• Home
  • Articles
  • [Oct-2021] Get 100% Real ISMP Exam Questions, Accurate & Verified ActualVCE Dumps in the Real Exam! [Q10-Q33]

[Oct-2021] Get 100% Real ISMP Exam Questions, Accurate & Verified ActualVCE Dumps in the Real Exam! [Q10-Q33]

Share

[Oct-2021] Get 100% Real ISMP Exam Questions, Accurate & Verified ActualVCE Dumps in the Real Exam!

Pass Your Information Security Management Exams Fast. All Top ISMP Exam Questions Are Covered.

NEW QUESTION 10
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

  • A. Log review, consolidation and management
  • B. Access criteria and access control mechanisms
  • C. System-specific policies for business systems

Answer: B

 

NEW QUESTION 11
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?

  • A. When the risk analysis is completed
  • B. Once the controls are implemented
  • C. Once the transference of the risk is complete
  • D. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place

Answer: D

 

NEW QUESTION 12
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?

  • A. Your IT auditor has the right to audit the external party's service management processes.
  • B. The third party is certified against ISO/IEC 27001.
  • C. The network communication channel is secured by using encryption.
  • D. The third party is certified for adhering to privacy protection controls.

Answer: A

 

NEW QUESTION 13
An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?

  • A. In finance management procedures
  • B. In legislation
  • C. In company policies

Answer: B

 

NEW QUESTION 14
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?

  • A. Put a phone tap on the employee's business phone
  • B. Investigate the contents of the workstation of the employee
  • C. Seize and investigate the private laptop of the employee
  • D. Investigate the private mailbox of the employee

Answer: B

 

NEW QUESTION 15
A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?

  • A. Using key access controls for employees needing access
  • B. Using access control lists to prevent logical access to organizational infrastructure
  • C. Using a firewall to prevent access to the network infrastructure
  • D. Having visitors sign in and out of the corporate datacenter

Answer: A

 

NEW QUESTION 16
What needs to be decided prior to considering the treatment of risks?

  • A. How to apply appropriate controls to reduce the risks
  • B. Mitigation plans
  • C. The development of own guidelines
  • D. Criteria for determining whether or not the risk can be accepted

Answer: D

 

NEW QUESTION 17
When is revision of an employee's access rights mandatory?

  • A. After any position change
  • B. At all moments stated in the information security policy
  • C. At hire
  • D. At least each year

Answer: B

 

NEW QUESTION 18
When should information security controls be considered?

  • A. As part of the scoping meeting
  • B. During the risk assessment work
  • C. At the kick-off meeting
  • D. After the risk assessment

Answer: D

 

NEW QUESTION 19
The ambition of the security manager is to certify the organization against ISO/IEC 27001.
What is an activity in the certification program?

  • A. Perform a risk assessment of the secure internet connectivity architecture of the datacenter
  • B. Produce a Statement of Applicability based on risk assessments
  • C. Formulate the security requirements in the outsourcing contracts
  • D. Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)

Answer: B

 

NEW QUESTION 20
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?

  • A. The HR department wants to be a Registration Authority (RA).
  • B. The Certificate Authority (CA) is hacked.
  • C. The users lose their public keys.
  • D. The certificate is invalid because it is on a Certificate Revocation List.

Answer: B

 

NEW QUESTION 21
What is the main reason to use a firewall to separate two parts of your internal network?

  • A. To decrease network loads
  • B. To separate areas with different confidentiality requirements
  • C. To enable the installation of an Intrusion Detection System
  • D. To control traffic intensity between two network segments

Answer: B

 

NEW QUESTION 22
......

Penetration testers simulate ISMP exam: https://www.actualvce.com/EXIN/ISMP-valid-vce-dumps.html

 

Related Articles

more
EXIN ISMP Certification Practice Exam