Free ISMP Braindumps Download Updated on Mar 20, 2022 with 31 Questions
EXIN ISMP Exam Practice Test Questions
NEW QUESTION 16
What is a key item that must be kept in mind when designing an enterprise-wide information security program?
- A. Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible
- B. When defining controls follow an approach and framework that is consistent with organizational culture
- C. Put an incident management and log file analysis program in place immediately
- D. Determine controls in the light of specific risks an organization is facing
Answer: D
NEW QUESTION 17
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
- A. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
- B. Once the controls are implemented
- C. When the risk analysis is completed
- D. Once the transference of the risk is complete
Answer: A
NEW QUESTION 18
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?
- A. The security architect will be informed when there is a fire.
- B. The doors will automatically open in case of fire.
- C. The doors should stay closed in case of fire to prevent access to confidential areas.
Answer: B
NEW QUESTION 19
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
- A. Investigate the private mailbox of the employee
- B. Put a phone tap on the employee's business phone
- C. Investigate the contents of the workstation of the employee
- D. Seize and investigate the private laptop of the employee
Answer: C
NEW QUESTION 20
Which security item is designed to take collections of data from multiple computers?
- A. Firewall
- B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
- C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
- D. Virtual Private Network (VPN)
Answer: C
NEW QUESTION 21
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
- A. Decide the criteria for determining if the risk can be accepted
- B. Remediate the risk regardless of cost
- C. Design appropriate controls to reduce the risk
- D. Begin risk remediation immediately as the organization is currently at risk
Answer: A
NEW QUESTION 22
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?
- A. Management and control of the security services
- B. Which security services are provided and in which supporting architectures are they defined
- C. The information security policy, the risk assessment and the controls in the security services
Answer: B
NEW QUESTION 23
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
- A. System-specific policies for business systems
- B. Log review, consolidation and management
- C. Access criteria and access control mechanisms
Answer: C
NEW QUESTION 24
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
- A. Availability
- B. Confidentiality
- C. Integrity
Answer: A
NEW QUESTION 25
What needs to be decided prior to considering the treatment of risks?
- A. Criteria for determining whether or not the risk can be accepted
- B. How to apply appropriate controls to reduce the risks
- C. The development of own guidelines
- D. Mitigation plans
Answer: A
NEW QUESTION 26
When should information security controls be considered?
- A. As part of the scoping meeting
- B. During the risk assessment work
- C. At the kick-off meeting
- D. After the risk assessment
Answer: D
NEW QUESTION 27
The security manager of a global company has decided that a risk assessment needs to be completed across the company.
What is the primary objective of the risk assessment?
- A. Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure
- B. Identify, quantify and prioritize risks against criteria for risk acceptance
- C. Identify, quantify and prioritize which controls are going to be used to mitigate risk
- D. Identify, quantify and prioritize the scope of this risk assessment
Answer: B
NEW QUESTION 28
......
Updated Verified ISMP dumps Q&As - Pass Guarantee or Full Refund: https://www.dumpexams.com/ISMP-real-answers.html