312-50V13 Question #159: Real Exam Question with Answer & Explanation

Question

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

Options

• AInformation Audit Policy (IAP)
• BInformation Security Policy (ISP)
• CPenetration Testing Policy (PTP)
• DCompany Compliance Policy (CCP)

Explanation

The formal written document outlining employee responsibilities, permitted and prohibited activities on company systems, and consequences for policy violations, requiring employee acknowledgment, is known as an Information Security Policy.

Common mistakes.

• A. An Information Audit Policy (IAP) outlines how audits are conducted to assess security controls and compliance, not the rules for employee use of IT systems.
• C. A Penetration Testing Policy (PTP) governs the authorized simulation of cyberattacks to identify vulnerabilities, which is a specific security testing activity, not a general user behavior policy.
• D. A Company Compliance Policy (CCP) is a broad term that could cover various regulatory or internal standards, but an Information Security Policy is the specific document governing the secure and acceptable use of IT resources.

Concept tested. Information Security Policy (ISP)

Reference. https://learn.microsoft.com/en-us/compliance/assurance/assurance-overview-of-information-security-policy-and-management

No community discussion yet for this question.