(265) Which of the following defines the intent of a system security policy?
A. A definition of the particular settings that have been determined to provide optimum security.
B. A brief, high-level statement defining what is and is not permitted during the operation of the system.
C. A definition of those items that must be excluded on the system.
D. A listing of tools and applications that will be used to protect the system.
Correct Answer: A
"A system-specific policy presents the management's decisions that are closer to the actual computers, networks, applications, and data. This type of policy can provide an approved software list, which contains a list of applications that can be installed on individual workstations. This policy can describe how databases are to be protected, how computers are to be locked down, and how firewall, intrusion diction systems, and scanners are to be employed." Pg 93 Shon Harris CISSP All-In-One Certification Exam Guide
- Muhammad Idham Azhari