- Muhammad Idham Azhari
Thursday, April 30, 2015
CISSP Exam Preparation (Question 294)
(294) Which of the following would be best suited to provide information
during a review of the controls over the process of defining IT service levels?
A. Systems programmer
B. Legal stuff
C. Business unit manager
D. Programmer
Correct Answer: C
Explanation/Reference:
- Muhammad Idham Azhari
Friday, April 24, 2015
CISSP Exam Preparation (Question 293)
(293) In developing a security awareness program, it is MOST important
to
A. Understand the corporate
culture and how it will affect security.
B. Understand employees
preferences for information security.
C. Know what security awareness
products are available.
D. Identify weakness in line
management support.
Correct Answer: A
Explanation/Reference:
The controls and procedures of a security program
should reflect the nature of the data being
processed...These different types of companies would
also have very different cultures. For a security awareness program to be
effective, these considerations must be understood and the program should be developed
in a fashion that makes sense per environment - Shon Harris All-in-one CISSP Certification
Guide pg 109
- Muhammad Idham Azhari
Friday, April 17, 2015
CISSP Exam Preparation (Question 292)
(292) Which one of the following is the MAIN goal of a security
awareness program when addressing senior management?
A. Provide a vehicle for
communicating security procedures.
B. Provide a clear understanding
of potential risk and exposure.
C. Provide a forum for disclosing
exposure and risk analysis.
D. Provide a forum to communicate
user responsibilities.
Correct Answer: B
Explanation/Reference:
Explanation:
When the Security Officer is addressing Senior
Management, the focus would not be on user
responsibilities, it would be on making sure the
Senior Management have a clear understanding of the risk and
potential liability is Not D: Item D would be correct in a situation where
Senior Management is addressing organizational staff.
- Muhammad Idham Azhari
Friday, April 10, 2015
CISSP Exam Preparation (Question 291)
(291) Which of the following is most relevant to determining the maximum
effective cost of access control?
A. the value of information that
is protected
B. management's perceptions
regarding data importance
C. budget planning related to
base versus incremental spending.
D. the cost to replace lost data
Correct Answer: A
Explanation/Reference:
- Muhammad Idham Azhari
Friday, April 3, 2015
CISSP Exam Preparation (Question 290)
(290) What is the MAIN purpose of a change control/management system?
A. Notify all interested parties
of the completion of the change.
B. Ensure that the change meets
user specifications.
C. Document the change for audit
and management review.
D. Ensure the orderly processing
of a change request.
Correct Answer: C
Explanation/Reference:
- Muhammad Idham Azhari
Subscribe to:
Posts (Atom)