Exin ISMP Exam Practice Test Instant Access

Question 1

A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.

What is the best option for the treatment of risks?

ABegin risk remediation immediately as the organization is currently at risk

BDecide the criteria for determining if the risk can be accepted

CDesign appropriate controls to reduce the risk

DRemediate the risk regardless of cost

Answer : B

Question 2

What is the main reason to use a firewall to separate two parts of your internal network?

ATo control traffic intensity between two network segments

BTo decrease network loads

CTo enable the installation of an Intrusion Detection System

DTo separate areas with different confidentiality requirements

Answer : D

Question 3

Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.

What should be an important control in the contract?

AThe network communication channel is secured by using encryption.

BThe third party is certified against ISO/IEC 27001.

CThe third party is certified for adhering to privacy protection controls.

DYour IT auditor has the right to audit the external party's service management processes.

Answer : D

Question 4

A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants

to access to those areas in case of fire.

What is the best solution to this dilemma?

AThe security architect will be informed when there is a fire.

BThe doors should stay closed in case of fire to prevent access to confidential areas.

CThe doors will automatically open in case of fire.

Answer : C

Question 5

A protocol to investigate fraud by employees is being designed.

Which measure can be part of this protocol?

ASeize and investigate the private laptop of the employee

BInvestigate the contents of the workstation of the employee

CInvestigate the private mailbox of the employee

DPut a phone tap on the employee's business phone

Answer : B

Question 6

What is a risk treatment strategy?

AMobile updates

BRisk acceptance

CRisk exclusion

DSoftware installation

Answer : B

Question 7

It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a

number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and

external audits.

What component of the audit trail is the most important for an external auditor?

AAccess criteria and access control mechanisms

BLog review, consolidation and management

CSystem-specific policies for business systems

Answer : A

Exin ISMP Information Security Management Professional based on ISO/IEC 27001 Exam Practice Test