ISCCISSPISCCISSPCertifiedInformationSystemsSecurityProfessionalPracticeTestVersionActualTests.comQUESTIONNO:1AllofthefollowingarebasiccomponentsofasecuritypolicyEXCEPTtheA.definitionoftheissueandstatementofrelevantterms.B.statementofrolesandresponsibilitiesC.statementofapplicabilityandcompliancerequirements.D.statementofperformanceofcharacteristicsandrequirements.Answer:DExplanation:Policiesareconsideredthefirstandhighestlevelofdocumentation,fromwhichthelowerlevelelementsofstandards,procedures,andguidelinesflow.Thisorder,however,doesnotmeanthatpoliciesaremoreimportantthanthelowerelements.Thesehigher-levelpolicies,whicharethemoregeneralpoliciesandstatements,shouldbecreatedfirstintheprocessforstrategicreasons,andthenthemoretacticalelementscanfollow.-RonaldKrutzTheCISSPPREPGuide(goldedition)pg13QUESTIONNO:2AsecuritypolicywouldincludeallofthefollowingEXCEPTA.BackgroundB.ScopestatementC.AuditrequirementsD.EnforcementAnswer:BQUESTIONNO:3Whichoneofthefollowingisanimportantcharacteristicofaninformationsecuritypolicy?A.Identifiesmajorfunctionalareasofinformation.B.Quantifiestheeffectofthelossoftheinformation.C.Requirestheidentificationofinformationowners.D.Listsapplicationsthatsupportthebusinessfunction.Answer:AExplanation:Informationsecuritypoliciesareahigh-levelplansthatdescribethegoalsoftheprocedures.Policiesarenotguidelinesorstandards,noraretheyproceduresorcontrols.PoliciesdescribeISCCISSP:PracticeExam"PassAnyExam.AnyTime."-www.actualtests.com2ActualTests.comsecurityingeneralterms,notspecifics.Theyprovidetheblueprintsforanoverallsecurityprogramjustasaspecificationdefinesyournextproduct-RobertaBraggCISSPCertificationTrainingGuide(que)pg206QUESTIONNO:4EnsuringtheintegrityofbusinessinformationisthePRIMARYconcernofA.EncryptionSecurityB.ProceduralSecurity.C.LogicalSecurityD.On-lineSecurityAnswer:BExplanation:Proceduresarelookedatasthelowestlevelinthepolicychainbecausetheyareclosesttothecomputersandprovidedetailedstepsforconfigurationandinstallationissues.Theyprovidethestep...
