BLOGSPOT atas

Friday, October 31, 2014

CISSP Exam Preparation (Question 268)

(268) Which one of the following is NOT a fundamental component of a Regulatory Security Policy?

A. What is to be done.
B. When it is to be done.
C. Who is to do it.
D. Why is it to be done

Correct Answer: C

Explanation/Reference:

Regulatory Security policies are mandated to the organization but it up to them to implement it. "Regulatory - This policy is written to ensure that the organization is following standards set by a specific industry and is regulated by law. The policy type is detailed in nature and specific to a type of industry. This is used in financial institutions, health care facilities, and public utilities." - Shon Harris All-in-one CISSP Certification Guide pg 93-94

- Muhammad Idham Azhari

Friday, October 24, 2014

CISSP Exam Preparation (Question 267)

(267) Which one of the following should NOT be contained within a computer policy?

A. Definition of management expectations.
B. Responsibilities of individuals and groups for protected information.
C. Statement of senior executive support.
D. Definition of legal and regulatory controls.

Correct Answer: B

Explanation/Reference: None

- Muhammad Idham Azhari

Friday, October 17, 2014

CISSP Exam Preparation (Question 266)

(266) When developing an information security policy, what is the FIRST step that should be taken?

A. Obtain copies of mandatory regulations.
B. Gain management approval.
C. Seek acceptance from other departments.
D. Ensure policy is compliant with current working practices.

Correct Answer: B


Explanation/Reference: None

- Muhammad Idham Azhari

Friday, October 10, 2014

CISSP Exam Preparation (Question 265)

(265) Which of the following defines the intent of a system security policy?

A. A definition of the particular settings that have been determined to provide optimum security.
B. A brief, high-level statement defining what is and is not permitted during the operation of the system.
C. A definition of those items that must be excluded on the system.
D. A listing of tools and applications that will be used to protect the system.

Correct Answer: A

Explanation/Reference:

"A system-specific policy presents the management's decisions that are closer to the actual computers, networks, applications, and data. This type of policy can provide an approved software list, which contains a list of applications that can be installed on individual workstations. This policy can describe how databases are to be protected, how computers are to be locked down, and how firewall, intrusion diction systems, and scanners are to be employed." Pg 93 Shon Harris CISSP All-In-One Certification Exam Guide

- Muhammad Idham Azhari

Friday, October 3, 2014

CISSP Exam Preparation (Question 264)

(264) In which one of the following documents is the assignment of individual roles and responsibilities MOST appropriately defined?

A. Security policy
B. Enforcement guidelines
C. Acceptable use policy
D. Program manual

Correct Answer: C

Explanation/Reference:
An acceptable use policy is a document that the employee signs in which the expectations, roles and responsibilities are outlined.

Issue -specific policies address specific security issues that management feels need more detailed explanation and attention to make sure a comprehensive structure is built and all employees understand how they are to comply to these security issues. - Shon Harris All- in-one CISSP Certification Guide pg 62

- Muhammad Idham Azhari