SNSA 7 Exam Preparation Latest 2025/2026
Questions And Correct Answers
(Verified Answers)[Already Graded A+]
A is the correct answer.
Justification
A permissive controls policy allows activities that are not
explicitly denied.
Configuration to fail closed is a restrictive controls policy.
Delegation of privileges refers to discretionary access
control.
,Standards permit control variations within defined limits. -
Answer-A permissive controls policy would be reflected in
which one of the following implementations?
Access is allowed unless explicitly denied.
IT systems are configured to fail closed.
Individuals can delegate privileges.
Control variations are permitted within defined limits.
A is the correct answer
Justification
,A control baseline is obtained by reviewing the standards
to determine the control objectives that they set, and then
checking systems to determine whether they comply with
the objectives set by the standards.
Sampling hardware configurations without knowing the
control objectives reflected in the standards provides
information on the current state but not on how that state
relates to the intended state.
Anomalies in system logs do not necessarily indicate that
baseline security is incorrect, nor does an absence of
abnormalities mean that the baseline is correct.
, Penetration tests that reveal vulnerabilities must be
evaluated in the context of the control objectives set by the
standard. - Answer-The MOST direct way to accurately
determine the control baseline in an IT system is to do
which of the following activities?
Review standards and system compliance.
Sample hardware and software configurations.
Review system and server logs for anomalies.
Perform internal and external penetration tests.
Questions And Correct Answers
(Verified Answers)[Already Graded A+]
A is the correct answer.
Justification
A permissive controls policy allows activities that are not
explicitly denied.
Configuration to fail closed is a restrictive controls policy.
Delegation of privileges refers to discretionary access
control.
,Standards permit control variations within defined limits. -
Answer-A permissive controls policy would be reflected in
which one of the following implementations?
Access is allowed unless explicitly denied.
IT systems are configured to fail closed.
Individuals can delegate privileges.
Control variations are permitted within defined limits.
A is the correct answer
Justification
,A control baseline is obtained by reviewing the standards
to determine the control objectives that they set, and then
checking systems to determine whether they comply with
the objectives set by the standards.
Sampling hardware configurations without knowing the
control objectives reflected in the standards provides
information on the current state but not on how that state
relates to the intended state.
Anomalies in system logs do not necessarily indicate that
baseline security is incorrect, nor does an absence of
abnormalities mean that the baseline is correct.
, Penetration tests that reveal vulnerabilities must be
evaluated in the context of the control objectives set by the
standard. - Answer-The MOST direct way to accurately
determine the control baseline in an IT system is to do
which of the following activities?
Review standards and system compliance.
Sample hardware and software configurations.
Review system and server logs for anomalies.
Perform internal and external penetration tests.
