Friday, October 31, 2014

CISSP Exam Preparation (Question 268)

(268) Which one of the following is NOT a fundamental component of a Regulatory Security Policy?

A. What is to be done.
B. When it is to be done.
C. Who is to do it.
D. Why is it to be done

Correct Answer: C

Explanation/Reference:

Regulatory Security policies are mandated to the organization but it up to them to implement it. "Regulatory - This policy is written to ensure that the organization is following standards set by a specific industry and is regulated by law. The policy type is detailed in nature and specific to a type of industry. This is used in financial institutions, health care facilities, and public utilities." - Shon Harris All-in-one CISSP Certification Guide pg 93-94

- Muhammad Idham Azhari

No comments: