Documente Academic
Documente Profesional
Documente Cultură
3. What can be best defined as high-level statements, beliefs, goals, and obj
ectives?
A) standards
B) guidelines
Feedback: See page 61.
C) policies
D) procedures
Feedback: See page 61.Points Earned: 0.0/1.0
Correct Answer(s): C
7. An effective security policy would not have which of the following charact
eristics?
A) specify areas of responsibility and authority
Feedback: See pages 59-70.
B) be understandable and supported by all stakeholders
C) include seperations of duty
D) be designed for short to mid-term focus
Feedback: See pages 59-70.Points Earned: 0.0/1.0
Correct Answer(s): D
12. What can be defined as an event that could cause harm to network/informat
ion system?
A) a weakness
B) a threat
Feedback: See page 78.
C) a vulnerability
D) a risk
Feedback: See page 78.Points Earned: 1.0/1.0
Correct Answer(s): B
13. A(n) ____________ policy might prescribe the need for information securit
y and may delegate the creation and management of the program.
A) System-specific
B) Programme-level
C) Programme-framework
D) Issue-specific
Points Earned: 0.0/1.0
Correct Answer(s): B
14. What is the difference between advisory and regulatory security policies?
A) Regulatory policies are high-level policies, whereas advisory policies are ve
ry detailed
B) Advisory polices are mandated and regulatory polies are not.
C) There are no differences between them
D) Advisory polices provide recommendations
Feedback: See pages 70 and 71.
Feedback: See pages 70 and 71.Points Earned: 1.0/1.0
Correct Answer(s): D
15. 23. The supporting documents derived from policy statements include which
of the following? Select all correct answers.
A) Regulations
B) Procedural maps
C) Standards and baselines
D) Guidelines
Points Earned: 1.0/1.0
Correct Answer(s): A , C , D