Exam (elaborations)
CISSP Questions And Accurate Answers (A+)
- Course
- Institution
CISSP Questions And Accurate Answers (A+)...
[Show more]
Content preview
CISSP Questions And Accurate Answers (A+)All of the following are basic components of a security policy EXCEPT the
A. definition of the issue and statement of relevant terms.
B. statement of roles and responsibilities
C. statement of applicability and compliance requirements.
D. statement of performance of characteristics and requirements. - Answer D
Explanation/Reference:
: Policies are considered the first and highest level of documentation, from which the
lower level elements of standards, procedures, and guidelines flow. This order,
but not that policies carry more weight than the lower level components. These higher
level policies, the more general policies and statements,
should be written first in the process for strategic reasons and then the more tactical
elements follow.-Ronald Krutz The CISSP PREP Guide (gold edition) pg
13
A security policy would include all of the following EXCEPT
A. Background
B. Scope statement
C. Audit requirements
D. Enforcement - Answer B
Which of the following is a key attribute of an information security policy?
A. Identifies major functional areas of information.
B. Quantifies the effect of the loss of the information.
C. Requires the identification of information owners.
,D. Lists applications that support the business function. - Answer A
Explanation/Reference:
: Information security policies area high-level plans that describe the goals of the
procedures. Policies are not guidelines or standards, nor are they procedures or
controls. Policies describe security in general terms, not specifics. They provide the
blueprints for an overall security program just as a specification defines your
next product - Roberta Bragg CISSP Certification Training Guide (que) pg 206
Why must senior management endorse a security policy?
A. So that they will accept ownership for security within the organization.
B. So that employees will follow the policy directives.
C. So that external bodies will recognize the organisations commitment to security.
D. So that they can be held legally accountable. - Answer A
What does the following define about the intent of a system security policy?
A. A definition of the particular settings that have been determined to provide optimum
security.
B. A brief, high-level statement defining what is and is not permitted during the
operation of the system.
C. A definition of those items that must be excluded on the system.
D. A listing of tools and applications that will be used to protect the system. - Answer A
When developing a policy for information security, which of the following MUST be done
FIRST?
A. Copies of mandatory legislation are obtained.
B. Approval from management is sought.
C. Other divisions agree to accept.
D. Policy is demonstrated not to conflict with current working practices. - Answer B
, Which of the following is NOT part of what should be included in a computer policy?
A. Definition of management expectations.
B. Accountability of individuals and groups regarding the information to be protected
C. Statement of senior executive support
D. Definition of Legal and Regulatory Controls - Answer B
Which one of the following is NOT one of the simple or basic elements of a Regulatory
Security Policy?
A. What shall be done.
B. When it shall be done.
C. Who shall do it.
D. Why it is to be done - Answer C
Which one of the following statements describes management controls that are
instituted to implement a security policy?
A. They prevent users from accessing any control function.
B. They eliminate the need for most auditing functions.
C. They may be administrative, procedural, or technical.
D. They are generally inexpensive to implement. - Answer C
Which of the following must bear the primary responsibility for determining the needed
level of protection for information systems resources?
A. IS security specialists
B. Senior Management
C. Seniors security analysts
D. system auditors - Answer B
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
82191 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now