Question 211: In her research on the CISO role, Jinan Budge of Forrester Research noted that there are six distinct types of CISO, including those who thrive in a transformational business environment and others best suited to guiding their company to meet regulatory compliance requirements.
A. True
B. False
Correct Answer: A. True
Question 212: In its study of the CISO role, Forrester Research found that:
A. unlike CEOs, most CISOs have similar personalities.
B. most cybersecurity pros don’t aspire to the CISO role because it lacks variety.
C. incompatibility between CISOs and the companies they serve — poor CISO-company fit — is a significant driver of high CISO turnover rates.
D. most CISOs have a clear understanding of their strengths and the kinds of companies and situations in which they excel.
Correct Answer: C. incompatibility between CISOs and the companies they serve — poor CISO-company fit — is a significant driver of high CISO turnover rates.
Question 213: Nemertes Research CEO Johna Till Johnson suggests recruiting and developing in-house cybersecurity talent by:
A. hosting on-the-job training events, such as cybersecurity boot camps.
B. surveying existing employees beyond the security team to identify those with family members and friends who have the missing skills the company is hunting.
C. both.
D. neither.
Correct Answer: A. hosting on-the-job training events, such as cybersecurity boot camps.
Question 214: In our feature story on the six types of CISO, the post-breach CISO is one who:
A. exhibits a calm and process-oriented leadership style.
B. should expect to stay in a new role for a few years.
C. should consider moving on to a new position once a company has regained its equilibrium, following a breach.
D. all of the above.
E. none of the above.
Correct Answer: D. all of the above.
Question 215: According to cybsersecurity expert Michael Cobb, it’s essential to embed security by design throughout the software development process. But key challenges include:
A. getting senior management to realize their company is a likely target of cybercriminals.
B. making stakeholders understand that disregarding security in any part of the development lifecycle creates far-reaching vulnerabilities.
C. both.
D. neither.
Correct Answer: C. both.
Question 216: Only one in three employees understands that not securing laptops and mobile devices with password protection creates an enormous security risk.
A. True
B. False
Correct Answer: B. False
Question 217: The customer-facing evangelist CISO is typically:
A. quiet, calm and able to listen well to customers.
B. prone to advocate for aggressive investment in cybersecurity training.
C. one of the most problematic of CISO types.
D. a confident, charismatic leader who thrives in chaos and fast-paced environments.
Correct Answer: D. a confident, charismatic leader who thrives in chaos and fast-paced environments.
Question 218: Leading experts suggest improving cybersecurity awareness in the workplace by:
A. tailoring training to specific roles and using peer ambassadors to promote security messages.
B. measuring improvements in awareness, while docking pay for those who fail to improve.
C. enlisting marketing pros to help brand internal security training efforts.
D. a and b.
E. a and c.
F. none of the above.
Correct Answer: E. a and c.
Question 219: The term shift left refers to the practice of:
A. ignoring phishing emails that appear to come from left-leaning political candidates.
B. introducing security earlier in the development process.
C. educating payment specialists on how cybercriminals create deepfakes to steal company funds.
D. none of the above.
Correct Answer: B. introducing security earlier in the development process.
Question 220: In the cover story on cybersecurity awareness, CISO Christina Quaine outlines how she:
A. has learned to focus cybersecurity training on the most junior employees, who are the cause of most data breaches.
B. has learned to focus cybersecurity training on the most senior members of the security team because they are most likely to overestimate their ability to recognize potential threats.
C. takes a comprehensive approach to awareness training, which includes scheduled events, ongoing initiatives and techniques aimed at different types of learners.
D. none of the above.
Correct Answer: C. takes a comprehensive approach to awareness training, which includes scheduled events, ongoing initiatives and techniques aimed at different types of learners.