Exam:CISSPTitle:CertifiedInformationSystemsSecurityProfessional(CISSP)Ver:04-24-06����CISSPCertGuaranteed.StudyHardandPassYourExamQUESTION1:AllofthefollowingarebasiccomponentsofasecuritypolicyEXCEPTtheA.definitionoftheissueandstatementofrelevantterms.B.statementofrolesandresponsibilitiesC.statementofapplicabilityandcompliancerequirements.D.statementofperformanceofcharacteristicsandrequirements.Answer:DPoliciesareconsideredthefirstandhighestlevelofdocumentation,fromwhichthelowerlevelelementsofstandards,procedures,andguidelinesflow.Thisorder,however,doesnotmeanthatpoliciesaremoreimportantthanthelowerelements.Thesehigher-levelpolicies,whicharethemoregeneralpoliciesandstatements,shouldbecreatedfirstintheprocessforstrategicreasons,andthenthemoretacticalelementscanfollow.-RonaldKrutzTheCISSPPREPGuide(goldedition)pg13QUESTION2:AsecuritypolicywouldincludeallofthefollowingEXCEPTA.BackgroundB.ScopestatementC.AuditrequirementsD.EnforcementAnswer:BQUESTION3:Whichoneofthefollowingisanimportantcharacteristicofaninformationsecuritypolicy?A.Identifiesmajorfunctionalareasofinformation.B.Quantifiestheeffectofthelossoftheinformation.C.Requirestheidentificationofinformationowners.D.Listsapplicationsthatsupportthebusinessfunction.Answer:AInformationsecuritypoliciesareahigh-levelplansthatdescribethegoalsoftheprocedures.Policiesarenotguidelinesorstandards,noraretheyproceduresorcontrols.Policiesdescribesecurityingeneralterms,notspecifics.Theyprovidetheblueprintsforanoverallsecurityprogramjustasaspecificationdefinesyournextproduct-RobertaBraggCISSPCertificationTrainingGuide(que)pg206CISSPCertGuaranteed.StudyHardandPassYourExamQUESTION4:EnsuringtheintegrityofbusinessinformationisthePRIMARYconcernofA.EncryptionSecurityB.ProceduralSecurity.C.LogicalSecurityD.On-lineSecurityAnswer:BProceduresarelookedatasthelowestlevelinthepolicychainbecausetheyareclosesttothecomputersandprovidedetailedstepsforconfigurationandinstallationissues.Theyprovidethestepstoactuallyimplementthestatementsinthepoli...
