CISSP Exam Preparation (Question 294)

(294) Which of the following would be best suited to provide information during a review of the controls over the process of defining IT service levels?

A. Systems programmer

B. Legal stuff

C. Business unit manager

D. Programmer

Correct Answer: C

Explanation/Reference:

- Idham Azhari

CISSP Exam Preparation (Question 293)

(293) In developing a security awareness program, it is MOST important to

A. Understand the corporate culture and how it will affect security.

B. Understand employees preferences for information security.

C. Know what security awareness products are available.

D. Identify weakness in line management support.

Correct Answer: A

Explanation/Reference:

The controls and procedures of a security program should reflect the nature of the data being

processed...These different types of companies would also have very different cultures. For a security awareness program to be effective, these considerations must be understood and the program should be developed in a fashion that makes sense per environment - Shon Harris All-in-one CISSP Certification Guide pg 109

- Idham Azhari

CISSP Exam Preparation (Question 292)

(292) Which one of the following is the MAIN goal of a security awareness program when addressing senior management?

A. Provide a vehicle for communicating security procedures.

B. Provide a clear understanding of potential risk and exposure.

C. Provide a forum for disclosing exposure and risk analysis.

D. Provide a forum to communicate user responsibilities.

Correct Answer: B

Explanation/Reference:

Explanation:

When the Security Officer is addressing Senior Management, the focus would not be on user

responsibilities, it would be on making sure the Senior Management have a clear understanding of the risk and potential liability is Not D: Item D would be correct in a situation where Senior Management is addressing organizational staff.

- Idham Azhari

CISSP Exam Preparation (Question 291)

(291) Which of the following is most relevant to determining the maximum effective cost of access control?

A. the value of information that is protected

B. management's perceptions regarding data importance

C. budget planning related to base versus incremental spending.

D. the cost to replace lost data

Correct Answer: A

Explanation/Reference:

- Idham Azhari

CISSP Exam Preparation (Question 290)

(290) What is the MAIN purpose of a change control/management system?

A. Notify all interested parties of the completion of the change.

B. Ensure that the change meets user specifications.

C. Document the change for audit and management review.

D. Ensure the orderly processing of a change request.

Correct Answer: C

Explanation/Reference:

- Idham Azhari