ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam SSCP All Questions

View all questions & answers for the SSCP exam
Go to Exam

Exam SSCP topic 2 question 132 discussion

Actual exam question from ISC's SSCP
Question #: 132
Topic #: 2
[All SSCP Questions]

Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy?

  • A. Who is involved in establishing the security policy?
  • B. Where is the organization's security policy defined?
  • C. What are the actions that need to be performed in case of a disaster?
  • D. Who is responsible for monitoring compliance to the organization's security policy? C
Show Suggested Answer Hide Answer
Suggested Answer: Explanation 🗳️
Actions to be performed in case of a disaster are not normally part of an information security policy but part of a Disaster Recovery Plan (DRP).
Only personnel implicated in the plan should have a copy of the Disaster Recovery Plan whereas everyone should be aware of the contents of the organization's information security policy.
Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations
(page 398).
by Thunder_Cat at Jan. 19, 2024, noon

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Thunder_Cat
10 months ago
Selected Answer: C
This is part of a DRP.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago