Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 4: Information Security Policy

Full screen (f)
exit full mode
Question
The steps outlined in guidelines must meet the requirements of the standards from which they were created.
Use Space or
up arrow
down arrow
to flip the card.
Question
In the modular approach to creating the ISSP,each of the modules is created and updated by the individuals who are responsible for a specific issue.
Question
Information security policies do not require a champion.
Question
Rule-based policies are less specific to the operation of a system than access control lists.
Question
Unless a policy actually reaches the end users,it cannot be enforced.
Question
SysSPs often function as standards or procedures to be used when configuring or maintaining systems.
Question
An automated policy management system is able to assess readers' understanding of the policy and electronically record reader acknowledgments.
Question
A quality information security program begins and ends with policy.
Question
Policies must note the existence of penalties for unacceptable behavior and define an appeals process.
Question
Once policies are created,they should not be changed.
Question
Today,most EULAs are presented on blow-by screens.
Question
In some systems,capability tables are known as user profiles.
Question
The ISSP is not a binding agreement between the organization and its members.
Question
All rule-based policies must deal with users directly.
Question
Unless a particular use is clearly prohibited,the organization cannot penalize employees for it.
Question
Users have the right to use an organization's information systems to browse the Web,even if this right is not specified in the ISSP.
Question
Access control lists can only be used to restrict access according to the user.
Question
An individual approach to creating the ISSPs is well controlled by centrally managed procedures assuring complete topic coverage.
Question
One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee's inappropriate or illegal use of the system.
Question
In the Flesch Reading Ease scale,the higher the score,the harder it is to understand the writing.
Question
Access control lists can be used to control access to file storage systems.
Question
To be effective,policy must be uniformly applied to all employees,including executives.
Question
A(n)standard is a more detailed statement of what must be done to comply with a policy._________________________
Question
The policy administrator must be technically oriented.
Question
The Flesch-Kincaid Grade Level score evaluates writing on a U.S.grade-school level.
Question
If multiple audiences exist for information security policies,different documents must be created for each audience.
Question
The Prohibited Usage of Equipment section of the ISSP specifies the penalties and repercussions of violating the usage and systems management policies._________________________
Question
A(n)individual approach to creating the ISSPs can suffer from poor policy dissemination,enforcement,and review._________________________
Question
A policy should be "signed into law" by a high-level manager before the collection and review of employee input.
Question
A(n)issue-specific security policy sets the strategic direction,scope,and tone for all of an organization's security efforts._________________________
Question
Access control lists include user access lists,matrices,and capability tables._________________________
Question
Policies should be published without a date of origin.
Question
An ISSP will typically not cover the use of e-mail or the Internet.
Question
The two general methods of implementing technical controls are access control lists and configuration rules._________________________
Question
A(n)enterprise information security policy is a type of information security policy that provides detailed,targeted guidance to instruct all members of the organization in the use of technology-based systems._________________________
Question
If an organization wants to prohibit the criminal use of the organization's information systems,it should do so in the Systems Management section of the ISSP._________________________
Question
In the bull's-eye model,issues are addressed by moving from the general to the specific,always starting with policy.That is,the focus is on  specific  \text {\underline{ specific } }

solutions instead of individual problems._________________________
Question
SysSPs focus on the proper handling of issues in the organization,like the use of technologies.
Question
When a policy is created and distributed without software automation tools,it is often not clear which manager has approved it.
Question
A(n)technical specifications SysSP document is created by management to guide the implementation and configuration of technology._________________________
Question
For policies to be effective,they must first be developed using generally-accepted practices._________________________
Question
The EISP guides the development,implementation,and management requirements of the information security program._________________________
Question
To ensure due diligence an organization must demonstrate that it is continuously attempting to meet the requirements of the market in which it operates._________________________
Question
During the implementation phase of the policy development SecSDLC,the development team creating the information security policy should make sure that the policy is written at a reasonable reading level._________________________
Question
A(n)capability table specifies which subjects and objects that users or groups can access._________________________
Question
A(n)blow-by screen is an organizational tool to ensure that all the appropriate information security policy messages are presented to all the appropriate audiences._________________________
Question
The policy administrator must be identified on the policy document as the primary contact for providing additional information or suggesting revisions to the policy._________________________
Question
The analysis phase of the SecSDLC in policy development should produce a new or recent risk assessment or IT audit documenting the current information security needs of the organization._________________________
Question
The ____ layer is the outermost layer of the bull's-eye model,hence the first to be assessed for marginal improvement.

A) Systems
B) Networks
C) Policies
D) Applications
Question
Practices are built on sound policy and carry the weight of policy._________________________
Question
Configuration rules are configuration codes that guide the execution of a system when information is passing through it._________________________
Question
Granularity is the level of specificity and detail with which administrators can control access to their systems._________________________
Question
Policies must also specify the penalties for unacceptable behavior and define a(n)____.

A) appeals process
B) legal recourse
C) responsible managers
D) requirements for revision
Question
According to Charles Cresson Wood "policies are important reference documents for internal ____ and for the resolution of legal disputes about management's due diligence; policy documents can act as a clear statement of management's intent".

A) assessment
B) awareness
C) policies
D) audits
Question
The ____ model describes the layers at which marginal assessment of security controls can be performed and is a proven mechanism for prioritizing complex changes.

A) NSTISSC
B) EISP
C) bull's-eye
D) policy
Question
Some policies incorporate a(n)sunset clause indicating a specific date the policy will expire._________________________
Question
Policy servers code organization-specific policies in a special machine-readable language that then can be accessed by operating systems,access control packages,and network management systems._________________________
Question
An effective issue-specific security policy serves to demonstrate that the organization has made a good-faith effort to ensure that its facilities will not be used in an inappropriate manner._________________________
Question
It is during the design phase of the SecSDLC that the policy development team must provide for policy distribution._________________________
Question
Which of the following is NOT a guideline that may help in the formulation of information technology (IT)policy as well as information security policy?

A) All policies must contribute to the success of the organization
B) Policies must be reviewed and approved by legal council before administration
C) Management must ensure the adequate sharing of responsibility for proper use of information systems
D) End users of information systems should be involved in the steps of policy formulation
Question
A disadvantage of creating a modular ISSP document is that it ____.

A) can suffer from poor policy enforcement
B) may overgeneralize the issues
C) can suffer from poor policy review
D) may be more expensive than other alternatives
Question
Technical controls ____.

A) must be implemented using access control list
B) must be implemented using configuration rules
C) must be implemented using user profiles
D) can be implemented using access control lists or configuration rules
Question
A ____ is a more detailed statement identifying a measurement of behavior and specifies what must be done to comply with a policy.

A) procedure
B) standard
C) guideline
D) practice
Question
Which of the following is a type of information security policy that deals with the entirety of an organization's information security efforts?

A) Issue-specific security policy
B) System-specific security policy
C) Company-wide security policy
D) Enterprise information security policy
Question
A(n)____ security policy provides detailed,targeted guidance to instruct all members of the organization in the use of technology-based systems.

A) issue-specific
B) enterprise information
C) system-specific
D) information
Question
A disadvantage of creating a number of independent ISSP documents is that the result may ____.

A) overgeneralize the issues
B) suffer from poor policy dissemination
C) skip over vulnerabilities
D) be written by those with less complete subject matter expertise
Question
The ____ section of the ISSP should specify users' and systems administrators' responsibilities.

A) Authorized Access and Usage of Equipment
B) Systems Management
C) Prohibited Usage of Equipment
D) Violations of Policy
Question
A detailed outline of the scope of the policy development project is created during the ____ phase of the SecSDLC.

