Exin ISMP Exam Questions Instant Access - No Installation Required

Question 1

What is a key item that must be kept in mind when designing an enterprise-wide information security program?

AWhen defining controls follow an approach and framework that is consistent with organizational culture

BDetermine controls in the light of specific risks an organization is facing

CPut an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible

DPut an incident management and log file analysis program in place immediately

Answer : B

Question 2

When should information security controls be considered?

AAfter the risk assessment

BAs part of the scoping meeting

CAt the kick-off meeting

DDuring the risk assessment work

Answer : A

Question 3

What is the best way to start setting the information security controls?

AImplement the security measures as prescribed by a risk analysis tool

BResort back to the default factory standards

CUse a standard security baseline

Answer : C

Question 4

The Board of Directors of an organization is accountable for obtaining adequate assurance.

Who should be responsible for coordinating the information security awareness campaigns?

AThe Board of Directors

BThe operational manager

CThe security manager

DThe user

Answer : C

Question 5

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.

What requirement is in the data recovery policy to realize minimal data loss?

AMaximize RPO

BReduce RPO

CReduce RTO

DReduce the time between RTO and RPO

Answer : B

Question 6

When is revision of an employee's access rights mandatory?

AAfter any position change

BAt hire

CAt least each year

DAt all moments stated in the information security policy

Answer : D

Question 7

An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.

Where should she look for guidelines first?

AIn company policies

BIn finance management procedures

CIn legislation

Answer : C

Exin Information Security Management Professional based on ISO/IEC 27001 ISMP Exam Questions