ISC2 was formed to certify industry professionals and practitioners in an international information security standard, ensure credentials are maintained through continuing education, and maintain a Common Body of Knowledge for network and information security. The CBK contains 10 domains: Security Management Practices, Risk Identification, Monitoring and Analysis, Access Control Systems and Methodology, Cryptography, Physical Security, Telecommunications, Network and Internet Security, Business Continuity and Disaster Recovery, Application Development Security, and Operations Security. The Cryptological domain includes principles, means, and methods to disguise information to assure confidentiality, integrity, and authenticity.
ISC2 was formed to certify industry professionals and practitioners in an international information security standard, ensure credentials are maintained through continuing education, and maintain a Common Body of Knowledge for network and information security. The CBK contains 10 domains: Security Management Practices, Risk Identification, Monitoring and Analysis, Access Control Systems and Methodology, Cryptography, Physical Security, Telecommunications, Network and Internet Security, Business Continuity and Disaster Recovery, Application Development Security, and Operations Security. The Cryptological domain includes principles, means, and methods to disguise information to assure confidentiality, integrity, and authenticity.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online from Scribd
ISC2 was formed to certify industry professionals and practitioners in an international information security standard, ensure credentials are maintained through continuing education, and maintain a Common Body of Knowledge for network and information security. The CBK contains 10 domains: Security Management Practices, Risk Identification, Monitoring and Analysis, Access Control Systems and Methodology, Cryptography, Physical Security, Telecommunications, Network and Internet Security, Business Continuity and Disaster Recovery, Application Development Security, and Operations Security. The Cryptological domain includes principles, means, and methods to disguise information to assure confidentiality, integrity, and authenticity.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online from Scribd
ISC2 was formed for which of the following purposes
A) certifying industry professionals and practitioners in an international IS st andard B) all of the above C) ensuring credentials are maintained, primarily through continuing education D) maintaining a Common Body of Knowledge for network and information security Feedback: See page 41. Feedback: See page 41.Points Earned: 0.0/1.0 Correct Answer(s): B
2. The Business Continuity domain includes:
A) plans for recovering business operations in the event of loss of access by pe rsonnel Feedback: See page 44. B) documented plans for interacting with law enforcement C) maintenance of current versions of all software in use by the organization D) management practices to determine business risks Feedback: See page 44.Points Earned: 1.0/1.0 Correct Answer(s): A
3. The Physical Security domain includes:
A) a code of conduct for employees B) perimeter security controls and protection mechanisms C) data center controls and specifications for physically secure operations D) Both answers "B" and "C" Feedback: See pages 44 and 45.Points Earned: 0.0/1.0 Correct Answer(s): D
4. The Network Security Architecture and Models domain includes:
A) concepts and principles for secure designs of computing B) concepts and principles for secure application development C) concepts and principles for secure programs D) concepts and principles for secure operations Feedback: See page 43.Points Earned: 0.0/1.0 Correct Answer(s): A
5. People more interested in certifying themselves as security technical prac
titioners should consider preparing for which of the following? A) CISA B) CISSP Feedback: See page 48. C) CISM D) GAIC Feedback: See page 48.Points Earned: 0.0/1.0 Correct Answer(s): D 6. The CBK contains: A) 9 domains B) 7 domains C) 5 domains D) 3 domains E) 10 domains F) 11 domains G) 6 domains Feedback: See page 42.Points Earned: 1.0/1.0 Correct Answer(s): E
7. The Application Development Security domain includes:
A) a quality assurance testing of custom-developed software B) a recipe book for developers to follow in building secure applications C) a language guide on programming security functions D) an outline for the software development environment to address security conce rns Feedback: See page 47.Points Earned: 0.0/1.0 Correct Answer(s): D
8. The Access Control Systems and Methodology domain includes:
A) a methodology for applications development B) instructions on how to install perimeter door security C) a methodology for secure network/data center operations D) a collection of mechanisms to create secure architectures for asset protectio n Feedback: See page 45.Points Earned: 0.0/1.0 Correct Answer(s): D
9. Security Management Practices domain includes:
A) identification of security products B) documented policies, standards, procedures, and guidelines C) management of risks to corporate assests D) answers B and C only Feedback: See page 43.Points Earned: 0.0/1.0 Correct Answer(s): D
10. The Operation Security domain includes:
A) a mechanism to detect a physical intrusion into a data center Feedback: See page 45. B) identification of procedural controls over hardware, media, and personnel C) evidence collection and preservation for computer crimes D) password management Feedback: See page 45.Points Earned: 0.0/1.0 Correct Answer(s): B 11. The Telecommunications, Network, and Internet Security domain includes: A) technology, principles, and best practices to secure telephone networks B) technology, principles, and best practices to secure corporate data networks C) technology, principles, and best practices to secure Internet attached networ ks D) All of the above Feedback: See page 46.Points Earned: 1.0/1.0 Correct Answer(s): D
12. The Law, Investigation, and Ethics domain includes:
A) a council to determine the ethical behavior of security personnel B) methods to investigate computer crime incidents Feedback: See page 44. C) teams of lawyers to determine the legality of security decisions D) private law enforcement personnel Feedback: See page 44.Points Earned: 1.0/1.0 Correct Answer(s): B
13. People more interested in certifying themselves as security experts in a
business context should consider preparing for which certification? A) CompTIA's Security + and GIAC B) Symantec Technology Architect and CompTIA's Security + C) CISA and CISM D) GAIC and Cisco Firewall Specialist Feedback: See page 47. Feedback: See page 47.Points Earned: 0.0/1.0 Correct Answer(s): C
14. The network/information security Common Body of Knowledge is
ISC2 A) a compilation and distillation of all security information collected internat ionally of relevance to network/information security professionals B) a volume of books published by ISC2 C) an encyclopedia of information security principles, best practices, and regul ations D) a reference list of books and other publications put together by practitioner s in network/information security Feedback: See Page 42.Points Earned: 0.0/1.0 Correct Answer(s): A
15. The Cryptological domain includes:
A) tools and techniques to intercept competitor's secrets B) principles, means, and methods to disguise information to assure confidential ity, integrity, and authenticity C) procedures on how to protect Internet communications D) procedures on how to discover cryptographic keys Feedback: See page 46 Feedback: See page 46Points Earned: 0.0/1.0 Correct Answer(s): B