A) design
B) analysis
C) implementation
D) investigation
Question
A risk assessment is performed during the ____ phase of the SecSDLC.

A) implementation
B) analysis
C) design
D) investigation
Question
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected violations?

A) Violations of Policy
B) Policy Review and Modification
C) Prohibited Usage of Equipment
D) Authorized Access and Usage of Equipment
Question
The ISSP sections Authorized Access and Usage of Equipment and Prohibited Usage of Equipment may be combined into a section called ____.

A) Violations of Policy
B) Limitations of Liability
C) Appropriate Use Policy
D) Systems Management
Question
An organization may include a set of disclaimers in the ____ section of the ISSP.

A) Authorized Access and Usage of Equipment
B) Policy Review and Modification
C) Prohibited Usage of Equipment
D) Limitations of Liability
Question
Capability tables are also known as ____.

A) system policies
B) user policies
C) system profiles
D) account lists
Question
A disadvantage of creating a single comprehensive ISSP document is that such a document ____.

A) usually fails to cover all the necessary issues
B) can suffer from poor policy review
C) can suffer from poor policy enforcement
D) may overgeneralize the issues and skip over vulnerabilities
Question
The two groups of SysSPs are managerial guidance and ____.

A) technical specifications
B) business guidance
C) network guidance
D) user specifications
Question
The ____ section of an ISSP explains who can use the technology governed by the policy and for what purposes.

A) Violations of Policy
B) Limitations of Liability
C) Systems Management
D) Authorized Access and Usage of Equipment
Question
The ISSP should begin with a ____.

A) description of authorized access
B) statement of purpose
C) list of prohibited usage of equipment
D) list of rules regarding the use of electronic documents
Question
____ comprise a set of rules that dictates acceptable and unacceptable behavior within an organization.

A) Standards
B) Procedures
C) Guidelines
D) Policies
Question
During the ____ phase of the SecSDLC,the team must create a plan to distribute,and verify the distribution of,the policies.

A) design
B) implementation
C) investigation
D) analysis
Question
Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.

A) access control lists
B) user profiles
C) configuration rules
D) capability table
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/133
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 4: Information Security Policy
1
The steps outlined in guidelines must meet the requirements of the standards from which they were created.
True
2
In the modular approach to creating the ISSP,each of the modules is created and updated by the individuals who are responsible for a specific issue.
True
3
Information security policies do not require a champion.
False
4
Rule-based policies are less specific to the operation of a system than access control lists.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
5
Unless a policy actually reaches the end users,it cannot be enforced.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
6
SysSPs often function as standards or procedures to be used when configuring or maintaining systems.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
7
An automated policy management system is able to assess readers' understanding of the policy and electronically record reader acknowledgments.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
8
A quality information security program begins and ends with policy.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
9
Policies must note the existence of penalties for unacceptable behavior and define an appeals process.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
10
Once policies are created,they should not be changed.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
11
Today,most EULAs are presented on blow-by screens.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
12
In some systems,capability tables are known as user profiles.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
13
The ISSP is not a binding agreement between the organization and its members.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
14
All rule-based policies must deal with users directly.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
15
Unless a particular use is clearly prohibited,the organization cannot penalize employees for it.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
16
Users have the right to use an organization's information systems to browse the Web,even if this right is not specified in the ISSP.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
17
Access control lists can only be used to restrict access according to the user.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
18
An individual approach to creating the ISSPs is well controlled by centrally managed procedures assuring complete topic coverage.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
19
One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee's inappropriate or illegal use of the system.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
20
In the Flesch Reading Ease scale,the higher the score,the harder it is to understand the writing.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
21
Access control lists can be used to control access to file storage systems.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
22
To be effective,policy must be uniformly applied to all employees,including executives.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
23
A(n)standard is a more detailed statement of what must be done to comply with a policy._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
24
The policy administrator must be technically oriented.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
25
The Flesch-Kincaid Grade Level score evaluates writing on a U.S.grade-school level.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
26
If multiple audiences exist for information security policies,different documents must be created for each audience.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
27
The Prohibited Usage of Equipment section of the ISSP specifies the penalties and repercussions of violating the usage and systems management policies._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
28
A(n)individual approach to creating the ISSPs can suffer from poor policy dissemination,enforcement,and review._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
29
A policy should be "signed into law" by a high-level manager before the collection and review of employee input.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
30
A(n)issue-specific security policy sets the strategic direction,scope,and tone for all of an organization's security efforts._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
31
Access control lists include user access lists,matrices,and capability tables._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
32
Policies should be published without a date of origin.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
33
An ISSP will typically not cover the use of e-mail or the Internet.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
34
The two general methods of implementing technical controls are access control lists and configuration rules._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
35
A(n)enterprise information security policy is a type of information security policy that provides detailed,targeted guidance to instruct all members of the organization in the use of technology-based systems._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
36
If an organization wants to prohibit the criminal use of the organization's information systems,it should do so in the Systems Management section of the ISSP._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
37
In the bull's-eye model,issues are addressed by moving from the general to the specific,always starting with policy.That is,the focus is on  specific  \text {\underline{ specific } }

