homework 7 part 2

Lab Assessment Questions & Answers

1. Identify three vendor-centric professional certifi cations in security.

88 Lab #10 | Professional Information Systems Security Certifi cations—Charting Your Career Path

37524_Lab10_Pass3.indd 88 19/04/13 1:53 AM

Professional Information

Systems Security Certifications—

Charting Your Career Path

2. In the DoD 8570.01-M directive, which professional certifications map to the 8570.01-M directive?

3. From a career perspective, which professional certifications make sense for someone wishing to perform

intrusive, penetration tests?

4. What is the primary difference between the (ISC)2 SSCP® and CISSP® professional certifications from an

information systems security career path perspective?

5. Why do you think it is important to take both vendor and vendor neutral professional certification exams

for your career progression? Explain.

10

Assessment Worksheet 89

37524_Lab10_Pass3.indd 89 19/04/13 1:53 AM

6. Pick two professional certifications that you want to pursue and explain what the prerequisites are and in

what time frame in your career path you plan on achieving them.

7. Why would an organization that is not in the DoD but does business with the DoD choose to get its

employees certified using the measurement of the DoD 8570.01-M directive?

8. Explain in your own words what the significance of the (ISC)2 Code of Ethics implies to information

systems security professionals.

9. What IAT levels in the DoD 8570.01-M map to the hands-on, entry-level professional certifications:

Security+, SSCP®, SCNP, Network+, and GEAC?

10. At the IASAE level in the DoD 8570.01-M directive, what professional certification acts as the core

foundation for Levels I, II, and III?

90 Lab #10 | Professional Information Systems Security Certifications—Charting Your Career Path

37524_Lab10_Pass3.indd 90 19/04/13 1:53 AM

Professional Information

Systems Security Certifications—

Charting Your Career Path

11. What are two professional certifications that can be obtained for systems and network auditing and information

systems auditing?

12. If you just obtained a B.S. Degree in Information Systems Security and have one year of work experience

but less than five years of work experience in information systems security, which professional certification

from (ISC)2 would you be eligible for?

13. If you were pursuing a management position in information systems security or information assurance,

which professional certification would you obtain from (ISC)2?

14. When is it a good idea to have vendor professional certifications as opposed to vendor neutral?

15. If you were responsible for designing and configuring DMZs, firewalls, and IDS/IPS security solutions,

which vendor certifications would you consider?