Question 1

List the advantages and disadvantages of using a modular approach for creating and managing the ISSP.

Accepted Answer

The advantages of the modular ISSP policy are: Often considered an optimal balance between the individual ISSP and the comprehensive ISSP approaches Well controlled by centrally managed procedures,assuring complete topic coverage Clear assignment to a responsible department Written by those with superior subject matter expertise for technology-specific systems The disadvantages of the modular ISSP policy are: May be more expensive than other alternatives Implementation can be difficult to manage

Question 2

Which of the following is NOT an aspect of access regulated by ACLs?

Accepted Answer

A)  what authorized users can access 
B)  where the system is located 
C)  how authorized users can access the system 
D)  when authorized users can access the system 
A)  what authorized users can access 
B)  where the system is located 
C)  how authorized users can access the system 
D)  when authorized users can access the system B

Question 3

List the significant guidelines used in the formulation of effective information security policy.

Accepted Answer

For policies to be effective,they must be properly:
 1.Developed using industry-accepted practices
 2.Distributed or disseminated using all appropriate methods
 3.Reviewed or read by all employees
 4.Understood by all employees
 5.Formally agreed to by act or assertion
 6.Uniformly applied and enforced

Question 4

When issues are addressed by moving from the general to the specific,always starting with policy.

Accepted Answer

A) capability table 
B) statement of purpose 
C) Bull's eye model 
D) SysSP 
E) procedures
F)InfoSec policy
G)standard
H)access control lists
I)systems management
J)ISSP 
A) capability table 
B) statement of purpose 
C) Bull's eye model 
D) SysSP 
E) procedures
F)InfoSec policy
G)standard
H)access control lists
I)systems management
J)ISSP

Question 5

Information securitypolicies are designed to provide structure in the workplace and explain the  will of the organization'smanagement.____________

Accepted Answer

A) True 
 B)False

Question 6

Which policy is the highest level of policy and is usually created first?

Accepted Answer

A)  SysSP 
B)  USSP 
C)  ISSP 
D)  EISP 
A)  SysSP 
B)  USSP 
C)  ISSP 
D)  EISP

Question 7

Non mandatory recommendations that the employee may use as a reference incomplying with a policy.are known as regulations.____________

Accepted Answer

A) True 
 B)False

Question 8

The responsibilities of both the users and the systems administrators with regard to specific systems administration duties should be specified in the ____________________ section of the ISSP.

Accepted Answer

The answer of The responsibilities of both the users and...

Question 9

Which of the following is a disadvantage of the individual policy approach to creating and managing ISSPs?

Accepted Answer

A)  can suffer from poor policy dissemintation, enforcement, and review 
B)  may skip vulnerabilities otherwise reported 
C)  may be more expensive than necessary 
D)  implementation can be less difficult to manage 
A)  can suffer from poor policy dissemintation, enforcement, and review 
B)  may skip vulnerabilities otherwise reported 
C)  may be more expensive than necessary 
D)  implementation can be less difficult to manage

Question 10

The need for effective policy management has led to the emergence of a class of hardware   tools that supports policy development,implementation,and maintenance.

Accepted Answer

A) True 
 B)False

Question 11

When an organization demonstrates that it is continuously attempting to meet the requirements of the market in which it operates,what is it ensuring?

Accepted Answer

A)  policy administration 
B)  due diligence 
C)  adequate security measures 
D)  certification and accreditation 
A)  policy administration 
B)  due diligence 
C)  adequate security measures 
D)  certification and accreditation

Question 12

What are the two general methods for implementing technical controls?

Accepted Answer

A)  profile lists and configuration filters 
B)  firewall rules and access filters 
C)  user profiles and filters 
D)  access control lists and configuration rules 
A)  profile lists and configuration filters 
B)  firewall rules and access filters 
C)  user profiles and filters 
D)  access control lists and configuration rules

Question 13

In which phase of the development of an InfoSec policy must a plan to distribute the policies be developed?Why is this important?

Accepted Answer

During the design phase,the team must cr

Question 14

Step-by-step instructions designed to assist employees in following policies,standards and guidelines.

Accepted Answer

A) capability table 
B) statement of purpose 
C) Bull's eye model 
D) SysSP 
E) procedures
F)InfoSec policy
G)standard
H)access control lists
I)systems management
J)ISSP 
A) capability table 
B) statement of purpose 
C) Bull's eye model 
D) SysSP 
E) procedures
F)InfoSec policy
G)standard
H)access control lists
I)systems management
J)ISSP

Question 15

What should an effective ISSP accomplish?

Accepted Answer

It articulates the organization's expect

Question 16

Which of the following are the two general groups into which SysSPs can be separated?

Accepted Answer

A)  technical specifications and managerial guidance 
B)  business guidance and network guidance 
C)  user specifications and managerial guidance 
D)  technical specifications and business guidance 
A)  technical specifications and managerial guidance 
B)  business guidance and network guidance 
C)  user specifications and managerial guidance 
D)  technical specifications and business guidance

Question 17

Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?

Accepted Answer

A)  Violations of Policy 
B)  Systems Management 
C)  Prohibited Usage of Equipment 
D)  Authorized Access and Usage of Equipment 
A)  Violations of Policy 
B)  Systems Management 
C)  Prohibited Usage of Equipment 
D)  Authorized Access and Usage of Equipment

Question 18

In addition to specifying the penalties for unacceptable behavior,what else must a policy specify?

Accepted Answer

A)  appeals process 
B)  legal recourse 
C)  what must be done to comply 
D)  the proper operation of equipment 
A)  appeals process 
B)  legal recourse 
C)  what must be done to comply 
D)  the proper operation of equipment

Question 19

Which type of document is a more detailed statement of what must be done to comply with a policy?

Accepted Answer

A)  procedure 
B)  standard 
C)  guideline 
D)  practice 
A)  procedure 
B)  standard 
C)  guideline 
D)  practice

Question 20

Organizational policies that often function asstandards or procedures to be used when configuring or maintaining systems. ​

Accepted Answer

A) capability table 
B) statement of purpose 
C) Bull's eye model 
D) SysSP 
E) procedures
F)InfoSec policy
G)standard
H)access control lists
I)systems management
J)ISSP 
A) capability table 
B) statement of purpose 
C) Bull's eye model 
D) SysSP 
E) procedures
F)InfoSec policy
G)standard
H)access control lists
I)systems management
J)ISSP

List the advantages and disadvantages of using a modular approach for creating and managing the ISSP.

Which of the following is NOT an aspect of access regulated by ACLs?

List the significant guidelines used in the formulation of effective information security policy.

When issues are addressed by moving from the general to the specific,always starting with policy.

Information securitypolicies are designed to provide structure in the workplace and explain the will of the organization'smanagement.____________

Which policy is the highest level of policy and is usually created first?

Non mandatory recommendations that the employee may use as a reference incomplying with a policy.are known as regulations.____________

The responsibilities of both the users and the systems administrators with regard to specific systems administration duties should be specified in the ____________________ section of the ISSP.

Which of the following is a disadvantage of the individual policy approach to creating and managing ISSPs?

The need for effective policy management has led to the emergence of a class of hardware tools that supports policy development,implementation,and maintenance.

When an organization demonstrates that it is continuously attempting to meet the requirements of the market in which it operates,what is it ensuring?

What are the two general methods for implementing technical controls?

In which phase of the development of an InfoSec policy must a plan to distribute the policies be developed?Why is this important?

Step-by-step instructions designed to assist employees in following policies,standards and guidelines.

What should an effective ISSP accomplish?

Which of the following are the two general groups into which SysSPs can be separated?

Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?

In addition to specifying the penalties for unacceptable behavior,what else must a policy specify?

Which type of document is a more detailed statement of what must be done to comply with a policy?

Organizational policies that often function asstandards or procedures to be used when configuring or maintaining systems.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 4: Information Security Policy

List the advantages and disadvantages of using a modular approach for creating and managing the ISSP.

Which of the following is NOT an aspect of access regulated by ACLs?

List the significant guidelines used in the formulation of effective information security policy.

When issues are addressed by moving from the general to the specific,always starting with policy.

Information securitypolicies are designed to provide structure in the workplace and explain the will of the organization'smanagement.____________

Which policy is the highest level of policy and is usually created first?

Non mandatory recommendations that the employee may use as a reference incomplying with a policy.are known as regulations.____________

The responsibilities of both the users and the systems administrators with regard to specific systems administration duties should be specified in the ____________________ section of the ISSP.

Which of the following is a disadvantage of the individual policy approach to creating and managing ISSPs?

The need for effective policy management has led to the emergence of a class of hardware tools that supports policy development,implementation,and maintenance.

When an organization demonstrates that it is continuously attempting to meet the requirements of the market in which it operates,what is it ensuring?

What are the two general methods for implementing technical controls?

In which phase of the development of an InfoSec policy must a plan to distribute the policies be developed?Why is this important?

Step-by-step instructions designed to assist employees in following policies,standards and guidelines.

What should an effective ISSP accomplish?

Which of the following are the two general groups into which SysSPs can be separated?

Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?

In addition to specifying the penalties for unacceptable behavior,what else must a policy specify?

Which type of document is a more detailed statement of what must be done to comply with a policy?

Organizational policies that often function asstandards or procedures to be used when configuring or maintaining systems. ​

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Organizational policies that often function asstandards or procedures to be used when configuring or maintaining systems.