(265) Which
of the following defines the intent of a system security policy?
A. A definition of the particular
settings that have been determined to provide optimum security.
B. A brief, high-level statement
defining what is and is not permitted during the operation of the system.
C. A definition of those items
that must be excluded on the system.
D. A listing of tools and
applications that will be used to protect the system.
Correct Answer: A
Explanation/Reference:
"A
system-specific policy presents the management's decisions that are closer to
the actual computers, networks,
applications, and data. This type of policy can provide an approved software
list, which contains a list of
applications that can be installed on individual workstations. This policy can
describe how databases are to be
protected, how computers are to be locked down, and how firewall, intrusion
diction systems, and scanners are to
be employed." Pg 93 Shon Harris CISSP All-In-One Certification Exam Guide
- Muhammad Idham Azhari
No comments:
Post a Comment