Chapter 14

Question 1

DoD Directive 8570.01

Answer 1

“Information Assurance Training, Certification and Workforce Management”

Affects any DoD facility or contractor organization

Ensures that all personnel who are directly involved with information security possess security certifications

Question 2

DoD Directive 8140

Answer 2

A new, operationally focused cybersecurity training framework

Will replace the 8570.01 directive

Developed by the Defense Information Systems Agency (DISA)

Question 3

Roles identified by the 8140 directive include:

Answer 3

Security provision
Operate and maintain
Protect and defend
Analyze
Operate and collect
Oversight and development
Investigate

Question 4

U.S. DoD/NSA Training Standards

Answer 4

Are actually training requirements for specific job responsibilities

Developed by the CNSS and NSTISS committees

Provide guidance for course and professional certification vendors to develop curriculum and materials that meet DoD/NSA requirements

Question 5

NSTISS-4011

Answer 5

National Training Standard for Information Systems Security (InfoSec) Professionals

Question 6

CNSS-4012

Answer 6

National Information Assurance Training Standard for Senior System Managers

Question 7

CNSS-4013

Answer 7

National Information Assurance Training Standard for System Administrators (SA)

Question 8

CNSS-4014

Answer 8

Information Assurance Officer (IAO) Training NSTISSC-4015 National Training Standard for System Certifiers

Question 9

CNSS-4016

Answer 9

National Information Assurance Training Standard for Risk Analysts

Question 10

Vendor-Neutral Professional Certifications

Answer 10

A certification is an official statement that validates the fact that a person has satisfied specific job requirements, including:

Possessing a certain level of experience
Completing a course of study
Passing an examination

Question 11

Seven Main (ISC)^2 Certifications

Answer 11

Systems Security Certified Practitioner (SSCP)

Certified Information Systems Security Professional (CISSP)

Certified Authorization Professional (CAP)

Certified Secure Software Lifecycle Professional (CSSLP)

Certified Cyber Forensics Professional (CCFP)

HealthCare Certified Information Security Privacy Practitioner (HCISPP)

Certified Cloud Security Professional (CCSP)

Question 12

SSCP

Answer 12

Covers the seven domains of best practices for information security

Question 13

CISSP

Answer 13

Demonstrates competence in the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK)

Question 14

CAP

Answer 14

Provides a method to measure the knowledge and skills of professionals involved in authorizing and maintaining information systems

Question 15

CSSLP

Answer 15

Evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications

Question 16

CCFP

Answer 16

Tests and evaluates professionals for the knowledge and skills necessary to perform and conduct a digital forensics investigation

Question 17

HCISPP

Answer 17

Tests and evaluates professionals for the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations

Question 18

CCSP

Answer 18

Tests and evaluates professionals for the knowledge and skills necessary to secure and manage cloud computing environments

Question 19

(Additional (ISC)^2 Professional Certifications)

Architecture (CISSP-ISSAP)

Answer 19

Two years of professional experience in the area of architecture; appropriate for chief security architects and analysts

Question 20

(Additional (ISC)^2 Professional Certifications)

Engineering (CISSP-ISSEP)

Answer 20

Road map for incorporating security into projects, applications, business processes, and all information systems

Question 21

(Additional (ISC)^2 Professional Certifications)

Management (CISSP-ISSMP)

Answer 21

Two years enterprise-wide security operations and management; contains deeper managerial elements

Question 22

Certified Internet Webmaster (CIW)

Answer 22

Credentials focus on both general and web-related security

Credentials that satisfy CIW requirements include:

(ISC)^2 SCCP or CISSP
Various GIAC credentials
CompTIA Security+
Several vendor-specific credentials

Question 23

CompTIA

Answer 23

Security+

• Globally recognized
• Entry-level information security certification of choice for IT professionals
• Meets the ISO 17024 standard and is approved by the DoD 8570.01-M requirements
• Is industry supported

CompTIA Advanced Security Practitioner (CASP)

Question 24

ISACA

Answer 24

Is a nonprofit global organization that promotes “the development, adoption, and use of globally accepted, industry leading knowledge and practices for information systems”

Provides security training at conferences and training events

Offers four certifications for IT security professionals: CISM, CISA, CGEIT, and CRISC

Question 25

Vendor-Specific Professional Certifications

Answer 25

Certifications offered by vendors of hardware and software products

Holding a certification for a specific vendor implies competence

If an applicant meets requirements for a certification, applicant has a certain level of knowledge and skills

Question 26

Cisco Systems

Answer 26

One of the largest manufacturers of network security devices and software

Offers a range of certifications for its networking products

Offers several different certification levels along different tracks that enable security professionals to focus efforts on specific knowledge and skills they need to get the most out of Cisco equipment

Question 27

Juniper Networks

Answer 27

Manufactures a variety of network security hardware and software

Offers a varied range of certifications for its networking product line

Four levels from 11 different tracks

Does not offer certifications at all levels for every track

Question 28

RSA

Answer 28

Global provider of security, risk, and compliance solutions for enterprise environments

Provides specific training and certifications to help security professionals use RSA products effectively

Offers certifications for RSA Archer and RSA SecurID

Question 29

Symantec

Answer 29

Provides a wide range of security software products

Offers certifications for its product lines, including:

Administration of Symantec NetBackup for UNIX
Administration of Symantec Enterprise Vault for Exchange
Administration of Symantec Endpoint Protection
Administration of Symantec NetBackup for Windows

Question 30

Check Point

Answer 30

Global manufacturer of network and security devices and software

Provides training and certification paths for security professionals to encourage highest level of knowledge and skills in the use of Check Point products

Requires that applicants pass an exam that involves 80 percent study materials and 20 percent hands-on experience