Exin Information Security Management Professional based on ISO/IEC 27001 ISMP Exam Practice Test

In a company a personalized smart card is used for both physical and logical access control.

What is the main purpose of the person's picture on the smart card?

The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do-

Check-Act (PDCA) cycle of the ISMS.

In which phase should these controls be described?

What is a risk treatment strategy?

Who should be asked to check compliance with the information security policy throughout the company?

An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.

Where should she look for guidelines first?

What is the best way to start setting the information security controls?

The ambition of the security manager is to certify the organization against ISO/IEC 27001.

What is an activity in the certification program?