CERTIFIED-IN-CYBERSECURITY · Question #165
CERTIFIED-IN-CYBERSECURITY Question #165: Real Exam Question with Answer & Explanation
The correct answer is A: ... a minimum understood and acceptable level of security requirements. A security baseline is a set of security standards, guidelines and procedures used to ensure that a system or network meets a minimum level of security. Security baselines are typically based on industry best practices, regulatory requirements, and an organization's specific secu
Question
The PRIMARY objective of a security baseline is to establish ...
Options
- A... a minimum understood and acceptable level of security requirements
- B... a minimum understood and a good level of security requirements
- C... security and configuration requirements
- D... a maximum understood and an acceptable level of security requirements
Explanation
A security baseline is a set of security standards, guidelines and procedures used to ensure that a system or network meets a minimum level of security. Security baselines are typically based on industry best practices, regulatory requirements, and an organization's specific security needs. The primary objective of a security baseline is to establish a minimum understood and acceptable level of security requirements. While it is true that a security baseline specifies security and configuration requirements that must be met to ensure that the system or network is adequately protected, that is actually not its primary goal (see ISC2 Study Guide, chapter 5, module 2). The other options do not apply, since they do not align the definition of a security baseline. Moreover, enforcing a maximum number of security requirements is not necessarily a good practice, since practically no organization could bear such a cost.
Topics
Community Discussion
No community discussion yet for this question.