Anda di halaman 1dari 37

Question 1

1 out of 1 points

The breadth and depth covered in each of the domains makes the ____ one of the most difcultto-attain certications on the market. Answer Selected Answer: 1. CISSP

Question 2
1 out of 1 points

The ____ layer of the bull's-eye model receives attention last. Answer Selected Answer: 3. Applications

Question 3
1 out of 1 points

____ is a cornerstone in the protection of information assets and in the prevention of nancial loss. Answer Selected Answer: 2. Separation of duties

Question 4
1 out of 1 points

The primary mailing list, called simply ____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the agship mailing list or any one of the entire family of its mailing lists. Answer Selected Answer: 2. Bugtraq

Question 5
1 out of 1 points

A ____ is usually the best approach to security project implementation. Answer Selected Answer: 4. phased implementation

Question 6
1 out of 1 points

____ sensors work when two contacts are connected as, for example, when a foot steps on a pressure-sensitive pad under a rug, or a window being opened triggers a pin-and-spring sensor. Answer Selected Answer: 4. Contact and weight

Question 7
1 out of 1 points

The information security function can be placed within the ____. Answer Selected Answer: 2. All of the above

Question 8
1 out of 1 points

The ____ methodology has been used by many organizations, requires that issues be addressed from the general to the specic, and that the focus be on systematic solutions instead of individual problems. Answer Selected Answer: 3. bulls-eye

Question 9
1 out of 1 points

The ____ vulnerability assessment process is designed to nd and document any vulnerability that is present on dial-up modems connected to the organizations networks. Answer Selected Answer: 1. modem

Question 10
1 out of 1 points

____ pen testing is usually used when a specic system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target. Answer Selected Answer: 3. White box

Question 11
1 out of 1 points

The date for sending the nal RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete. Answer Selected Answer: 4. milestone

Question 12
1 out of 1 points

The ____ position is typically considered the top information security ofcer in the organization. Answer Selected Answer: 2. CISO

Question 13
1 out of 1 points

The SSCP exam consists of ____ multiple-choice questions, and must be completed within three hours. Answer Selected Answer: 2. 125

Question 14
1 out of 1 points

A device that assures the delivery of electric power without interruption is a(n) ____. Answer Selected Answer: 4. UPS

Question 15
1 out of 1 points

____, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker). Answer Selected Answer: 1. Penetration testing

Question 16
1 out of 1 points

UPS devices typically run up to ____ VA. Answer Selected Answer: 4. 1,000

Question 17

1 out of 1 points

Public organizations often have ____ to spend all their remaining funds before the end of the scal year. Answer Selected Answer: 3. end-of-scal-year spend-a-thons

Question 18
1 out of 1 points

____ are a component of the security triple. Answer Selected Answer: 1. All of the above

Question 19
1 out of 1 points

____ involves a wide variety of computing sites that are distant from the base organizational facility and includes all forms of telecommuting. Answer Selected Answer: 4. Remote site computing

Question 20
1 out of 1 points

In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time. Answer Selected Answer: 1. rate-of-rise

Question 21
1 out of 1 points

____ is a simple planning tool. Answer Selected Answer: 4. WBS

Question 22
1 out of 1 points

Some cases of ____ are simple, such as requiring employees to use a new password beginning on an announced date. Answer Selected Answer: 1. direct changeover

Question 23
1 out of 1 points

____ are the real techies who create and install security solutions. Answer Selected Answer: 3. Builders

Question 24
1 out of 1 points

____ baselines are established for network trafc and also for rewall performance and IDPS performance. Answer Selected Answer: 2. Performance

Question 25
1 out of 1 points

Class ____ res are extinguished with non-conducting agents only. Answer Selected Answer: 3. C

Class ____ res are extinguished with non-conducting agents only. Answer Selected Answer: 3. C

Question 26
1 out of 1 points

Interior walls reach only part way to the next oor, which leaves a space above the ceiling of the ofces but below the top of the storey. This space is called a(n) ____. Answer Selected Answer: 1. plenum

Question 27
1 out of 1 points

Most guards have clear ____ that help them to act decisively in unfamiliar situations. Answer Selected Answer: 4. SOPs

Question 28
1 out of 1 points

____ are the technically qualied individuals tasked to congure rewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organizations security technology is properly implemented. Answer Selected Answer: 3. Security technicians

Question 29
1 out of 1 points

One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment. Answer Selected Answer: 4. difference analysis

One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment. Answer Selected Answer: 4. difference analysis

Question 30
1 out of 1 points

The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future. Answer Selected Answer: 2. wrap-up

Question 31
1 out of 1 points

A(n) ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and veried prior to the development of the project plan. Answer Selected Answer: 2. CBA

Question 32
1 out of 1 points

One of the leading causes of damage to sensitive circuitry is ____. Answer Selected Answer: 1. ESD

Question 33
1 out of 1 points

The ____ level of the bulls-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate, it enables all other information security components to function correctly. Answer Selected Answer: 1. Policies

The ____ level of the bulls-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate, it enables all other information security components to function correctly. Answer Selected Answer: 1. Policies

Question 34
1 out of 1 points

Many organizations use a(n) ____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employees tenure in the organization. Answer Selected Answer: 2. exit

Question 35
1 out of 1 points

The ____ involves collecting information about an organizations objectives, its technical architecture, and its information security environment. Answer Selected Answer: 2. SecSDLC

Question 36
1 out of 1 points

____ are hired by the organization to serve in a temporary position or to supplement the existing workforce. Answer Selected Answer: 3. Temporary employees

Question 37
1 out of 1 points

If the task is to write rewall specications for the preparation of a(n) ____, the planner would note that the deliverable is a specication document suitable for distribution to vendors. Answer Selected Answer: 2. RFP

Question 38
1 out of 1 points

Electronic monitoring includes ____ systems. Answer Selected Answer: 4. closed-circuit television

Question 39
1 out of 1 points

In the ____ process, measured results are compared to expected results. Answer Selected Answer: 4. negative feedback loop

Question 40
1 out of 1 points

A ____ is the recorded state of a particular revision of a software or hardware conguration item. Answer Selected Answer: 2. version

Question 41
1 out of 1 points

____ sensors project and detect an infrared beam across an area. Answer Selected Answer: 3. Photoelectric

____ sensors project and detect an infrared beam across an area. Answer Selected Answer: 3. Photoelectric

Question 42
1 out of 1 points

The Lewin change model consists of ____. Answer Selected Answer: 3. All of the above

Question 43
1 out of 1 points

____ are often involved in national security and cyber-security tasks and move from those environments into the more business-oriented world of information security. Answer Selected Answer: 3. Military personnel

Question 44
1 out of 1 points

The ____ examination is designed to provide CISSPs with a mechanism to demonstrate competence in the more in-depth and concentrated requirements of information security management. Answer Selected Answer: 2. ISSMP

Question 45
1 out of 1 points

System Administration, Networking, and Security Organization is better known as ____. Answer Selected Answer: 4. SANS

System Administration, Networking, and Security Organization is better known as ____. Answer Selected Answer: 4. SANS

Question 46
1 out of 1 points

Computing and other electrical equipment in areas where water can accumulate must be uniquely grounded, using ____ equipment. Answer Selected Answer: 1. GFCI

Question 47
1 out of 1 points

In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters. Answer Selected Answer: 3. line-interactive

Question 48
1 out of 1 points

The optimum approach for escalation is based on a thorough integration of the monitoring process into the ____. Answer Selected Answer: 1. IRP

Question 49
1 out of 1 points

Technology ____ guides how frequently technical systems are updated, and how technical updates are approved and funded. Answer Selected Answer: 2. governance

