[CCCure CISSP] Qs1 Physical Security: cccure QuizEngn doubts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Qs1 Physical Security: cccure QuizEngn doubts

Amlan Deb
Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear for the exam in the month of July.
 
Thanks,
Amlan
 

Doubt#1
========

60. 

1.     Question: 1429 | Difficulty: 3/5 | Relevancy: 3/3

Which of the following questions is less likely to help in assessing physical and environmental protection?

o      Are sensitive data files encrypted on all portable systems?

o      Are deposits and withdrawals of tapes and other storage media from the library authorized and logged?

o      Are computer monitors located to eliminate viewing by unauthorized persons?

o     Are procedures in place to determine compliance with password policies?

You did not provide any answer to this question. Please review details below.

Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment.

All the choices above are useful in assessing physical and environmental protection except for procedures regarding password policies, which are operational controls related to data integrity.


Source: SWANSON, Marianne,
NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to A-24).

Last modified 07/02/2007, Ron Hehemann

Contributor: Christian Vezina

 

My doubt:  Isn’t encryption in option ‘A’ more to do with Technical control? Or is it considered a part of physical control only because it is on portable systems in this case?

 

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org