Best Quality EXIN ISMP Exam Questions DumpsQuestion Realistic Practice Exams [2021]
Critical Information To Information Security Management Professional based on ISO/IEC 27001 Pass the First Time
NEW QUESTION 15
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?
- A. The Board of Directors
- B. The security manager
- C. The operational manager
- D. The user
Answer: B
NEW QUESTION 16
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
- A. Integrity
- B. Availability
- C. Confidentiality
Answer: B
NEW QUESTION 17
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
- A. Log review, consolidation and management
- B. Access criteria and access control mechanisms
- C. System-specific policies for business systems
Answer: B
NEW QUESTION 18
What is the best way to start setting the information security controls?
- A. Implement the security measures as prescribed by a risk analysis tool
- B. Use a standard security baseline
- C. Resort back to the default factory standards
Answer: B
NEW QUESTION 19
What is the main reason to use a firewall to separate two parts of your internal network?
- A. To decrease network loads
- B. To separate areas with different confidentiality requirements
- C. To enable the installation of an Intrusion Detection System
- D. To control traffic intensity between two network segments
Answer: B
NEW QUESTION 20
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?
- A. The HR department wants to be a Registration Authority (RA).
- B. The Certificate Authority (CA) is hacked.
- C. The users lose their public keys.
- D. The certificate is invalid because it is on a Certificate Revocation List.
Answer: B
NEW QUESTION 21
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
- A. Do
- B. Check
- C. Plan
- D. Act
Answer: C
NEW QUESTION 22
What is a key item that must be kept in mind when designing an enterprise-wide information security program?
- A. Determine controls in the light of specific risks an organization is facing
- B. Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible
- C. Put an incident management and log file analysis program in place immediately
- D. When defining controls follow an approach and framework that is consistent with organizational culture
Answer: A
NEW QUESTION 23
A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?
- A. Using key access controls for employees needing access
- B. Using access control lists to prevent logical access to organizational infrastructure
- C. Using a firewall to prevent access to the network infrastructure
- D. Having visitors sign in and out of the corporate datacenter
Answer: A
NEW QUESTION 24
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?
- A. The risk treatment plan
- B. The disaster recovery plan
- C. The incident response plan
- D. The Business Continuity Plan (BCP)
Answer: C
NEW QUESTION 25
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
- A. Boardroom and general office space
- B. Computer room and storage facility
- C. Lobby and public restaurant
- D. Meeting rooms and Human Resource rooms
Answer: C
NEW QUESTION 26
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
- A. Put a phone tap on the employee's business phone
- B. Investigate the contents of the workstation of the employee
- C. Seize and investigate the private laptop of the employee
- D. Investigate the private mailbox of the employee
Answer: B
NEW QUESTION 27
......
ISMP EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.dumpsquestion.com/ISMP-exam-dumps-collection.html