

Accepted Answer

The answer of GGG security is commonly used to describe...

Question 12

Planners need to estimate the effort required to complete each task,subtask,or action step.

Accepted Answer

The answer of Planners need to estimate the effort required...

Question 13

On-the-job training can result in substandard work performance while the trainee gets up to speed.

Accepted Answer

The answer of On-the-job training can result in substandard work...

Question 14

Legal assessment for the implementation of the information security program is almost always done by the information security or IT departments.

Accepted Answer

The answer of Legal assessment for the implementation of the...

Question 15

The security education,training,and awareness (SETA)program is designed to reduce the occurence of external security attacks.

Accepted Answer

The answer of The security education,training,and awareness (SETA)program is designed...

Question 16

A task or subtask becomes a(n)action step when it can be completed by one individual or skill set and when it includes a single deliverable._________________________

Accepted Answer

The answer of A task or subtask becomes a(n)action step...

Question 17

Each organization has to determine its own project management methodology for IT and information security projects.

Accepted Answer

The answer of Each organization has to determine its own...

Question 18

Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation?&#160;&#10;A)&#160;policy&#160;&#10;B)&#160;centralized authentication&#160;&#10;C)&#160;compliance/audit&#160;&#10;D)&#160;risk management

Accepted Answer

The answer of Which of the following is NOT among...

Question 19

Which of the following functions needed to implement the information security program evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness?

A) Systems testing
B) Risk assessment
C) Incident response
D) Systems security administration

Accepted Answer

The answer of Which of the following functions needed to...

Question 20

The first step in the work breakdown structure (WBS)approach encompasses activities,but not deliverables.

Accepted Answer

The answer of The first step in the work breakdown...

Question 21

Which of the following is an advantage of the formal class method of training?&#160;&#10;A)&#160;Personal&#160;&#10;B)&#160;Self-paced, can go as fast or as slow as the trainee needs&#160;&#10;C)&#160;Can be scheduled to fit the needs of the trainee&#160;&#10;D)&#160;Interaction with trainer is possible

Accepted Answer

The answer of Which of the following is an advantage...

Question 22

An organization's information security program refers to the&#160;entire set of activities,resources,personnel,and technologies used by an organization to manage the risks to the information&#160; _______ of the organization.

Accepted Answer

The answer of An organization's information security program refers to...

Question 23

A(n)____________________ is a specific point in the project plan when a task that has a noticeable impact on plan's the progress is complete.

Accepted Answer

The answer of A(n)____________________ is a specific point in the...

Question 24

Which of the following is true about a company's InfoSec awareness Web site?&#160;&#10;A)&#160;it should contain large images to maintain interest&#160;&#10;B)&#160;appearance doesn't matter if the information is there&#160;&#10;C)&#160;it should be placed on the Internet for public use&#160;&#10;D)&#160;it should be tested with multiple browsers

Accepted Answer

The answer of Which of the following is true about...

Question 25

Which of the following is a disadvantage of the one-on-one training method?&#160;&#10;A)&#160;Inflexible&#160;&#10;B)&#160;May not be responsive to the needs of all the trainees&#160;&#10;C)&#160;Content may not be customized to the needs of the organization&#160;&#10;D)&#160;Resource intensive, to the point of being inefficient

Accepted Answer

The answer of Which of the following is a disadvantage...

Question 26

__________ is a simple project management planning tool.&#10;A)&#160;RFP&#10;B)&#160;WBS&#160;&#10;C)&#160;ISO 17799&#10;D)&#160;SDLC

Accepted Answer

The answer of __________ is a simple project management planning...

Question 27

Which of the following is the first step in the process of implementing training?&#160;&#10;A)&#160;Identify training staff&#160;&#10;B)&#160;Identify target audiences&#160;&#10;C)&#160;Identify program scope, goals, and objectives&#160;&#10;D)&#160;Motivate management and employees

Accepted Answer

The answer of Which of the following is the first...

Question 28

What is the SETA program designed to do?&#160;&#10;A)&#160;reduce the occurrence of external attacks&#160;&#10;B)&#160;improve operations&#160;&#10;C)&#160;reduce the occurence of accidental security breaches&#160;&#10;D)&#160;increase the efficiency of InfoSec staff

Accepted Answer

The answer of What is the SETA program designed to...

Question 29

Which of the following is the most cost-effective method for disseminating security information and news to employees?&#160;&#10;A)&#160;distance learning seminars&#10;B)&#160;security-themed Web site&#160;&#10;C)&#160;conference calls&#10;D)&#160;security newsletter

Accepted Answer

The answer of Which of the following is the most...

Question 30

The information security ____________________ is usually brought in when the organization makes the decision to outsource one or more aspects of its security program.

Accepted Answer

The answer of The information security ____________________ is usually brought...

Question 31

Which of the following is an advantage of the one-on-one method of training?&#160;&#10;A)&#160;Trainees can learn from each other&#10;B)&#160;Very cost-effective&#160;&#10;C)&#160;Customized&#10;D)&#160;Maximizes use of company resources

Accepted Answer

The answer of Which of the following is an advantage...

Question 32

Advanced technical training can be selected or developed based on which of the following?&#160;&#10;A)&#160;level of previous education&#10;B)&#160;level of previous training&#160;&#10;C)&#160;technology product&#10;D)&#160;number of employees

Accepted Answer

The answer of Advanced technical training can be selected or...

