PrepAway - Latest Free Exam Questions & Answers

which of the following provides a MINIMUM level of secu…

Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for
an environment?

PrepAway - Latest Free Exam Questions & Answers

A.
A baseline

B.
A standard

C.
A procedure

D.
A guideline

Explanation:
The term baseline refers to a point in time that is used as a comparison for future changes. Once risks have
been mitigated and security put in place, a baseline is formally reviewed and agreed upon, after which all
further comparisons and development are measured against it. A baseline results in a consistent reference
point.
Baselines are also used to define the minimum level of protection required. In security, specific baselines can
be defined per system type, which indicates the necessary settings and the level of protection being provided.
For example, a company may stipulate that all accounting systems must meet an Evaluation Assurance Level
(EAL) 4 baseline. This means that only systems that have gone through the Common Criteria process and
achieved this rating can be used in this department. Once the systems are properly configured, this is the
necessary baseline.
Incorrect Answers:
B: Standards are compulsory rules indicating how hardware and software should be implemented, used, and
maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and
procedures are carried out in a uniform way across the organization. They do not provide a minimum level of
security acceptable for an environment.
C: A procedure provides detailed step-by-step instructions to achieve a certain task, which are used by users,
IT staff, operations staff, security members, and others. It does not provide a minimum level of security
acceptable for an environment.
D: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others
when a specific standard does not apply. They do not provide a minimum level of security acceptable for an
environment.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 106


Leave a Reply