CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 82)

Page 81 of 269
PDF with 1074 Questions

Who should DECIDE how a company should approach security and what security measures should be implemented?

  1. Senior management
  2. Data owner
  3. Auditor
  4. The information security specialist

Answer(s): A

Explanation:

They are responsible for security of the organization and the protection of its assets.
The following answers are incorrect because :
Data owner is incorrect as data owners should not decide as to what security measures should be applied.
Auditor is also incorrect as auditor cannot decide as to what security measures should be applied.
The information security specialist is also incorrect as they may have the technical knowledge of how security measures should be implemented and configured , but they should not be in a position of deciding what measures should be applied.



Which of the following is responsible for MOST of the security issues?

  1. Outside espionage
  2. Hackers
  3. Personnel
  4. Equipment failure

Answer(s): C

Explanation:

Personnel cause more security issues than hacker attacks, outside espionage, or equipment failure.
The following answers are incorrect because:
Outside espionage is incorrect as it is not the best answer. Hackers is also incorrect as it is not the best answer. Equipment failure is also incorrect as it is not the best answer. Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 56



What are the three FUNDAMENTAL principles of security?

  1. Accountability, confidentiality and integrity
  2. Confidentiality, integrity and availability
  3. Integrity, availability and accountability
  4. Availability, accountability and confidentiality

Answer(s): B

Explanation:

The following answers are incorrect because:
Accountability, confidentiality and integrity is not the correct answer as Accountability is not one of the fundamental principle of security.
Integrity, availability and accountability is not the correct answer as Accountability is not one of the fundamental principle of security.
Availability, accountability and confidentiality is not the correct answer as Accountability is not one of the fundamental objective of security.
References : Shon Harris AIO v3 , Chapter - 3: Security Management Practices , Pages : 49-52



Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment ?

  1. A baseline
  2. A standard
  3. A procedure
  4. A guideline

Answer(s): A

Explanation:

Baselines provide the minimum level of security necessary throughout the organization.
Standards specify how hardware and software products should be used throughout the organization.
Procedures are detailed step-by-step instruction on how to achieve certain tasks.
Guidelines are recommendation actions and operational guides to personnel when a specific standard does not apply.


Reference:

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 3: Security Management Practices (page 94).






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Exam Discussions & Posts