Question 33

The purpose of SETA is to enhance security in all but which of the following ways?&#160;&#10;A)&#160;by building in-depth knowledge&#160;&#10;B)&#160;by adding barriers&#160;&#10;C)&#160;by developing skills&#160;&#10;D)&#160;by improving awareness

Accepted Answer

The answer of The purpose of SETA is to enhance...

Question 34

An organization carries out a risk ____________________ function to evaluate risks present in IT initiatives and/or systems.

Accepted Answer

The answer of An organization carries out a risk ____________________...

Question 35

A SETA program consists of three elements: security education,security training,and which of the following?.&#10;A)&#160;security accountability&#10;B)&#160;security authentication&#160;&#10;C)&#160;security awareness&#10;D)&#160;security authorization

Accepted Answer

The answer of A SETA program consists of three elements:...

Question 36

Which of the following is an advantage of the user support group form of training?&#160;&#10;A)&#160;Usually conducted in an informal social setting&#160;&#10;B)&#160;Formal training plan&#160;&#10;C)&#160;Can be live, or can be archived and viewed at the trainee's convenience&#160;&#10;D)&#160;Can be customized to the needs of the trainee

Accepted Answer

The answer of Which of the following is an advantage...

Question 37

A study of information security positions found that positions can be classified into one of three types: ____________________ are the real technical types,who create and install security solutions.

Accepted Answer

The answer of A study of information security positions found...

Question 38

Which of the following is NOT a step in the process of implementing training?&#160;&#10;A)&#160;administer the program&#160;&#10;B)&#160;hire expert consultants&#160;&#10;C)&#160;motivate management and employees&#160;&#10;D)&#160;identify target audiences

Accepted Answer

The answer of Which of the following is NOT a...

Question 39

The ____________________ program is designed to reduce the occurrence of accidental security breaches by members of the organization.

Accepted Answer

The answer of The ____________________ program is designed to reduce...

Question 40

Project ____________________&#160;is a&#160;description of a project's features,capabilities,functions,and quality level,used as the basis of a project plan.

Accepted Answer

The answer of Project ____________________&#160;is a&#160;description of a project's features,capabilities,functions,and...

Question 41

What is the purpose of a security awareness program?&#160;&#160;What advantage does an awareness program have for the InfoSec program?

Accepted Answer

The answer of What is the purpose of a security...

Question 42

____________________ is a phenomenon in which the project manager spends more time documenting project tasks,collecting performance measurements,recording project task information,and updating project completion forecasts than in accomplishing meaningful project work.

Accepted Answer

The answer of ____________________ is a phenomenon in which the...

Question 43

The three methods for selecting or developing advanced technical training are by job category,by job function,and by ____________________.

Accepted Answer

The answer of The three methods for selecting or developing...

Question 44

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;Occurs when a project manager spends more time working in the project management software than accomplishing meaningful project work.

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 45

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;&#8203;

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 46

What is the security education,training,and awareness program? Describe how the program aims to enhance security.

Accepted Answer

The answer of What is the security education,training,and awareness program?...

Question 47

The goal of a security ____________________ program is to keep information security at the forefront of users' minds on a daily basis.

Accepted Answer

The answer of The goal of a security ____________________ program...

Question 48

What are some of the variables that determine how a given organization chooses to construct its InfoSec program?

Accepted Answer

The answer of What are some of the variables that...

Question 49

Explain the conflict between the goals and objectives of the CIO and the CISO.

Accepted Answer

The answer of Explain the conflict between the goals and...

Question 50

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;In larger organizations,responsible for some aspect of information security; in smaller organizations,this title may be assigned&#160;to the only or senior security administrator.

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 51

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;&#8203;

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 52

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;A program designed to&#160;improve the security of information assets by providing targeted information,skills,and guidance&#160;for organizational employees.

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 53

What is the role of help desk personnel in the InfoSec team?

Accepted Answer

The answer of What is the role of help desk...

Question 54

The project planner should describe the skills or personnel needed for a task,often referred to as a(n)____________________,needed to accomplish a task.

Accepted Answer

The answer of The project planner should describe the skills...

Question 55

What is the Chief Information Security Office primarily responsible for?

Accepted Answer

The answer of What is the Chief Information Security Office...

Question 56

List the steps of the seven-step methodology for implementing training.

Accepted Answer

The answer of List the steps of the seven-step methodology...

Question 57

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;Entry-level InfoSec professional responsible for the routine&#160;monitoring and operation of a particular InfoSec technology.

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 58

Which security functions are normally performed by IT groups outside the InfoSec area of management control?

Accepted Answer

The answer of Which security functions are normally performed by...

Question 59

What are the four areas into which it is recommended to separate the functions of security?

Accepted Answer

The answer of What are the four areas into which...

Question 60

What are the components of the security program element described as preparing for contingencies and disasters?

Accepted Answer

The answer of What are the components of the security...

Question 61

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;A diagramming technique designed to identify the sequence of tasks that make up the shortest elapsed time needed to complete a project.

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 62

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;&#8203;

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 63

a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security technicians&#10;j.&#160;security awareness program&#10;The expansion of the quantity or quality of project deliverables from the original project plan.

Accepted Answer

The answer of a.&#160;InfoSec program&#10;b.&#160;SETA&#10;c.&#160;scope creep&#10;d.&#160;security watchstander&#10;e.&#160;security manager&#10;f.&#160;CISO&#10;g.&#160;projectitis&#10;h.&#160;critical path method&#10;i.&#160;security...

Question 64

What minimum attributes for project tasks does the WBS document?

Accepted Answer

The answer of What minimum attributes for project tasks does...

Deck 5: Developing the Security Program