Exin ISMP Exam Practice Test Instant Access

Question 1

The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do-

Check-Act (PDCA) cycle of the ISMS.

In which phase should these controls be described?

APlan

BDo

CCheck

DAct

Answer : A

Question 2

The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.

What is her main argument for this choice?

AOpen designs are easily configured.

BOpen designs have more functionality.

COpen designs are tested extensively.

Answer : C

Question 3

In a company a personalized smart card is used for both physical and logical access control.

What is the main purpose of the person's picture on the smart card?

ATo authenticate the owner of the card

BTo authorize the owner of the card

CTo identify the role of the card owner

DTo verify the iris of the card owner

Answer : A

Question 4

It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a

number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and

external audits.

What component of the audit trail is the most important for an external auditor?

AAccess criteria and access control mechanisms

BLog review, consolidation and management

CSystem-specific policies for business systems

Answer : A

Question 5

A risk manager is asked to perform a complete risk assessment for a company.

What is the best method to identify most of the threats to the company?

AHave a brainstorm with representatives of all stakeholders

BInterview top management

CSend a checklist for threat identification to all staff involved in information security

Answer : A

Question 6

In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security

architecture.

Which elements should the security architect draft?

AManagement and control of the security services

BThe information security policy, the risk assessment and the controls in the security services

CWhich security services are provided and in which supporting architectures are they defined

Answer : C

Question 7

A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants

to access to those areas in case of fire.

What is the best solution to this dilemma?

AThe security architect will be informed when there is a fire.

BThe doors should stay closed in case of fire to prevent access to confidential areas.

CThe doors will automatically open in case of fire.

Answer : C

Exin Information Security Management Professional based on ISO/IEC 27001 ISMP Exam Practice Test