Exam:CISSPTitle:CertifiedInformationSystemsSecurityProfessional(CISSP)�����������Ver:07-07-06�����CISSPActualtests.com-ThePowerofKnowingQUESTION1:AllofthefollowingarebasiccomponentsofasecuritypolicyEXCEPTtheA.definitionoftheissueandstatementofrelevantterms.B.statementofrolesandresponsibilitiesC.statementofapplicabilityandcompliancerequirements.D.statementofperformanceofcharacteristicsandrequirements.Answer:DPoliciesareconsideredthefirstandhighestlevelofdocumentation,fromwhichthelowerlevelelementsofstandards,procedures,andguidelinesflow.Thisorder,however,doesnotmeanthatpoliciesaremoreimportantthanthelowerelements.Thesehigher-levelpolicies,whicharethemoregeneralpoliciesandstatements,shouldbecreatedfirstintheprocessforstrategicreasons,andthenthemoretacticalelementscanfollow.-RonaldKrutzTheCISSPPREPGuide(goldedition)pg13QUESTION2:AsecuritypolicywouldincludeallofthefollowingEXCEPTA.BackgroundB.ScopestatementC.AuditrequirementsD.EnforcementAnswer:BQUESTION3:Whichoneofthefollowingisanimportantcharacteristicofaninformationsecuritypolicy?A.Identifiesmajorfunctionalareasofinformation.B.Quantifiestheeffectofthelossoftheinformation.C.Requirestheidentificationofinformationowners.D.Listsapplicationsthatsupportthebusinessfunction.Answer:AInformationsecuritypoliciesareahigh-levelplansthatdescribethegoalsoftheprocedures.Policiesarenotguidelinesorstandards,noraretheyproceduresorcontrols.Policiesdescribesecurityingeneralterms,notspecifics.Theyprovidetheblueprintsforanoverallsecurityprogramjustasaspecificationdefinesyournextproduct-RobertaBraggCISSPCertificationTrainingGuide(que)pg206CISSPActualtests.com-ThePowerofKnowingQUESTION4:EnsuringtheintegrityofbusinessinformationisthePRIMARYconcernofA.EncryptionSecurityB.ProceduralSecurity.C.LogicalSecurityD.On-lineSecurityAnswer:BProceduresarelookedatasthelowestlevelinthepolicychainbecausetheyareclosesttothecomputersandprovidedetailedstepsforconfigurationandinstallationissues.Theyprovidethestepstoactuallyimplementthestateme...
