nerdexam
GIAC

GSEC · Question #141

GSEC Question #141: Real Exam Question with Answer & Explanation

The correct answer is D. Backup requirements, employee monitoring, physical access and acceptable use.. Issue-specific policies address concrete, security-relevant organizational concerns such as backup procedures, acceptable use, employee monitoring, and physical access controls.

Question

Which of the following are examples of Issue-Specific policies all organizations should address?

Options

  • APerimeter filtering guides, break times for employees, desktop neatness and backup procedures.
  • BRogue wireless access points, auditing, break time for employees and organizational structure.
  • CAudit logs, physical access, mission statements and network protocols used.
  • DBackup requirements, employee monitoring, physical access and acceptable use.

Explanation

Issue-specific policies address concrete, security-relevant organizational concerns such as backup procedures, acceptable use, employee monitoring, and physical access controls.

Common mistakes.

  • A. Break times for employees and desktop neatness are administrative or HR concerns unrelated to security issue-specific policies, disqualifying this option.
  • B. Organizational structure is an administrative management concern, not a security issue-specific policy topic, making this choice incorrect.
  • C. Mission statements are high-level organizational documents, not security policies, so this choice incorrectly mixes non-security administrative content with security topics.

Concept tested. Issue-specific security policy categories and examples

Reference. https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice