Exin ISMP Exam Questions Instant Access - No Installation Required

Question 1

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.

What requirement is in the data recovery policy to realize minimal data loss?

AMaximize RPO

BReduce RPO

CReduce RTO

DReduce the time between RTO and RPO

Answer : B

Question 2

The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.

What is her main argument for this choice?

AOpen designs are easily configured.

BOpen designs have more functionality.

COpen designs are tested extensively.

Answer : C

Question 3

What is the main reason to use a firewall to separate two parts of your internal network?

ATo control traffic intensity between two network segments

BTo decrease network loads

CTo enable the installation of an Intrusion Detection System

DTo separate areas with different confidentiality requirements

Answer : D

Question 4

A protocol to investigate fraud by employees is being designed.

Which measure can be part of this protocol?

ASeize and investigate the private laptop of the employee

BInvestigate the contents of the workstation of the employee

CInvestigate the private mailbox of the employee

DPut a phone tap on the employee's business phone

Answer : B

Question 5

It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a

number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and

external audits.

What component of the audit trail is the most important for an external auditor?

AAccess criteria and access control mechanisms

BLog review, consolidation and management

CSystem-specific policies for business systems

Answer : A

Question 6

A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to

be met. One of the criteria is data classification.

What is the most important classification aspect of the unit price of an object in a 24h webshop?

AConfidentiality

BIntegrity

CAvailability

Answer : C

Question 7

Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.

What should be an important control in the contract?

AThe network communication channel is secured by using encryption.

BThe third party is certified against ISO/IEC 27001.

CThe third party is certified for adhering to privacy protection controls.

DYour IT auditor has the right to audit the external party's service management processes.

Answer : D

Exin Information Security Management Professional based on ISO/IEC 27001 ISMP Exam Questions