exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 70 discussion

Actual exam question from ISC's CISSP
Question #: 70
Topic #: 1
[All CISSP Questions]

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

  • A. It should be expressed as general requirements.
  • B. It should be expressed as technical requirements.
  • C. It should be expressed in business terminology.
  • D. It should be expressed in legal terminology.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
deeden
4 months, 3 weeks ago
Selected Answer: B
A baseline cybersecurity standard should be expressed in technical requirements to ensure clear and measurable expectations for suppliers. This includes specific controls, technologies, and processes that must be implemented. While general requirements can provide a high-level overview, technical requirements are essential for effective evaluation and enforcement of the standard. Here's a breakdown of why the other options are less effective: A. General requirements: Too vague and difficult to enforce. C. Business terminology: While understanding business needs is important, the standard should focus on technical implementation details. D. Legal terminology: While legal considerations are important, the primary focus should be on technical requirements to ensure effective security.
upvoted 2 times
...
Rachy
5 months, 1 week ago
Selected Answer: B
B. Its a cybersecurity standard so I will guess its a cyber Vendors
upvoted 1 times
...
Chris
5 months, 3 weeks ago
Selected Answer: C
Here’s why C. It should be expressed in business terminology is appropriate: Clarity for Stakeholders: Using business terminology helps ensure that all stakeholders, including suppliers, understand the expectations and the rationale behind them. This approach promotes better alignment and cooperation. Alignment with Business Objectives: Expressing cybersecurity requirements in business terms ensures that they are seen as integral to achieving business goals, rather than as isolated technical mandates. Effective Communication: Managers and executives need to communicate security requirements in a way that resonates with the business context, making it easier for suppliers to see the value and necessity of compliance.
upvoted 1 times
...
Ramye
6 months, 1 week ago
Selected Answer: C
Standards must be set to meet business goals. If it does not meet business needs then it’s useless.
upvoted 1 times
...
Vasyamba1
9 months, 2 weeks ago
Selected Answer: B
this is related to SLR before signing the contract.
upvoted 1 times
...
homeysl
9 months, 2 weeks ago
Selected Answer: A
Baseline is the keyword
upvoted 1 times
...
Hongjun
9 months, 4 weeks ago
Selected Answer: C
Refer to chapter 1 the description of SLA and SLR . It talk about the third party or company of your supply chain shall has minimum security standards. It relates with business. Technical details was developed by third-party company by following your business requirements. You don't give then the details of Technical.
upvoted 1 times
...
gjimenezf
11 months, 3 weeks ago
Selected Answer: C
C. Business Terminology
upvoted 2 times
...
YesPlease
1 year ago
Selected Answer: C
Answer C) It should be expressed in business terminology. Too technical or legal and you may confuse your vendor(s).
upvoted 1 times
...
Soleandheel
1 year ago
C. It should be expressed in business terminology.
upvoted 1 times
...
Soleandheel
1 year ago
Think like a manager guys. Using business terminology to express technical security things to other stakeholders is what a manager would do. You don't want to use too technical or even legal terminology when communicating with other stakeholders like suppliers. Business terminology is what you want to use when communicating security baselines to prospective suppliers. Remember, you want to think like an executive or a manager not an engineer.
upvoted 1 times
...
InclusiveSTEAM
1 year, 2 months ago
The correct answer is C - business terminology The statement that is true regarding the enterprise's baseline cybersecurity standard for suppliers is that it should be expressed in business terminology, option C. The standard should focus on desired security outcomes in plain business language, rather than technical details or legal jargon. This makes requirements accessible to suppliers without cybersecurity expertise. Option A is incorrect because general requirements can be too vague. Specific outcomes should be stated. Option B is incorrect because technical jargon would be hard for suppliers to understand. Option D is incorrect because legal terminology is overly formal for a cyber baseline.
upvoted 2 times
...
Wz21
1 year, 3 months ago
C: Business terminology
upvoted 2 times
...
ACunningPlan
1 year, 9 months ago
Selected Answer: A
This the baseline, go general to get the largest supplier audience without giving away details of your cybersecurity and then once some qualify that you can hold accountable set the details.
upvoted 3 times
...
Firedragon
2 years, 1 month ago
B. https://www.nymissa.org/wp-content/uploads/2016/01/Minimum-Baseline-Standards-Presentation_02-21-2016.pdf
upvoted 2 times
jackdryan
1 year, 7 months ago
B is correct
upvoted 1 times
...
...
Jamati
2 years, 1 month ago
Selected Answer: B
Clearly an organization will have multiple suppliers for different products and services. A baseline cybersecurity standard will have to be included as part of it's technical requirements.
upvoted 1 times
...
rdy4u
2 years, 2 months ago
Think of baseline security as the bare minimum requirements to sufficiently protect against vulnerabilities and threats.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago