Jumat, 22 Mei 2015

CISSP Exam Preparation (Question 297)

(297) Risk analysis is MOST useful when applied during which phase of the system development process?

A. Project identification
B. Requirements definition
C. System construction
D. Implementation planning

Correct Answer: A

Explanation/Reference:

Reference: pg 684 Shon Harris: All-in-One CISSP Certification

- Idham Azhari

Jumat, 15 Mei 2015

CISSP Exam Preparation (Question 296)

(296) Which of the following is not a compensating measure for access violations?

A. Backups
B. Business continuity planning
C. Insurance
D. Security awareness

Correct Answer: D


Explanation/Reference:

- Idham Azhari

Jumat, 08 Mei 2015

CISSP Exam Preparation (Question 295)

(295) Which of the following best explains why computerized information systems frequently fail to meet the needs of users?

A. Inadequate quality assurance (QA) tools
B. Constantly changing user needs
C. Inadequate user participation in defining the system's requirements
D. Inadequate project management.

Correct Answer: C


Explanation/Reference:

- Idham Azhari

Kamis, 30 April 2015

CISSP Exam Preparation (Question 294)

(294) Which of the following would be best suited to provide information during a review of the controls over the process of defining IT service levels?

A. Systems programmer
B. Legal stuff
C. Business unit manager
D. Programmer

Correct Answer: C


Explanation/Reference:

- Idham Azhari

Jumat, 24 April 2015

CISSP Exam Preparation (Question 293)

(293) In developing a security awareness program, it is MOST important to

A. Understand the corporate culture and how it will affect security.
B. Understand employees preferences for information security.
C. Know what security awareness products are available.
D. Identify weakness in line management support.

Correct Answer: A

Explanation/Reference:
The controls and procedures of a security program should reflect the nature of the data being

processed...These different types of companies would also have very different cultures. For a security awareness program to be effective, these considerations must be understood and the program should be developed in a fashion that makes sense per environment - Shon Harris All-in-one CISSP Certification Guide pg 109

- Idham Azhari

Jumat, 17 April 2015

CISSP Exam Preparation (Question 292)

(292) Which one of the following is the MAIN goal of a security awareness program when addressing senior management?

A. Provide a vehicle for communicating security procedures.
B. Provide a clear understanding of potential risk and exposure.
C. Provide a forum for disclosing exposure and risk analysis.
D. Provide a forum to communicate user responsibilities.

Correct Answer: B

Explanation/Reference:

Explanation:
When the Security Officer is addressing Senior Management, the focus would not be on user
responsibilities, it would be on making sure the Senior Management have a clear understanding of the risk and potential liability is Not D: Item D would be correct in a situation where Senior Management is addressing organizational staff.

- Idham Azhari

Jumat, 10 April 2015

CISSP Exam Preparation (Question 291)

(291) Which of the following is most relevant to determining the maximum effective cost of access control?

A. the value of information that is protected
B. management's perceptions regarding data importance
C. budget planning related to base versus incremental spending.
D. the cost to replace lost data

Correct Answer: A


Explanation/Reference:

- Idham Azhari