Exin ISMP Exam Practice Test Instant Access

Question 1

What is the best way to start setting the information security controls?

AImplement the security measures as prescribed by a risk analysis tool

BResort back to the default factory standards

CUse a standard security baseline

Answer : C

Question 2

Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.

What should be an important control in the contract?

AThe network communication channel is secured by using encryption.

BThe third party is certified against ISO/IEC 27001.

CThe third party is certified for adhering to privacy protection controls.

DYour IT auditor has the right to audit the external party's service management processes.

Answer : D

Question 3

What needs to be decided prior to considering the treatment of risks?

ACriteria for determining whether or not the risk can be accepted

BHow to apply appropriate controls to reduce the risks

CMitigation plans

DThe development of own guidelines

Answer : A

Question 4

The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do-

Check-Act (PDCA) cycle of the ISMS.

In which phase should these controls be described?

APlan

BDo

CCheck

DAct

Answer : A

Question 5

The ambition of the security manager is to certify the organization against ISO/IEC 27001.

What is an activity in the certification program?

AFormulate the security requirements in the outsourcing contracts

BImplement the security baselines in Secure Systems Development Life Cycle (SecSDLC)

CPerform a risk assessment of the secure internet connectivity architecture of the datacenter

DProduce a Statement of Applicability based on risk assessments

Answer : D

Question 6

The Board of Directors of an organization is accountable for obtaining adequate assurance.

Who should be responsible for coordinating the information security awareness campaigns?

AThe Board of Directors

BThe operational manager

CThe security manager

DThe user

Answer : C

Question 7

A protocol to investigate fraud by employees is being designed.

Which measure can be part of this protocol?

ASeize and investigate the private laptop of the employee

BInvestigate the contents of the workstation of the employee

CInvestigate the private mailbox of the employee

DPut a phone tap on the employee's business phone

Answer : B