Infosec Chapter 11-12 Exam Questions and Answers Already Passed Latest Update 2025-
2026
Chapter 11 - Answers
Many enter the field of information security from technical professionals such as _____ who find
themselves working on information security applications and processes more often than other
traditional IT assignments - Answers All of the above (programmers, networking experts of
system administrators, DBA)
_____ are hired by the organization to serve in a temporary position or to supplement the
existing workforce - Answers Temporary employees
_____ are technically qualified individuals tasked to configure firewalls, deploy IDSs, implement
security software, diagnose and troubleshoot problems, and coordinate with systems and
network administrators to ensure that an organization's security technology is properly
implemented. - Answers Security technicians
The use of standard job descriptions can increase the degree of professionalism in the
information security field - Answers True
The CISSP concentration concentrations are available for CISSPs to demonstrate knowledge
that is already a part of the CISSP CBK - Answers False
"Builders" in the filed of information security provide day-to-day systems monitoring and use to
support an organization's goals and objectives. - Answers False
ISSAP stands for Information Systems Security Architecture Professional - Answers True
The process of integrating information security perspectives into the hiring process begins with
reviewing and updating all job descriptions - Answers True
Existing information security-related certifications are typically well understood by those
responsible for hiring in the organizations - Answers False
Many hiring managers in information security prefer to recruit a security professional who
already has proven HR skills and professional experience, since qualified candidates with
information security experiences are scarce. - Answers False
The general management community of interest must work with the information security
professionals to integrate solid information security concepts into the personnel management
practices of the organization - Answers True
Security managers are accountable for the day-to-day operation of the information security
program - Answers True
"Administrators" provide the policies, guidelines, and standards in the Schwartz, Erwin, Weafer,
, and Briney classification - Answers True
The information security functions can be places within the _____ - Answers All of the above
(legal department, insurance and risk management function, administrative services function)
GIAC stands for Global Information Architecture Certification - Answers False
The CISA credential is touted by ISACA as the certification that is appropriate for all but which
type of professionals? - Answers Accounting
Which of the following is not one of the categories of positions as defined by Schwartz, Erwin,
Weafer, and Briney - Answers User
In recent years, the _____ certification program has added a set of concentration exams -
Answers CISSP
ISSMP stands for Information Systems Security Monitoring Professional - Answers False
A mandatory furlough provides the organizations with the ability to audit the work of an
individual - Answers False
Like the CISSP, the SSCP certification is more applicable to the security _____ than to the
security _____ - Answers Manager, technician
The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate
competence in _____ - Answers All of the above (business continuity planning and disaster
recovery planning, enterprise security management practices, security management practices)
System Administration, Networking, and Security Organization is better known as _____ -
Answers SANS
Organizations are not required by law to protect employee information that is sensitive or
personal - Answers False
ISACA touts the CISA certification as being appropriate for accounting, networking and security
professionals - Answers False
The organization should integrate the security awareness education into a new hire's ongoing
job orientation and make it a part of every employee's on-the-job security training - Answers
True
_____ is a cornerstone in the protection of information assets and in the prevention of financial
loss - Answers Separation of duties
To maintain a secure facility, all contract employees should be escorted from room to room, as
well as into and out of the facility - Answers True
2026
Chapter 11 - Answers
Many enter the field of information security from technical professionals such as _____ who find
themselves working on information security applications and processes more often than other
traditional IT assignments - Answers All of the above (programmers, networking experts of
system administrators, DBA)
_____ are hired by the organization to serve in a temporary position or to supplement the
existing workforce - Answers Temporary employees
_____ are technically qualified individuals tasked to configure firewalls, deploy IDSs, implement
security software, diagnose and troubleshoot problems, and coordinate with systems and
network administrators to ensure that an organization's security technology is properly
implemented. - Answers Security technicians
The use of standard job descriptions can increase the degree of professionalism in the
information security field - Answers True
The CISSP concentration concentrations are available for CISSPs to demonstrate knowledge
that is already a part of the CISSP CBK - Answers False
"Builders" in the filed of information security provide day-to-day systems monitoring and use to
support an organization's goals and objectives. - Answers False
ISSAP stands for Information Systems Security Architecture Professional - Answers True
The process of integrating information security perspectives into the hiring process begins with
reviewing and updating all job descriptions - Answers True
Existing information security-related certifications are typically well understood by those
responsible for hiring in the organizations - Answers False
Many hiring managers in information security prefer to recruit a security professional who
already has proven HR skills and professional experience, since qualified candidates with
information security experiences are scarce. - Answers False
The general management community of interest must work with the information security
professionals to integrate solid information security concepts into the personnel management
practices of the organization - Answers True
Security managers are accountable for the day-to-day operation of the information security
program - Answers True
"Administrators" provide the policies, guidelines, and standards in the Schwartz, Erwin, Weafer,
, and Briney classification - Answers True
The information security functions can be places within the _____ - Answers All of the above
(legal department, insurance and risk management function, administrative services function)
GIAC stands for Global Information Architecture Certification - Answers False
The CISA credential is touted by ISACA as the certification that is appropriate for all but which
type of professionals? - Answers Accounting
Which of the following is not one of the categories of positions as defined by Schwartz, Erwin,
Weafer, and Briney - Answers User
In recent years, the _____ certification program has added a set of concentration exams -
Answers CISSP
ISSMP stands for Information Systems Security Monitoring Professional - Answers False
A mandatory furlough provides the organizations with the ability to audit the work of an
individual - Answers False
Like the CISSP, the SSCP certification is more applicable to the security _____ than to the
security _____ - Answers Manager, technician
The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate
competence in _____ - Answers All of the above (business continuity planning and disaster
recovery planning, enterprise security management practices, security management practices)
System Administration, Networking, and Security Organization is better known as _____ -
Answers SANS
Organizations are not required by law to protect employee information that is sensitive or
personal - Answers False
ISACA touts the CISA certification as being appropriate for accounting, networking and security
professionals - Answers False
The organization should integrate the security awareness education into a new hire's ongoing
job orientation and make it a part of every employee's on-the-job security training - Answers
True
_____ is a cornerstone in the protection of information assets and in the prevention of financial
loss - Answers Separation of duties
To maintain a secure facility, all contract employees should be escorted from room to room, as
well as into and out of the facility - Answers True
