Question 1

Specifications of authorization that govern the rights and privileges of users to a particular information asset.

Accepted Answer

A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP 
A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP

Question 2

List the major components of the ISSP.

Accepted Answer

Statement of PurposeAuthorized

Question 3

Technology is the essential foundation of an effective information security program​.

Accepted Answer

A) True 
 B)False

Question 4

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

Accepted Answer

A)  Policy Review and Modification 
B)  Limitations of Liability 
C)  Systems Management 
D)  Statement of Purpose 
A)  Policy Review and Modification 
B)  Limitations of Liability 
C)  Systems Management 
D)  Statement of Purpose

Question 5

A risk assessment is performed during which phase of the SecSDLC?

Accepted Answer

A)  implementation 
B)  analysis 
C)  design 
D)  investigation 
A)  implementation 
B)  analysis 
C)  design 
D)  investigation

Question 6

Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?

Accepted Answer

A)  On-target model 
B)  Wood's model 
C)  Bull's-eye model 
D)  Bergeron and Berube model 
A)  On-target model 
B)  Wood's model 
C)  Bull's-eye model 
D)  Bergeron and Berube model

Question 7

An organizational policy that provides detailed,targeted guidance to instruct all members of the organization in the use of a resource,such as one of its processes or technologies.

Accepted Answer

A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP 
A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP

Question 8

Step-by-step instructions designed to assist employees in following policies, standards and guidelines.

Accepted Answer

A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP 
A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP

Question 9

A clear declaration that outlines the scope and applicability of a policy.

Accepted Answer

A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP 
A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP

Question 10

Which policy is the highest level of policy and is usually created first?

Accepted Answer

A)  SysSP 
B)  USSP 
C)  ISSP 
D)  EISP 
A)  SysSP 
B)  USSP 
C)  ISSP 
D)  EISP

Question 11

What are the four elements that an EISP document should include?

Accepted Answer

An overview of the corporate philosophy

Question 12

A section of policy that should specify users' and systems administrators' responsibilities.

Accepted Answer

A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP 
A)  capability table 
B)  statement of purpose 
C)  Bull's eye model 
D)  SysSP 
E)  Procedures
F) InfoSec policy
G) standard
H) access control lists
I) systems management
J) ISSP

Question 13

A(n)____________________,which is usually presented on a screen to the user during software installation,spells out fair and responsible use of the software being installed.

Accepted Answer

end-user license agr

Question 14

The need for effective policy management has led to the emergence of a class of hardware tools that supports policy development,implementation,and maintenance.​

Accepted Answer

A) True 
 B)False

Question 15

List the significant guidelines used in the formulation of effective information security policy.

Accepted Answer

For policies to be e

Question 16

What are the two general methods for implementing technical controls?

Accepted Answer

A)  profile lists and configuration filters 
B)  firewall rules and access filters 
C)  user profiles and filters 
D)  access control lists and configuration rules 
A)  profile lists and configuration filters 
B)  firewall rules and access filters 
C)  user profiles and filters 
D)  access control lists and configuration rules

Specifications of authorization that govern the rights and privileges of users to a particular information asset.

List the major components of the ISSP.

Technology is the essential foundation of an effective information security program.

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

A risk assessment is performed during which phase of the SecSDLC?

Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?

An organizational policy that provides detailed,targeted guidance to instruct all members of the organization in the use of a resource,such as one of its processes or technologies.

Step-by-step instructions designed to assist employees in following policies, standards and guidelines.

A clear declaration that outlines the scope and applicability of a policy.

Which policy is the highest level of policy and is usually created first?

What are the four elements that an EISP document should include?

A section of policy that should specify users' and systems administrators' responsibilities.

A(n)____________________,which is usually presented on a screen to the user during software installation,spells out fair and responsible use of the software being installed.

The need for effective policy management has led to the emergence of a class of hardware tools that supports policy development,implementation,and maintenance.

List the significant guidelines used in the formulation of effective information security policy.

What are the two general methods for implementing technical controls?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 4: Information Security Policy

Specifications of authorization that govern the rights and privileges of users to a particular information asset.

List the major components of the ISSP.

Technology is the essential foundation of an effective information security program​.

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

A risk assessment is performed during which phase of the SecSDLC?

Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?

An organizational policy that provides detailed,targeted guidance to instruct all members of the organization in the use of a resource,such as one of its processes or technologies.

Step-by-step instructions designed to assist employees in following policies, standards and guidelines.

A clear declaration that outlines the scope and applicability of a policy.

Which policy is the highest level of policy and is usually created first?

What are the four elements that an EISP document should include?

A section of policy that should specify users' and systems administrators' responsibilities.

A(n)____________________,which is usually presented on a screen to the user during software installation,spells out fair and responsible use of the software being installed.

The need for effective policy management has led to the emergence of a class of hardware tools that supports policy development,implementation,and maintenance.​

List the significant guidelines used in the formulation of effective information security policy.

What are the two general methods for implementing technical controls?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Technology is the essential foundation of an effective information security program.

The need for effective policy management has led to the emergence of a class of hardware tools that supports policy development,implementation,and maintenance.