Cissp Study Guide

67657 Words271 Pages
ISC CISSP ISC CISSP Certified Information Systems Security Professional Practice Test Version ISC CISSP: Practice Exam QUESTION NO: 1 All of the following are basic components of a security policy EXCEPT the A. definition of the issue and statement of relevant terms. B. statement of roles and responsibilities C. statement of applicability and compliance requirements. D. statement of performance of characteristics and requirements. Answer: D Explanation: Policies are considered the first and highest level of documentation, from which the lower level elements of standards, procedures, and guidelines flow. This order , however, does not mean that policies are more important than the lower elements. These higher-level policies,…show more content…
So that external bodies will recognize the organizations commitment to security. D. So that they can be held legally accountable. Answer: A Explanation: This really does not a reference as it should be known. Upper management is legally accountable (up to 290 million fine). External organizations answer is not really to pertinent (however it stated that other organizations will respect a BCP and disaster recover plan). Employees need to be bound to the policy regardless of who signs it but it gives validity. Ownership is the correct answer in this statement. However, here is a reference. "Fundamentally important to any security program 's success us the senior management 's high-level statement of commitment to the information security policy process and a senior management 's understanding of how important security controls and protections are to the enterprise 's continuity. Senior management must be "Pass Any Exam. Any Time." - 4 Ac tua lTe sts Explanation: Information security policies are high-level plans that describe the goals of the procedures or controls. Policies describe security in general, not specifics. They provide the blueprint fro an overall security program just as a specification defines your next product. - Roberta Bragg CISSP Certification Training Guide (que) pg 587 .co m ISC CISSP: Practice Exam aware of the importance of security implementation to preserve the organization 's viability (and for their own 'due care
Open Document