
本帖最后由 宅男女神 于 2016-1-24 17:16 编辑 CISSP题库 1453Q1 `# U, B H/ Y" K) i8 }
$ H/ x, Q. x' @' {课程介绍、目录及截图:. z5 C0 ~9 X6 H6 E: k1 w# X0 j
QUESTION 1:- w% B" K [- H3 i
All of the following are basic components of a security policy EXCEPT the6 _/ U8 E8 }) N' R
A. definition of the issue and statement of relevant terms.
! k; e J5 e% d1 D2 E" Y+ lB. statement of roles and responsibilities! R# [2 c7 t( |; x- }# I4 \
C. statement of applicability and compliance requirements.* b5 x; D# i1 r# b
D. statement of performance of characteristics and requirements.* f0 g. M& w) ?
Answer: D
0 Z* O' z) p/ p; H+ t7 ePolicies are considered the first and highest level of documentation, from which the lower level
2 j0 B5 J4 {6 d1 k; l( c) Kelements of standards, procedures, and guidelines flow. This order, however, does not mean that0 S* h$ x" A4 H5 B$ [/ G
policies are more important than the lower elements. These higher-level policies, which are the6 R4 h4 q1 _# S) Z& @7 ^$ L
more general policies and statements, should be created first in the process for strategic reasons,% [* s l5 N7 {9 z) m0 e
and then the more tactical elements can follow. -Ronald Krutz The CISSP PREP Guide (gold
1 h: V4 d9 u! |5 p; N5 pedition) pg 13
0 m% C, c( a6 F/ v$ c( z$ N/ OQUESTION 2:
1 C8 h3 S9 L) KA security policy would include all of the following EXCEPT( I' J; O2 ~8 T) V+ w
A. Background
7 n! Z& F, @6 z9 E; Q: vB. Scope statement
4 i$ ~' _! @) A0 eC. Audit requirements8 \$ b# v& V% a; e" M& m6 @; P
D. Enforcement" o* g- j: U2 N: S/ D" w7 ?' a
Answer: B% w! ]% U- c4 u' e8 K: l
QUESTION 3:
+ n3 J" C; u% M6 hWhich one of the following is an important characteristic of an information security policy?* w) c/ G; @' V" u. [9 b7 y
A. Identifies major functional areas of information.
$ {* h( t+ |. h- SB. Quantifies the effect of the loss of the information.
7 D0 r! I- V" [. \: A) j7 @! XC. Requires the identification of information owners.! f! i" }( W6 f9 U3 B1 N
D. Lists applications that support the business function.4 _8 n, O; v! D/ ?: p) ?3 I4 l
Answer: A. G0 {0 k6 `- ]( `6 {# D( i8 W
Information security policies area high-level plans that describe the goals of the procedures.
1 k9 t( Z& m1 Y5 t6 u8 s- d) aPolicies are not guidelines or standards, nor are they procedures or controls. Policies describe
7 \) C4 ^+ j E2 j. V, F, D! qsecurity in general terms, not specifics. They provide the blueprints for an overall security* u3 M2 p, N }' o' e$ L. y: ~
program just as a specification defines your next product - Roberta Bragg CISSP Certification0 p2 I; H$ G6 }9 Y ` U" d
Training Guide (que) pg 206
' r2 J: l d2 B9 ?6 Y
$ M; I! X: q* S8 ?, n( V下载链接: 论坛便捷链接:
' s( K6 A9 O+ S+ y& r* W) t7 F; n, s( {8 y+ H! T/ g$ d
能帮助您和更多的人找到自己想要的资料并取得更大进步,是我们最大的愿望。 | 6 g0 R2 E) U$ e& w
|
|