1400道CISSP考试模拟题(有答案,有解释)

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

Exam:CISSPTitle:CertifiedInformationSystemsSecurityProfessional(CISSP)Ver:10.12.06CISSPActualtests.com-ThePowerofKnowingQUESTION1:AllofthefollowingarebasiccomponentsofasecuritypolicyEXCEPTtheA.definitionoftheissueandstatementofrelevantterms.B.statementofrolesandresponsibilitiesC.statementofapplicabilityandcompliancerequirements.D.statementofperformanceofcharacteristicsandrequirements.Answer:DPoliciesareconsideredthefirstandhighestlevelofdocumentation,fromwhichthelowerlevelelementsofstandards,procedures,andguidelinesflow.Thisorder,however,doesnotmeanthatpoliciesaremoreimportantthanthelowerelements.Thesehigher-levelpolicies,whicharethemoregeneralpoliciesandstatements,shouldbecreatedfirstintheprocessforstrategicreasons,andthenthemoretacticalelementscanfollow.-RonaldKrutzTheCISSPPREPGuide(goldedition)pg13QUESTION2:AsecuritypolicywouldincludeallofthefollowingEXCEPTA.BackgroundB.ScopestatementC.AuditrequirementsD.EnforcementAnswer:BQUESTION3:Whichoneofthefollowingisanimportantcharacteristicofaninformationsecuritypolicy?A.Identifiesmajorfunctionalareasofinformation.B.Quantifiestheeffectofthelossoftheinformation.C.Requirestheidentificationofinformationowners.D.Listsapplicationsthatsupportthebusinessfunction.Answer:AInformationsecuritypoliciesareahigh-levelplansthatdescribethegoalsoftheprocedures.Policiesarenotguidelinesorstandards,noraretheyproceduresorcontrols.Policiesdescribesecurityingeneralterms,notspecifics.Theyprovidetheblueprintsforanoverallsecurityprogramjustasaspecificationdefinesyournextproduct-RobertaBraggCISSPCertificationTrainingGuide(que)pg206CISSPActualtests.com-ThePowerofKnowingQUESTION4:EnsuringtheintegrityofbusinessinformationisthePRIMARYconcernofA.EncryptionSecurityB.ProceduralSecurity.C.LogicalSecurityD.On-lineSecurityAnswer:BProceduresarelookedatasthelowestlevelinthepolicychainbecausetheyareclosesttothecomputersandprovidedetailedstepsforconfigurationandinstallationissues.Theyprovidethestepstoactuallyimplementthestatementsinthepolicies,standards,andguidelines...Securityprocedures,standards,measures,practices,andpoliciescoveranumberofdifferentsubjectareas.-ShonHarrisAll-in-oneCISSPCertificationGuidepg44-45QUESTION5:Whichofthefollowingwouldbethefirststepinestablishinganinformationsecurityprogram?A.)AdoptionofacorporateinformationsecuritypolicystatementB.)DevelopmentandimplementationofaninformationsecuritystandardsmanualC.)Developmentofasecurityawareness-trainingprogramD.)PurchaseofsecurityaccesscontrolsoftwareAnswer:AQUESTION6:Whichofthefollowingdepartmentmanagerswouldbebestsuitedtooverseethedevelopmentofaninformationsecuritypolicy?A.)InformationSystemsB.)HumanResourcesC.)BusinessoperationsD.)SecurityadministrationAnswer:CQUESTION7:Whatisthefunctionofacorporateinformationsecuritypolicy?A.Issuecorporatestandardtobeusedwhenaddressingspecificsecurityproblems.B.Issueguidelinesinselectingequipment,configuration,design,andsecureoperations.C.Definethespecificassetstobeprotectedandidentifythespecifictaskswhichmustbecompletedtosecurethem.CISSPActualtests.com-ThePowerofKnowingD.Definethemainsecurityobjectiveswhichmustbeachievedandthesecurityframeworktomeetbusinessobjectives.Answer:DInformationsecuritypoliciesarehigh-levelplansthatdescribethegoalsoftheproceduresorcontrols.Policiesdescribesecurityingeneral,notspecifics.Theyprovidetheblueprintfroanoverallsecurityprogramjustasaspecificationdefinesyournextproduct.-RobertaBraggCISSPCertificationTrainingGuide(que)pg587QUESTION8:Whymustseniormanagementendorseasecuritypolicy?A.Sothattheywillacceptownershipforsecuritywithintheorganization.B.Sothatemployeeswillfollowthepolicydirectives.C.Sothatexternalbodieswillrecognizetheorganizationscommitmenttosecurity.D.Sothattheycanbeheldlegallyaccountable.Answer:AThisreallydoesnotareferenceasitshouldbeknown.Uppermanagementislegallyaccountable(upto290millionfine).Externalorganizationsanswerisnotreallytopertinent(howeveritstatedthatotherorganizationswillrespectaBCPanddisasterrecoverplan).Employeesneedtobeboundtothepolicyregardlessofwhosignsitbutitgivesvalidity.Ownershipisthecorrectanswerinthisstatement.However,hereisareference.Fundamentallyimportanttoanysecurityprogram'ssuccessustheseniormanagement'shigh-levelstatementofcommitmenttotheinformationsecuritypolicyprocessandaseniormanagement'sunderstandingofhowimportantsecuritycontrolsandprotectionsaretotheenterprise'scontinuity.Seniormanagementmustbeawareoftheimportanceofsecurityimplementationtopreservetheorganization'sviability(andfortheirown'duecare'protection)andmustpubliclysupportthatprocessthroughouttheenterprise.-RonaldKrutzTheCISSPPREPGuide(goldedition)pg13QUESTION9:InwhichoneofthefollowingdocumentsistheassignmentofindividualrolesandresponsibilitiesMOSTappropriatelydefined?A.SecuritypolicyB.EnforcementguidelinesC.AcceptableusepolicyD.ProgrammanualCISSPActualtests.com-ThePowerofKnowingAnswer:CAnacceptableusepolicyisadocumentthattheemployeesignsinwhichtheexpectations,rolesandresponsibilitiesareoutlined.Issue-specificpoliciesaddressspecificsecurityissuesthatmanagementfeelsneedmor

1 / 509
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功