
本帖最后由 宅男女神 于 2016-1-24 17:16 编辑 CISSP题库 1453Q- @. |" t, |) m+ p$ Q
4 I6 `. m" x4 {课程介绍、目录及截图:3 e: r, m9 w" @* v& y
QUESTION 1:
3 N7 N5 H6 a6 yAll of the following are basic components of a security policy EXCEPT the
# m# n) P0 q u7 G6 ~A. definition of the issue and statement of relevant terms., @- Z1 {5 X: W; ]2 W7 O; H
B. statement of roles and responsibilities4 Y6 ]$ W$ n/ f. u; t/ H
C. statement of applicability and compliance requirements.
" X9 w2 x) z h* q0 hD. statement of performance of characteristics and requirements.
6 k0 U, u/ z5 x7 B: [7 ?Answer: D
- M0 s9 R0 `, e! M8 V5 P3 `; ]3 {Policies are considered the first and highest level of documentation, from which the lower level' n; l {4 @0 e- m3 {$ g
elements of standards, procedures, and guidelines flow. This order, however, does not mean that3 M4 E# b, C" A/ Z, `9 p5 k; f( ~
policies are more important than the lower elements. These higher-level policies, which are the8 x2 q, `" p8 Z o% K" {
more general policies and statements, should be created first in the process for strategic reasons,$ g1 `( l- u$ h4 M; i' @$ N
and then the more tactical elements can follow. -Ronald Krutz The CISSP PREP Guide (gold
b$ I8 S# {2 V- }/ k( \; ?edition) pg 13) ^8 J+ q8 o; _+ [7 O4 s" T F* ~
QUESTION 2:
4 d7 W; H* I9 k2 F; p0 d% XA security policy would include all of the following EXCEPT
7 |: v0 \2 n4 ?, HA. Background0 D: Q3 [# [" \( k4 Q$ x5 {7 @
B. Scope statement/ l: v- L+ q3 C8 Y% T, c }! B
C. Audit requirements% n2 G4 a. X/ K
D. Enforcement! L5 u5 T2 H5 o* |& r& D1 _0 _1 R
Answer: B, e: [" l: X( |8 z& W' A4 T
QUESTION 3:* j0 h* g( L& `( f! A" ]
Which one of the following is an important characteristic of an information security policy?3 D1 Z: T, a' q; ^! l$ G, b- }5 b
A. Identifies major functional areas of information.
. o. n( \0 B8 C' PB. Quantifies the effect of the loss of the information.
- }8 W7 A" w9 \) uC. Requires the identification of information owners.$ B/ Z" A+ j' Y" O$ V. w2 V
D. Lists applications that support the business function.
' ], M5 C! G* r. r# x5 TAnswer: A- `" m9 y2 t& D. K5 {2 b# r+ p
Information security policies area high-level plans that describe the goals of the procedures., J4 ]9 k+ y" U/ K2 |
Policies are not guidelines or standards, nor are they procedures or controls. Policies describe
4 {. ^0 Z! s! c! a5 Gsecurity in general terms, not specifics. They provide the blueprints for an overall security
9 W% V- N3 ^/ v/ D @program just as a specification defines your next product - Roberta Bragg CISSP Certification
& \2 x0 v4 P3 I9 t; A) h. \Training Guide (que) pg 206$ E! Q) o% N6 n% J
, }9 S/ a, j O2 ]
下载链接: 论坛便捷链接:
; t4 r7 i [1 r
! a2 D. T/ u/ v; q$ L能帮助您和更多的人找到自己想要的资料并取得更大进步,是我们最大的愿望。 | * d/ r: m" O8 W+ _3 D3 k
|
|