
本帖最后由 宅男女神 于 2016-1-24 17:16 编辑 CISSP题库 1453Q
) X5 s l2 q! W
, v; A7 r& f& C# _, O课程介绍、目录及截图:
& F c- e4 _7 e9 DQUESTION 1:
* w1 y! }; w- ^& A0 K9 X4 CAll of the following are basic components of a security policy EXCEPT the
8 z6 s s) `) ?- s8 P3 w/ qA. definition of the issue and statement of relevant terms.7 m+ o& {+ T& t: n5 |6 X# @
B. statement of roles and responsibilities& @, Q$ V; t1 G
C. statement of applicability and compliance requirements.
& d3 u4 i+ m, l. F" o# D8 w* qD. statement of performance of characteristics and requirements.$ _, W1 d) Z y0 d# s& g! `, y p
Answer: D
4 x# S, |& o: n4 W/ p% EPolicies are considered the first and highest level of documentation, from which the lower level Q- G6 Y: ~. w( M' ?0 T/ `
elements of standards, procedures, and guidelines flow. This order, however, does not mean that
5 H: q+ v/ ~% v( q! @# s- cpolicies are more important than the lower elements. These higher-level policies, which are the
9 L( h( K% P8 g! T {8 ]more general policies and statements, should be created first in the process for strategic reasons,0 X: M9 g: c+ _) i! B" o( m' F
and then the more tactical elements can follow. -Ronald Krutz The CISSP PREP Guide (gold
m5 P) F: A4 o+ J+ `' j2 Y& nedition) pg 134 h, X; U; C/ p* S% V+ K/ p9 F" j
QUESTION 2:
4 Q" }8 f! V6 Q4 |8 W4 ` UA security policy would include all of the following EXCEPT
/ _3 Z7 ]3 S( B" K: B8 OA. Background
% t( d4 a: j; @/ [# L5 QB. Scope statement* R9 ?5 z1 `$ `! O! S2 q. l
C. Audit requirements2 i2 `8 ^1 K0 a r: j; o
D. Enforcement
) a- b6 \! T: `2 Z2 R1 n: IAnswer: B
) l: p$ H# n' P2 NQUESTION 3:) B0 ^) N4 x; U2 P, \
Which one of the following is an important characteristic of an information security policy?
/ D* X9 N& D" B* bA. Identifies major functional areas of information.3 s. ?# h5 S9 Q" E& w" H* T6 p
B. Quantifies the effect of the loss of the information.! o+ b5 R+ ~1 Z! U' ]3 o3 G1 L8 m
C. Requires the identification of information owners.* B* d' V! n8 E4 a
D. Lists applications that support the business function.
0 O: c( Y" M+ `( \% ^$ mAnswer: A
$ h& E+ }" l. KInformation security policies area high-level plans that describe the goals of the procedures.9 w! n4 d- x G: k# g O
Policies are not guidelines or standards, nor are they procedures or controls. Policies describe: l, E' H: C5 y2 l
security in general terms, not specifics. They provide the blueprints for an overall security
* X) `) t2 n% `& [1 O. sprogram just as a specification defines your next product - Roberta Bragg CISSP Certification5 ~. ?5 y% v, u3 J- W, X6 c& |
Training Guide (que) pg 206
- V7 a) o- B( ?, J" G) U+ X" ^4 v8 I( j; a+ v
下载链接: 论坛便捷链接:
4 L. b$ t @$ v" _# H" e& y2 C- O# Y2 r: b s" C4 n$ G
能帮助您和更多的人找到自己想要的资料并取得更大进步,是我们最大的愿望。 |
7 }. ?7 B( W$ W1 ~4 x' R |
|