CISSP All Domains Practice test 4

Policies are mandatory, they are high level and non-specific. They are contain “Patches, updates, strong encryption”, but they will not be specific to “OS, encryption type, vendor technology”. They are approved and often written by senior management.