solutions instead of individual problems._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
38
SysSPs focus on the proper handling of issues in the organization,like the use of technologies.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
39
When a policy is created and distributed without software automation tools,it is often not clear which manager has approved it.
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
40
A(n)technical specifications SysSP document is created by management to guide the implementation and configuration of technology._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
41
For policies to be effective,they must first be developed using generally-accepted practices._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
42
The EISP guides the development,implementation,and management requirements of the information security program._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
43
To ensure due diligence an organization must demonstrate that it is continuously attempting to meet the requirements of the market in which it operates._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
44
During the implementation phase of the policy development SecSDLC,the development team creating the information security policy should make sure that the policy is written at a reasonable reading level._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
45
A(n)capability table specifies which subjects and objects that users or groups can access._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
46
A(n)blow-by screen is an organizational tool to ensure that all the appropriate information security policy messages are presented to all the appropriate audiences._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
47
The policy administrator must be identified on the policy document as the primary contact for providing additional information or suggesting revisions to the policy._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
48
The analysis phase of the SecSDLC in policy development should produce a new or recent risk assessment or IT audit documenting the current information security needs of the organization._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
49
The ____ layer is the outermost layer of the bull's-eye model,hence the first to be assessed for marginal improvement.

A) Systems
B) Networks
C) Policies
D) Applications
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
50
Practices are built on sound policy and carry the weight of policy._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
51
Configuration rules are configuration codes that guide the execution of a system when information is passing through it._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
52
Granularity is the level of specificity and detail with which administrators can control access to their systems._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
53
Policies must also specify the penalties for unacceptable behavior and define a(n)____.

A) appeals process
B) legal recourse
C) responsible managers
D) requirements for revision
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
54
According to Charles Cresson Wood "policies are important reference documents for internal ____ and for the resolution of legal disputes about management's due diligence; policy documents can act as a clear statement of management's intent".

A) assessment
B) awareness
C) policies
D) audits
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
55
The ____ model describes the layers at which marginal assessment of security controls can be performed and is a proven mechanism for prioritizing complex changes.

A) NSTISSC
B) EISP
C) bull's-eye
D) policy
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
56
Some policies incorporate a(n)sunset clause indicating a specific date the policy will expire._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
57
Policy servers code organization-specific policies in a special machine-readable language that then can be accessed by operating systems,access control packages,and network management systems._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
58
An effective issue-specific security policy serves to demonstrate that the organization has made a good-faith effort to ensure that its facilities will not be used in an inappropriate manner._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
59
It is during the design phase of the SecSDLC that the policy development team must provide for policy distribution._________________________
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
60
Which of the following is NOT a guideline that may help in the formulation of information technology (IT)policy as well as information security policy?

A) All policies must contribute to the success of the organization
B) Policies must be reviewed and approved by legal council before administration
C) Management must ensure the adequate sharing of responsibility for proper use of information systems
D) End users of information systems should be involved in the steps of policy formulation
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
61
A disadvantage of creating a modular ISSP document is that it ____.

A) can suffer from poor policy enforcement
B) may overgeneralize the issues
C) can suffer from poor policy review
D) may be more expensive than other alternatives
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
62
Technical controls ____.

A) must be implemented using access control list
B) must be implemented using configuration rules
C) must be implemented using user profiles
D) can be implemented using access control lists or configuration rules
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
63
A ____ is a more detailed statement identifying a measurement of behavior and specifies what must be done to comply with a policy.

A) procedure
B) standard
C) guideline
D) practice
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following is a type of information security policy that deals with the entirety of an organization's information security efforts?

A) Issue-specific security policy
B) System-specific security policy
C) Company-wide security policy
D) Enterprise information security policy
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
65
A(n)____ security policy provides detailed,targeted guidance to instruct all members of the organization in the use of technology-based systems.

A) issue-specific
B) enterprise information
C) system-specific
D) information
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
66
A disadvantage of creating a number of independent ISSP documents is that the result may ____.

A) overgeneralize the issues
B) suffer from poor policy dissemination
C) skip over vulnerabilities
D) be written by those with less complete subject matter expertise
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
67
The ____ section of the ISSP should specify users' and systems administrators' responsibilities.

A) Authorized Access and Usage of Equipment
B) Systems Management
C) Prohibited Usage of Equipment
D) Violations of Policy
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
68
A detailed outline of the scope of the policy development project is created during the ____ phase of the SecSDLC.

A) design
B) analysis
C) implementation
D) investigation
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
69
A risk assessment is performed during the ____ phase of the SecSDLC.

A) implementation
B) analysis
C) design
D) investigation
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
70
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected violations?

A) Violations of Policy
B) Policy Review and Modification
C) Prohibited Usage of Equipment
D) Authorized Access and Usage of Equipment
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
71
The ISSP sections Authorized Access and Usage of Equipment and Prohibited Usage of Equipment may be combined into a section called ____.

A) Violations of Policy
B) Limitations of Liability
C) Appropriate Use Policy
D) Systems Management
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
72
An organization may include a set of disclaimers in the ____ section of the ISSP.

A) Authorized Access and Usage of Equipment
B) Policy Review and Modification
C) Prohibited Usage of Equipment
D) Limitations of Liability
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
73
Capability tables are also known as ____.

A) system policies
B) user policies
C) system profiles
D) account lists
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
74
A disadvantage of creating a single comprehensive ISSP document is that such a document ____.

A) usually fails to cover all the necessary issues
B) can suffer from poor policy review
C) can suffer from poor policy enforcement
D) may overgeneralize the issues and skip over vulnerabilities
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
75
The two groups of SysSPs are managerial guidance and ____.

A) technical specifications
B) business guidance
C) network guidance
D) user specifications
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
76
The ____ section of an ISSP explains who can use the technology governed by the policy and for what purposes.

A) Violations of Policy
B) Limitations of Liability
C) Systems Management
D) Authorized Access and Usage of Equipment
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
77
The ISSP should begin with a ____.

A) description of authorized access
B) statement of purpose
C) list of prohibited usage of equipment
D) list of rules regarding the use of electronic documents
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
78
____ comprise a set of rules that dictates acceptable and unacceptable behavior within an organization.

A) Standards
B) Procedures
C) Guidelines
D) Policies
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
79
During the ____ phase of the SecSDLC,the team must create a plan to distribute,and verify the distribution of,the policies.

A) design
B) implementation
C) investigation
D) analysis
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
80
Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.

A) access control lists
B) user profiles
C) configuration rules
D) capability table
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 133 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree