Security Exam Final Questions with correct Answers

True - Answer- (T/F)The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes. False - Answer- (T/F) In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure. True - Answer- (T/F) Planning for the implementation phase of a security project requires the creation of a detailed project plan. True - Answer- (T/F)Each organization has to determine its own project management methodology for IT and information security projects. FALSE - Answer- (T/F) The WBS can be prepared with a simple desktop PC word processing program. TRUE - Answer- (T/F) Planners need to estimate the effort required to complete each task, subtask, or action step. FALSE - Answer- (T/F) The first step in the WBS approach encompasses activities, but not deliverables. FALSE - Answer- (T/F) Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way. TRUE - Answer- (T/F) The budgets of public organizations are usually the product of legislation or public meetings. TRUE - Answer- (T/F) The need for qualified, trained, and available personnel constrains the project plan TRUE - Answer- (T/F) The size of the organization and the normal conduct of business may preclude a single large training program on new security procedures or technologies. TRUE - Answer- (T/F) When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change. FALSE - Answer- (T/F) All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan. TRUE - Answer- (T/F) The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. FALSE - Answer- (T/F) The networks layer of the bull's-eye is the outermost ring of the bull's eye. TRUE - Answer- (T/F) The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan. TRUE - Answer- (T/F) DMZ is the primary way to secure an organization's networks. FALSE - Answer- (T/F) Every organization needs to develop an information security department or program of its own. TRUE - Answer- (T/F) Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures. TRUE - Answer- (T/F) Weak management support, with overly delegated responsibility and no champion, sentences the project to almost-certain failure. TRUE - Answer- (T/F) The general management community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization. FALSE - Answer- (T/F) The information security function cannot be placed within protective services. TRUE - Answer- (T/F) In many organizations, information security teams lacks established roles and responsibilities. TRUE - Answer- (T/F) In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates. TRUE - Answer- (T/F) The use of standard job descriptions can increase the degree of professionalism in the information security field. FALSE - Answer- (T/F) Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes, performing all the day-to-day work. TRUE - Answer- (T/F) Security managers are accountable for the day-to-day operation of the information security program. FALSE - Answer- (T/F) The security manager position is much more general than that of CISO. TRUE - Answer- (T/F) The position of security technician can be offered as an entry-level position. FALSE - Answer- (T/F) All of the existing certifications are fully understood by hiring organizations. FALSE - Answer- (T/F) ISSEP was developed under a joint agreement between the FBI and the United States National Security Agency, Information Assurance Directorate. FALSE - Answer- (T/F)Each CISSP concentration exam consists of 25 to 50 questions. FALSE - Answer- (T/F) The SSCP covers ten domains. FALSE - Answer- (T/F) The SCNA track focuses on firewalls and intrusion detection. FALSE - Answer- (T/F) Information security should be visible to the users. TRUE - Answer- (T/F) The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions. FALSE - Answer- (T/F)In the business world, background checks determine the individual's level of security classification, a requirement for many positions. TRUE - Answer- (T/F) The organization should integrate the security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training. TRUE - Answer- (T/F) To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility. FALSE - Answer- (T/F)Organizations are not required by law to protect employee information that is sensitive or personal. FALSE - Answer- (T/F) The general management community of interest must plan for the proper staffing for the information security function. TRUE - Answer- (T/F) Upper management should learn more about the budgetary needs of the information security function and the positions within it TRUE - Answer- (T/F) If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well. TRUE - Answer- (T/F) Digital forensics helps the organization understand what happened and how. TRUE - Answer- (T/F) Over time, policies and procedures may become inadequate because of changes in agency mission and operational requirements, threats, or the environment. FALSE - Answer- (T/F) An effective security program demands comprehensive and continuous understanding of program and system configuration. FALSE - Answer- (T/F) Court decisions generally do not impact agency policy. FALSE - Answer- (T/F) When the amount of data stored on a particular hard drive averages 30-40% of available capacity for a prolonged period, consider an upgrade for the hard drive. FALSE - Answer- (T/F) Documentation procedures are not required for configuration and change management processes. FALSE - Answer- (T/F) A maintenance model such as the ISO model deals with methods to manage and operate systems. TRUE - Answer- (T/F) External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization. TRUE - Answer- (T/F) Ofte