Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
NSA
The standard bachelor's degree is a __________ program.
four-year
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
continuing education
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?
Certificate of completion
One type of degree that many institutions offer is the associate's degree. This degree is the most accessible because it generally represents a _________ program.
two-year
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.
continuing education
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
professional development
What name is given to educational institutions that meet specific federal information assurance educational guidelines?
National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)
There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned." This is a disadvantage to choosing the self-study option that can be labeled _____
procrastination
________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
Accredited
Which of the following is the definition of continuing professional education (CPE)?
A standard unit of credit that equals 50 minutes of instruction.
With university doctoral programs, completing the degree requirements takes ________.
no standard time frame
A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree.
two
The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP�), Certified Information Systems Security Professional (CISSP�), Certified Authorization Professional (CAP�), and Certified Secure Software Lifecycle Professional
International Information Systems Security Certification Consortium, Inc. (ISC)2
DoD Directive 8570.01 is a voluntary certification requirement and has increased the number of personnel who pursue certifications.
False
(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.
Certified Secure Software Lifecycle Professional
The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.
True
(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best
Systems Security Certified Practitioner
The Infotec Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure.
True
The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.
CISSP-ISSMP�
Today, one of the most common methods for identifying what skills a security professional possesses is his or her level of certification.
True
The best fits for (ISC)2's_____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.
Certified Authorization Professional
CompTIA's Security+ certification provides ________.
Correct entry-level information security certification of choice for IT professionals
What term is used to describe any personally identifiable financial information that a consumer provides to a financial institution?
nonpublic personal information (NPI)
Which regulating agency has oversight for the Children's Internet Protection Act?
FCC
________ is information that is publicly available about all students at a school.
Directory information
FISMA requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________.
remedial action
Tier C violations under the HITECH Act are ________.
violations due to willful neglect that the organization ultimately corrected
____________ is a person's right to control the use and disclosure of his or her own personal information.
Privacy
Health plans, health care clearinghouses, and any health care provider that transmit PHI in an electronic form are known as ________ under HIPAA.
covered entities
What name is given to patient health information that is computer based?
electronic protected health information (EPHI)
The ________ is a regulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.
minimum necessary rule
The regulating agency for the Federal Information Systems Management Act is the ________.
Office of Management and Budge
Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance.
True
The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.
CISSP-ISSEP
Which is the highest level of Check Point certification for network security?
CCMA
The regulating agency for the Gramm-Leach-Bliley Act is the ________.
FTC
In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations.
Compliance
The regulating agency for the Sarbanes-Oxley Act is the ________.
Securities Exchange Commission
FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________.
Security Awareness Training
Information regulated under the Sarbanes-Oxley Act is ________.
Corporate Financial Information
Social Security numbers, financial account numbers, credit card numbers, and date of birth are examples of __________ as stipulated under GLBA.
NPI
What is meant by protected health information (PHI)?
Any individually identifiable information about the past, present, or future health of a person. It includes mental and physical health data.
FERPA allows a special category of personally identifiable information to be disclosed without student consent. A school can do this so long as it has given notice to the student that it will disclose this information. This category of information is call
directory information
The ________________,enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology.
HITECH Act
____________ creates standards that federal agencies use to classify their data and IT systems.
NIST
The regulating agency for the Family Educational Rights and Privacy Act is the ________.
U.S. Department of Education
_________ standards address a wide variety of topics, including power generation, power transmission and distribution, commercial and consumer electrical appliances, semiconductors, electromagnetics, batteries, solar energy, and telecommunications.
IEC
________ is an international security standard that documents a comprehensive set of controls that represent information systems best practices.
ISO/IEC 27000 series
Cascading Style Sheets (CSS), Common Gateway Interface (CGI), and Hypertext Markup Language (HTML) are standards developed or endorsed by the ____________.
W3C
What is the National Institute of Standards and Technology (NIST)?
A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality
The CompTIA Security+ certification requires how many years of professional experience?
..
During a meeting, somebody brings up a wireless LAN standard called 802.11ad. You could search Google, but instead you would rather go directly to the source. What organization is responsible for creating and managing the 802-series of standards?
Institute of Electrical and Electronic Engineers (IEEE)
While there is not yet a recognized program accreditation for cybersecurity, the NSA and Dept. of Homeland Security jointly sponsor programs that recognizes quality security education. The programs recognize research, information assurance education, and
The National Centers of Academic Excellence??
The purpose of DoD Directive _____________ is to reduce the possibility that unqualified personnel can gain access to secure information.
8570.01
A certification that focuses on a specific vendor's product or product line is known as _______________________. Examples include Cisco CCNA and Microsoft MCSE.
vendor-specific
________" refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
Accredited
Which of the following is the definition of continuing professional education (CPE)?
A standard unit of credit that equals 50 minutes of instruction. They are typically needed to maintain certification or licensing.
A graduate school wants to require a vendor-neutral security certification as one of the entrance requirements for its cybersecurity degree program. Which of the following would best meet that requirement?
CompTIA Security+
The International Information Systems Security Certification Consortium [usually abbreviated '(ISC)2'] considers the ____________ to be its flagship credential. It demonstrates competency in the eight domains of the (ISC)2 body of knowledge, such as Asset
CISSP
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.
continuing education