Exin ISMP Exam Practice Test Instant Access

Question 1

A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to

be met. One of the criteria is data classification.

What is the most important classification aspect of the unit price of an object in a 24h webshop?

AConfidentiality

BIntegrity

CAvailability

Answer : C

Question 2

What needs to be decided prior to considering the treatment of risks?

ACriteria for determining whether or not the risk can be accepted

BHow to apply appropriate controls to reduce the risks

CMitigation plans

DThe development of own guidelines

Answer : A

Question 3

In a company a personalized smart card is used for both physical and logical access control.

What is the main purpose of the person's picture on the smart card?

ATo authenticate the owner of the card

BTo authorize the owner of the card

CTo identify the role of the card owner

DTo verify the iris of the card owner

Answer : A

Question 4

An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.

When has the risk assessment program accomplished its primary goal?

AOnce the controls are implemented

BOnce the transference of the risk is complete

CWhen decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place

DWhen the risk analysis is completed

Answer : C

Question 5

What is the main reason to use a firewall to separate two parts of your internal network?

ATo control traffic intensity between two network segments

BTo decrease network loads

CTo enable the installation of an Intrusion Detection System

DTo separate areas with different confidentiality requirements

Answer : D

Question 6

An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.

Which is the main risk of PKI?

AThe Certificate Authority (CA) is hacked.

BThe certificate is invalid because it is on a Certificate Revocation List.

CThe users lose their public keys.

DThe HR department wants to be a Registration Authority (RA).

Answer : A

Question 7

A security manager for a large company has the task to achieve physical protection for corporate data stores.

Through which control can physical protection be achieved?

AHaving visitors sign in and out of the corporate datacenter

BUsing a firewall to prevent access to the network infrastructure

CUsing access control lists to prevent logical access to organizational infrastructure

DUsing key access controls for employees needing access

Answer : D

Exin Information Security Management Professional based on ISO/IEC 27001 ISMP Exam Practice Test