nerdexam
ExamsCSSLPQuestions#137
(ISC)2(ISC)2

CSSLP · Question #137

CSSLP Question #137: Real Exam Question with Answer & Explanation

The correct answer is A: Security policy. ISO/IEC 27002 provides a set of generic information security controls, including sections on Security policy, Asset management, and Risk assessment. These sections guide organizations in implementing effective information security management.

Secure Software Lifecycle Management

Question

Which of the following sections come under the ISO/IEC 27002 standard?

Options

  • ASecurity policy
  • BAsset management
  • CFinancial assessment
  • DRisk assessment

Explanation

ISO/IEC 27002 provides a set of generic information security controls, including sections on Security policy, Asset management, and Risk assessment. These sections guide organizations in implementing effective information security management.

Common mistakes.

  • C. Financial assessment is not a direct section or control family within the ISO/IEC 27002 standard; its focus is on information security controls, not financial evaluation.

Concept tested. ISO/IEC 27002 control categories

Reference. https://www.iso.org/standard/72138.html

Topics

#ISO/IEC 27002#Information Security Controls#Security Policy#Asset Management

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions