{"id":395,"date":"2021-01-17T05:32:44","date_gmt":"2021-01-16T17:59:07","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0387\/"},"modified":"2021-01-17T05:44:12","modified_gmt":"2021-01-17T05:44:12","slug":"systems-security-certified-practitioner-sscp-question0387","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0387\/","title":{"rendered":"Systems Security Certified Practitioner &#8211; SSCP &#8211; Question0387"},"content":{"rendered":"<div class=\"question\">Which of the following statements pertaining to a security policy is incorrect? <br \/><strong><br \/>A.<\/strong> Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. <br \/><strong>B.<\/strong> It specifies how hardware and software should be used throughout the organization. <br \/><strong>C.<\/strong> It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. <br \/><strong>D.<\/strong> It must be flexible to the changing environment.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>B<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nA security policy would NOT define how hardware and software should be used throughout the organization. A standard or a procedure would provide such details but not a policy. A security policy is a formal statement of the rules that people who are given access to anorganization&#8217;s technology and information assets must abide. The policy communicates the security goals to all of the users, the administrators, and the managers. The goals will be largely determined by the following key tradeoffs: services offered versus security provided, ease of use versus security, and cost of security versus risk of loss.<br \/>\nThe main purpose of a security policy is to inform the users, the administrators and the managers of their obligatory requirements for protecting technology and information assets.<br \/>\nThe policy should specify the mechanisms through which these requirements can be met. Another purpose is to provide a baseline from which to acquire, configure and audit computer systems and networks for compliance with the policy. In order for a security policy to be appropriate and effective, it needs to have the acceptance and support of all levels of employees within the organization. A good security policy must:<br \/>\n\u2022 Be able to be implemented through system administration procedures, publishing of acceptable use guidelines, or other appropriate methods<br \/>\n\u2022 Be able to be enforced with security tools, where appropriate, and with sanctions, where actual prevention is not technically feasible<br \/>\n\u2022 Clearly define the areas of responsibility for the users, the administrators, and the managers<br \/>\n\u2022 Be communicated to all once it is established<br \/>\n\u2022 Be flexible to the changing environment of a computer network since it is a living document<br \/>\nReference(s) used for this question:<br \/>\nNational Security Agency, Systems and Network Attack Center (SNAC),The 60 Minute Network Security Guide, February 2002, page 7. or A local copy is kept at: <a href=\"https:\/\/www.freepracticetests.org\/documents\/The%2060%20Minute%20Network%20Security%20Guide.pdf\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/www.freepracticetests.org\/documents\/The%2060%20Minute%20Net&#8230;<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Which of the following statements pertaining to a security policy is incorrect? A. Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. B. It specifies how hardware and software should be used throughout the organization. C. It needs to have the acceptance and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1078,390,3],"class_list":["post-395","post","type-post","status-publish","format-standard","hentry","category-systems-security-certified-practitioner-sscp","tag-choices","tag-question-0387","tag-systems-security-certified-practitioner-sscp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/comments?post=395"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/395\/revisions"}],"predecessor-version":[{"id":1471,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/395\/revisions\/1471"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/media?parent=395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/categories?post=395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/tags?post=395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}