CISSP Exam Preparation (Question 272)

(272) In an organization, an Information Technology security function should:

A. Be a function within the information systems functions of an organization

B. Report directly to a specialized business unit such as legal, corporate security or insurance

C. Be lead by a Chief Security Officer and report directly to the CEO

D. Be independent but report to the Information Systems function

Correct Answer: C

Explanation/Reference:

- Idham Azhari

CISSP Exam Preparation (Question 271)

(271) Which of the following choices is NOT part of a security policy?

A. definition of overall steps of information security and the importance of security

B. statement of management intend, supporting the goals and principles of information security

C. definition of general and specific responsibilities for information security management

D. description of specific technologies used in the field of information security

Correct Answer: D

Explanation/Reference:

- Idham Azhari

CISSP Exam Preparation (Question 270)

(270) Which must bear the primary responsibility for determining the level of protection needed for information systems resources?

A. IS security specialists

B. Senior Management

C. Seniors security analysts

D. system auditors

Correct Answer: B

Explanation/Reference:

- Idham Azhari

CISSP Exam Preparation (Question 269)

(269) Which one of the following statements describes management controls that are instituted to implement a security policy?

A. They prevent users from accessing any control function.

B. They eliminate the need for most auditing functions.

C. They may be administrative, procedural, or technical.

D. They are generally inexpensive to implement.

Correct Answer: C

Explanation/Reference:

Administrative, physical, and technical controls should be utilized to achieve the management's directives. - Shon Harris All-in-one CISSP Certification Guide pg 60

- Idham Azhari