Technology ____ guides how frequently technical systems are updated, and how technical updates are approved and funded. Answer Selected Answer: 2. governance

Question 50
1 out of 1 points

____ allows for the major planning components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. Answer Selected Answer: 3. Program review

Question 51
1 out of 1 points

A study of information security positions, done by Schwartz, Erwin,Weafer, and Briney, found that positions can be classied into one of ____ areas. Answer Selected Answer: 1. three

Question 52
1 out of 1 points

____ sprinklers are the newest form of sprinkler systems and rely on ultra-ne mists instead of traditional shower-type systems. Answer Selected Answer: 1. Water mist

Question 53
1 out of 1 points

There are ____ common vulnerability assessment processes. Answer Selected Answer: 4. ve

There are ____ common vulnerability assessment processes. Answer Selected Answer: 4. ve

Question 54
1 out of 1 points

In a ____ implementation, the entire security system is put in place in a single ofce, department, or division, and issues that arise are dealt with before expanding to the rest of the organization. Answer Selected Answer: 4. pilot

Question 55
1 out of 1 points

As an alternative view of the way data ows into the monitoring process, a(n) ____ approach may prove useful. Answer Selected Answer: 2. DFD

Question 56
1 out of 1 points

____ is the requirement that every employee be able to perform the work of another employee. Answer Selected Answer: 4. Task rotation

Question 57
1 out of 1 points

The most sophisticated locks are ____ locks. Answer Selected Answer: 1. biometric

The most sophisticated locks are ____ locks. Answer Selected Answer: 1. biometric

Question 58
1 out of 1 points

Project managers can reduce resistance to change by involving employees in the project plan. In systems development, this is referred to as ____. Answer Selected Answer: 1. JAD

Question 59
1 out of 1 points

The applicant for the CISA must provide evidence of ____ years of professional work experience in the eld of information security, with a waiver or substitution of up to two years for education or previous certication. Answer Selected Answer: 1. ve

Question 60
1 out of 1 points

To evaluate the performance of a security system, administrators must establish system performance ____. Answer Selected Answer: 1. baselines

Question 61
1 out of 1 points

The ____ process is designed to nd and document the vulnerabilities that may be present because there are miscongured systems in use within the organization. Answer Selected Answer: 4. PSV

The ____ process is designed to nd and document the vulnerabilities that may be present because there are miscongured systems in use within the organization. Answer Selected Answer: 4. PSV

Question 62
1 out of 1 points

____ locks can be changed after they are put in service, allowing for combination or key changes without a locksmith and even allowing the owner to change to another access method (key or combination) to upgrade security. Answer Selected Answer: 4. Programmable

Question 63
1 out of 1 points

Fire ____ systems are devices installed and maintained to detect and respond to a re, potential re, or combustion danger situation. Answer Selected Answer: 3. suppression

Question 64
1 out of 1 points

When the memory usage associated with a particular CPU-based system averages ____% or more over prolonged periods, consider adding more memory. Answer Selected Answer: 1. 60

Question 65
1 out of 1 points

The steps of the Internet vulnerability assessment include ____, which is when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection. Answer Selected Answer: 1. scanning

Question 66
1 out of 1 points

____ is used to respond to network change requests and network architectural design proposals. Answer Selected Answer: 1. Network connectivity RA

Question 67
1 out of 1 points

A(n) ____ item is a hardware or software item that is to be modied and revised throughout its life cycle. Answer Selected Answer: 1. conguration

Question 68
1 out of 1 points

Detailed ____ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specic vulnerabilities reported. Answer Selected Answer: 1. intelligence

Question 69
1 out of 1 points

The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. Answer Selected Answer: 4. CERT/CC

Question 70
1 out of 1 points

____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter. Answer Selected Answer: 3. Tailgating

Question 71
1 out of 1 points

By managing the ____, the organization can reduce unintended consequences by having a process to resolve potential conict and disruption that uncoordinated change can introduce. Answer Selected Answer: 1. process of change

