CI 475 PRACTICE PAPER GUIDE 2026 FULLY
ACCURATE ANSWERS
⫸ The ISSP is a plan which sets out the requirements that must be
met by the information security blueprint or framework. T/F. Answer:
False
⫸ You can create a single, comprehensive ISSP document covering
all information security issues. T/F. Answer: True
⫸ A managerial guidance SysSP document is created by the IT
experts in a company to guide management in the implementation and
configuration of technology. T/F. Answer: False
⫸ The policy administrator is responsible for the creation, revision,
distribution, and storage of the policy. T/F. Answer: True
⫸ Security training provides detailed information and hands-on
instruction to employees to prepare them to perform their duties
securely. T/F. Answer: True
⫸ Managerial controls set the direction and scope of the security
process and provide detailed instructions for its conduct. T/F. Answer:
True
,⫸ To achieve defense in depth, an organization must establish
multiple layers of security controls and safeguards. T/F. Answer: True
⫸ The ((operational plan)) documents the organization's intended
long-term direction and efforts for the next several years. T/F.
Answer: False - strategic
⫸ ((Guidelines)) are detailed statements of what must be done to
comply with policy. T/F. Answer: False - standards
⫸ A(n) ((strategic)) information security policy is also known as a
general security policy, and sets the strategic direction, scope, and
tone for all security efforts. T/F. Answer: False - enterprise
⫸ A security policy should begin with a clear statement of
((purpose)). T/F. Answer: True
⫸ The security ((model)) is the basis for the design, selection, and
implementation of all security program elements, including policy
implementation and ongoing policy and program management. T/F.
Answer: false- blueprint
⫸ NIST responded to a mandate and created a voluntary ((Risk
Management)) Framework that provides an effective approach to
manage cybersecurity risks. T/F. Answer: True
, ⫸ The key components of the security perimeter include firewalls,
DMZs demilitarized zones, ((Web)) servers, and IDPSs. T/F. Answer:
False proxy
⫸ Which of these is NOT a unique function of information security
management?
a. hardware
b. planning
c. policy
d. programs. Answer: a. hardware
⫸ A(n) _____ plan is a plan for the organization's intended efforts
over the next several years (long-term).
a. standard
b. operational
c. tactical
d. strategic. Answer: d. strategic
⫸ A detailed statement of what must be done to comply with
management intent is known as a _____.
a. guideline
b. standard
c. procedure
d. practice. Answer: b. standard
ACCURATE ANSWERS
⫸ The ISSP is a plan which sets out the requirements that must be
met by the information security blueprint or framework. T/F. Answer:
False
⫸ You can create a single, comprehensive ISSP document covering
all information security issues. T/F. Answer: True
⫸ A managerial guidance SysSP document is created by the IT
experts in a company to guide management in the implementation and
configuration of technology. T/F. Answer: False
⫸ The policy administrator is responsible for the creation, revision,
distribution, and storage of the policy. T/F. Answer: True
⫸ Security training provides detailed information and hands-on
instruction to employees to prepare them to perform their duties
securely. T/F. Answer: True
⫸ Managerial controls set the direction and scope of the security
process and provide detailed instructions for its conduct. T/F. Answer:
True
,⫸ To achieve defense in depth, an organization must establish
multiple layers of security controls and safeguards. T/F. Answer: True
⫸ The ((operational plan)) documents the organization's intended
long-term direction and efforts for the next several years. T/F.
Answer: False - strategic
⫸ ((Guidelines)) are detailed statements of what must be done to
comply with policy. T/F. Answer: False - standards
⫸ A(n) ((strategic)) information security policy is also known as a
general security policy, and sets the strategic direction, scope, and
tone for all security efforts. T/F. Answer: False - enterprise
⫸ A security policy should begin with a clear statement of
((purpose)). T/F. Answer: True
⫸ The security ((model)) is the basis for the design, selection, and
implementation of all security program elements, including policy
implementation and ongoing policy and program management. T/F.
Answer: false- blueprint
⫸ NIST responded to a mandate and created a voluntary ((Risk
Management)) Framework that provides an effective approach to
manage cybersecurity risks. T/F. Answer: True
, ⫸ The key components of the security perimeter include firewalls,
DMZs demilitarized zones, ((Web)) servers, and IDPSs. T/F. Answer:
False proxy
⫸ Which of these is NOT a unique function of information security
management?
a. hardware
b. planning
c. policy
d. programs. Answer: a. hardware
⫸ A(n) _____ plan is a plan for the organization's intended efforts
over the next several years (long-term).
a. standard
b. operational
c. tactical
d. strategic. Answer: d. strategic
⫸ A detailed statement of what must be done to comply with
management intent is known as a _____.
a. guideline
b. standard
c. procedure
d. practice. Answer: b. standard
