Exam:CISSPTitle:CertifiedInformationSystemsSecurityProfessional(CISSP)Ver:10.12.06CISSPActualtests.com-ThePowerofKnowingQUESTION1:AllofthefollowingarebasiccomponentsofasecuritypolicyEXCEPTtheA.definitionoftheissueandstatementofrelevantterms.B.statementofrolesandresponsibilitiesC.statementofapplicabilityandcompliancerequirements.D.statementofperformanceofcharacteristicsandrequirements.Answer:DPoliciesareconsideredthefirstandhighestlevelofdocumentation,fromwhichthelowerlevelelementsofstandards,procedures,andguidelinesflow.Thisorder,however,doesnotmeanthatpoliciesaremoreimportantthanthelowerelements.Thesehigher-levelpolicies,whicharethemoregeneralpoliciesandstatements,shouldbecreatedfirstintheprocessforstrategicreasons,andthenthemoretacticalelementscanfollow.-RonaldKrutzTheCISSPPREPGuide(goldedition)pg13QUESTION2:AsecuritypolicywouldincludeallofthefollowingEXCEPTA.BackgroundB.ScopestatementC.AuditrequirementsD.EnforcementAnswer:BQUESTION3:Whichoneofthefollowingisanimportantcharacteristicofaninformationsecuritypolicy?A.Identifiesmajorfunctionalareasofinformation.B.Quantifiestheeffectofthelossoftheinformation.C.Requirestheidentificationofinformationowners.D.Listsapplicationsthatsupportthebusinessfunction.Answer:AInformationsecuritypoliciesareahigh-levelplansthatdescribethegoalsoftheprocedures.Policiesarenotguidelinesorstandards,noraretheyproceduresorcontrols.Policiesdescribesecurityingeneralterms,notspecifics.Theyprovidetheblueprintsforanoverallsecurityprogramjustasaspecificationdefinesyournextproduct-RobertaBraggCISSPCertificationTrainingGuide(que)pg206CISSPActualtests.com-ThePowerofKnowingQUESTION4:EnsuringtheintegrityofbusinessinformationisthePRIMARYconcernofA.EncryptionSecurityB.ProceduralSecurity.C.LogicalSecurityD.On-lineSecurityAnswer:BProceduresarelookedatasthelowestlevelinthepolicychainbecausetheyareclosesttothecomputersandprovidedetailedstepsforconfigurationandinstallationissues.Theyprovidethestepstoactuallyimplementthestatementsinthepolicies,standards,andguidelines...Securityprocedures,standards,measures,practices,andpoliciescoveranumberofdifferentsubjectareas.-ShonHarrisAll-in-oneCISSPCertificationGuidepg44-45QUESTION5:Whichofthefollowingwouldbethefirststepinestablishinganinformationsecurityprogram?A.)AdoptionofacorporateinformationsecuritypolicystatementB.)DevelopmentandimplementationofaninformationsecuritystandardsmanualC.)Developmentofasecurityawareness-trainingprogramD.)PurchaseofsecurityaccesscontrolsoftwareAnswer:AQUESTION6:Whichofthefollowingdepartmentmanagerswouldbebestsuitedtooverseethedevelopmentofaninformationsecuritypolicy?A.)InformationSystemsB.)HumanResourcesC.)BusinessoperationsD.)SecurityadministrationAnswer:CQUESTION7:Whatisthefunctionofacorporateinformationsecuritypolicy?A.Issuecorporatestandardtobeusedwhenaddressingspecificsecurityproblems.B.Issueguidelinesinselectingequipment,configuration,design,andsecureoperations.C.Definethespecificassetstobeprotectedandidentifythespecifictaskswhichmustbecompletedtosecurethem.CISSPActualtests.com-ThePowerofKnowingD.Definethemainsecurityobjectiveswhichmustbeachievedandthesecurityframeworktomeetbusinessobjectives.Answer:DInformationsecuritypoliciesarehigh-levelplansthatdescribethegoalsoftheproceduresorcontrols.Policiesdescribesecurityingeneral,notspecifics.Theyprovidetheblueprintfroanoverallsecurityprogramjustasaspecificationdefinesyournextproduct.-RobertaBraggCISSPCertificationTrainingGuide(que)pg587QUESTION8:Whymustseniormanagementendorseasecuritypolicy?A.Sothattheywillacceptownershipforsecuritywithintheorganization.B.Sothatemployeeswillfollowthepolicydirectives.C.Sothatexternalbodieswillrecognizetheorganizationscommitmenttosecurity.D.Sothattheycanbeheldlegallyaccountable.Answer:AThisreallydoesnotareferenceasitshouldbeknown.Uppermanagementislegallyaccountable(upto290millionfine).Externalorganizationsanswerisnotreallytopertinent(howeveritstatedthatotherorganizationswillrespectaBCPanddisasterrecoverplan).Employeesneedtobeboundtothepolicyregardlessofwhosignsitbutitgivesvalidity.Ownershipisthecorrectanswerinthisstatement.However,hereisareference.Fundamentallyimportanttoanysecurityprogram'ssuccessustheseniormanagement'shigh-levelstatementofcommitmenttotheinformationsecuritypolicyprocessandaseniormanagement'sunderstandingofhowimportantsecuritycontrolsandprotectionsaretotheenterprise'scontinuity.Seniormanagementmustbeawareoftheimportanceofsecurityimplementationtopreservetheorganization'sviability(andfortheirown'duecare'protection)andmustpubliclysupportthatprocessthroughouttheenterprise.-RonaldKrutzTheCISSPPREPGuide(goldedition)pg13QUESTION9:InwhichoneofthefollowingdocumentsistheassignmentofindividualrolesandresponsibilitiesMOSTappropriatelydefined?A.SecuritypolicyB.EnforcementguidelinesC.AcceptableusepolicyD.ProgrammanualCISSPActualtests.com-ThePowerofKnowingAnswer:CAnacceptableusepolicyisadocumentthattheemployeesignsinwhichtheexpectations,rolesandresponsibilitiesareoutlined.Issue-specificpoliciesaddressspecificsecurityissuesthatmanagementfeelsneedmor