Question 72
1 out of 1 points

Class ____ res are extinguished by agents that remove oxygen from the re. Answer Selected Answer: 4. B

Question 73
1 out of 1 points

The ____ program focuses more on building trusted networks, including biometrics and PKI. Answer Selected Answer: 2. SCNA

Question 74
1 out of 1 points

A ____ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air. Answer Selected Answer: 3. dry-pipe

Question 75
1 out of 1 points

The model used often by large organizations places the information security department within the ____ department. Answer Selected Answer: 4. information technology

Question 76
1 out of 1 points

The ____ mailing list includes announcements and discussion of an open-source IDPS. Answer Selected Answer: 3. Snort-sigs

Question 77
1 out of 1 points

Many information security professionals enter the eld from traditional ____ assignments. Answer Selected Answer: 2. IT

Many information security professionals enter the eld from traditional ____ assignments. Answer Selected Answer: 2. IT

Question 78
1 out of 1 points

The ____ commercial site focuses on current security tool resources. Answer Selected Answer: 2. Packet Storm

Question 79
1 out of 1 points

____ was designed to recognize mastery of an international standard for information security and a common body of knowledge (sometimes called the CBK). Answer Selected Answer: 1. SSCP

Question 80
1 out of 1 points

The ____ vulnerability assessment process is designed to nd and document selected vulnerabilities that are likely to be present on the internal network of the organization. Answer Selected Answer: 4. intranet

Question 81
1 out of 1 points

The ____ list is intended to facilitate the development of a free network exploration tool. Answer Selected Answer: 1. Nmap-hackers

The ____ list is intended to facilitate the development of a free network exploration tool. Answer Selected Answer: 1. Nmap-hackers

Question 82
1 out of 1 points

The ____ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems. Answer Selected Answer: 2. Systems

Question 83
1 out of 1 points

Tasks or action steps that come after the task at hand are called ____. Answer Selected Answer: 4. successors

Question 84
1 out of 1 points

A(n) ____ is a statement of the boundaries of the RA. Answer Selected Answer: 3. scope

Question 85
1 out of 1 points

In recent years, the ____ certication program has added a set of concentration exams. Answer Selected Answer: 4. CISSP

Question 86
1 out of 1 points

Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed. Answer Selected Answer: 2. True

Question 87
1 out of 1 points

All of the existing certications are fully understood by hiring organizations. Answer Selected Answer: 1. False

Question 88
1 out of 1 points

The SSCP covers ten domains. Answer Selected Answer: 2. False

Question 89
1 out of 1 points

Water damage does not affect computer systems. Answer Selected Answer: 2. False

Question 90

1 out of 1 points

DMZ is the primary way to secure an organizations networks. Answer Selected Answer: 1. True

Question 91
0 out of 1 points

Many publicly accessible information sources, both mailing lists and Web sites, are available to those organizations and individuals who have the time, expertise, and nances to make use of them. Answer Selected Answer: 2. True

Question 92
1 out of 1 points

The SCNA track focuses on rewalls and intrusion detection. Answer Selected Answer: 2. False

Question 93
1 out of 1 points

Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes, performing all the day-to-day work. Answer Selected Answer: 1. False

Question 94
1 out of 1 points

An effective security program demands comprehensive and continuous understanding of program and system conguration. Answer Selected Answer: 2. False

Question 95
1 out of 1 points

Weak management support, with overly delegated responsibility and no champion, sentences the project to almost-certain failure. Answer Selected Answer: 1. True

Question 96
1 out of 1 points

When the lock of a door fails and the door becomes unlocked, it is classied as a fail-secure lock. Answer Selected Answer: 2. False

Question 97
1 out of 1 points

Digital forensics helps the organization understand what happened and how. Answer Selected Answer: 1. True

Question 98
1 out of 1 points

The security manager position is much more general than that of CISO. Answer Selected Answer: 1. False

The security manager position is much more general than that of CISO. Answer Selected Answer: 1. False

Question 99
1 out of 1 points

A wet-pipe system is usually considered appropriate in computer rooms. Answer Selected Answer: 1. False

Question 100
1 out of 1 points

Planners need to estimate the effort required to complete each task, subtask, or action step. Answer Selected Answer: 2. True

Question 101
1 out of 1 points

The need for qualied, trained, and available personnel constrains the project plan. Answer Selected Answer: 1. True

Question 102
1 out of 1 points

Carbon dioxide systems rob re of its oxygen. Answer Selected Answer: 2. True

Question 103
1 out of 1 points

There are very few qualied and professional agencies that provide physical security consulting and services. Answer Selected Answer: 2. False

Question 104
1 out of 1 points

The value of internal monitoring is low when the resulting knowledge of the network and systems conguration is fed into the vulnerability assessment and remediation maintenance domain. Answer Selected Answer: 2. False

Question 105
1 out of 1 points

The information security function cannot be placed within protective services. Answer Selected Answer: 1. False

Question 106
1 out of 1 points

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability. Answer Selected Answer: 2. True

Question 107
1 out of 1 points

Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures. Answer Selected Answer: 2. True

Question 108
0 out of 1 points

Organizations are not required by law to protect employee information that is sensitive or personal. Answer Selected Answer: 2. True

Question 109
1 out of 1 points

The position of security technician can be offered as an entry-level position. Answer Selected Answer: 1. True

Question 110
1 out of 1 points

Security managers are accountable for the day-to-day operation of the information security program. Answer Selected Answer: 1. True

Question 111
1 out of 1 points

When an estimate is awed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reect the change. Answer Selected Answer: 1. True

Question 112
1 out of 1 points

The general management community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization. Answer Selected Answer: 1. True

Question 113
1 out of 1 points

True online UPS can deliver a constant, smooth, conditioned power stream to computing systems. Answer Selected Answer: 2. True

Question 114
1 out of 1 points

There are three methods of data interception: direct observation, interception of data transmission, and mechanical interception. Answer Selected Answer: 1. False

Question 115
1 out of 1 points

The primary drawback to the direct changeover approach is that if the new system fails or needs modication, users may be without services while the systems bugs are worked out. Answer Selected Answer: 1. True

Question 116
1 out of 1 points

The networks layer of the bulls-eye is the outermost ring of the bulls eye. Answer Selected Answer: 1. False

Question 117
1 out of 1 points

Often, US-CERT is viewed as the denitive authority for computer emergency response teams. Answer Selected Answer: 1. True

Question 118
1 out of 1 points

Each CISSP concentration exam consists of 25 to 50 questions. Answer Selected Answer: 1. False

Question 119

0 out of 1 points

In the business world, background checks determine the individuals level of security classication, a requirement for many positions. Answer Selected Answer: 1. True

Question 120
1 out of 1 points

The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes. Answer Selected Answer: 2. True

Question 121
1 out of 1 points

The bulls-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan. Answer Selected Answer: 2. True

Question 122
1 out of 1 points

The vulnerability database, like the risk, threat, and attack database, both stores and tracks information. Answer Selected Answer: 1. True

Question 123

1 out of 1 points

In general, ESD damage to chips produces two types of failures: immediate and latent. Answer Selected Answer: 1. True

Question 124
1 out of 1 points

Court decisions generally do not impact agency policy. Answer Selected Answer: 1. False

Question 125
0 out of 1 points

All telephone numbers controlled by an organization should be tested for modem vulnerability, unless the conguration of the phone equipment on premises can assure that no number can be dialed from the worldwide telephone system. Answer Selected Answer: 1. True

Question 126
1 out of 1 points

In general, the design phase is accomplished by changing the conguration and operation of the organizations information systems to make them more secure. Answer Selected Answer: 2. False

Question 127
1 out of 1 points

The rst step in the WBS approach encompasses activities, but not deliverables. Answer Selected Answer: 2. False

Question 128
1 out of 1 points

In some instances, risk is acknowledged as being part of an organizations business process. Answer Selected Answer: 2. True

Question 129
0 out of 1 points

When the amount of data stored on a particular hard drive averages 30-40% of available capacity for a prolonged period, consider an upgrade for the hard drive. Answer Selected Answer: 1. True

Question 130
1 out of 1 points

For laptops, there are burglar alarms made up of a PC card or other device that contains a motion detector. Answer Selected Answer: 1. True

Question 131
0 out of 1 points

While the temperature of ignition, or re point, depends upon the material, it can be as low as a few hundred degrees. Answer Selected Answer: 2. True

While the temperature of ignition, or re point, depends upon the material, it can be as low as a few hundred degrees. Answer Selected Answer: 2. True

Question 132
1 out of 1 points

Documentation procedures are not required for conguration and change management processes. Answer Selected Answer: 1. False

Question 133
1 out of 1 points

The characteristics concerned with manufacturer and software versions are about technical functionality, and they should be kept highly accurate and up-to-date. Answer Selected Answer: 1. True

Question 134
1 out of 1 points

The target selection step involves using the external monitoring intelligence to congure a test engine (such as Nessus) for the tests to be performed. Answer Selected Answer: 2. False

Question 135
1 out of 1 points

Water-based systems are low cost, nontoxic, and can often be created by using an existing sprinkler system that may have been present in earlier construction. Answer Selected Answer: 1. True

Water-based systems are low cost, nontoxic, and can often be created by using an existing sprinkler system that may have been present in earlier construction. Answer Selected Answer: 1. True

Question 136
0 out of 1 points

The WBS can be prepared with a simple desktop PC word processing program. Answer Selected Answer: 1. True

Question 137
1 out of 1 points

To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility. Answer Selected Answer: 1. True

Question 138
1 out of 1 points

A name badge is typically worn concealed. Answer Selected Answer: 1. False

Question 139
0 out of 1 points

The capacity of UPS devices is measured using the volt output rating. Answer Selected Answer: 1. True

The capacity of UPS devices is measured using the volt output rating. Answer Selected Answer: 1. True

Question 140
1 out of 1 points

In most cases, organizations look for a technically qualied information security generalist who has a solid understanding of how an organization operates. Answer Selected Answer: 2. True

Question 141
1 out of 1 points

The size of the organization and the normal conduct of business may preclude a single large training program on new security procedures or technologies. Answer Selected Answer: 2. True

Question 142
1 out of 1 points

Over time, policies and procedures may become inadequate because of changes in agency mission and operational requirements, threats, or the environment. Answer Selected Answer: 2. True

Question 143
1 out of 1 points

Fire detection systems fall into two general categories: manual and electrical. Answer Selected Answer: 1. False

Fire detection systems fall into two general categories: manual and electrical. Answer Selected Answer: 1. False

Question 144
0 out of 1 points

Threats cannot be removed without requiring a repair of the vulnerability. Answer Selected Answer: 2. True

Question 145
1 out of 1 points

Each for-prot organization determines its capital budget and the rules for managing capital spending and expenses the same way. Answer Selected Answer: 2. False

Question 146
1 out of 1 points

An intranet scan starts with an Internet search engine. Answer Selected Answer: 2. False

Question 147
1 out of 1 points

Each organization has to determine its own project management methodology for IT and information security projects. Answer Selected Answer: 1. True

Question 148
1 out of 1 points

The use of standard job descriptions can increase the degree of professionalism in the information security eld. Answer Selected Answer: 2. True

Question 149
1 out of 1 points

The organization should integrate the security awareness education into a new hires ongoing job orientation and make it a part of every employees on-the-job security training. Answer Selected Answer: 2. True

Question 150
1 out of 1 points

External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization. Answer Selected Answer: 2. True