[2022] Use Valid Exam ISMP by Test4Cram Books For Free Website
Free Information Security Management ISMP Official Cert Guide PDF Download
NEW QUESTION 17
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?
- A. The security architect will be informed when there is a fire.
- B. The doors will automatically open in case of fire.
- C. The doors should stay closed in case of fire to prevent access to confidential areas.
Answer: B
NEW QUESTION 18
What is the main reason to use a firewall to separate two parts of your internal network?
- A. To enable the installation of an Intrusion Detection System
- B. To control traffic intensity between two network segments
- C. To decrease network loads
- D. To separate areas with different confidentiality requirements
Answer: D
NEW QUESTION 19
When is revision of an employee's access rights mandatory?
- A. At least each year
- B. After any position change
- C. At all moments stated in the information security policy
- D. At hire
Answer: C
NEW QUESTION 20
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
- A. Decide the criteria for determining if the risk can be accepted
- B. Remediate the risk regardless of cost
- C. Design appropriate controls to reduce the risk
- D. Begin risk remediation immediately as the organization is currently at risk
Answer: A
NEW QUESTION 21
Which security item is designed to take collections of data from multiple computers?
- A. Firewall
- B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
- C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
- D. Virtual Private Network (VPN)
Answer: C
NEW QUESTION 22
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
- A. Lobby and public restaurant
- B. Boardroom and general office space
- C. Computer room and storage facility
- D. Meeting rooms and Human Resource rooms
Answer: A
NEW QUESTION 23
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
- A. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
- B. Once the controls are implemented
- C. When the risk analysis is completed
- D. Once the transference of the risk is complete
Answer: A
NEW QUESTION 24
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?
- A. The operational manager
- B. The Board of Directors
- C. The user
- D. The security manager
Answer: D
NEW QUESTION 25
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
- A. System-specific policies for business systems
- B. Log review, consolidation and management
- C. Access criteria and access control mechanisms
Answer: C
NEW QUESTION 26
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?
- A. The disaster recovery plan
- B. The risk treatment plan
- C. The incident response plan
- D. The Business Continuity Plan (BCP)
Answer: C
NEW QUESTION 27
The ambition of the security manager is to certify the organization against ISO/IEC 27001.
What is an activity in the certification program?
- A. Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)
- B. Formulate the security requirements in the outsourcing contracts
- C. Produce a Statement of Applicability based on risk assessments
- D. Perform a risk assessment of the secure internet connectivity architecture of the datacenter
Answer: C
NEW QUESTION 28
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?
- A. The third party is certified for adhering to privacy protection controls.
- B. The third party is certified against ISO/IEC 27001.
- C. Your IT auditor has the right to audit the external party's service management processes.
- D. The network communication channel is secured by using encryption.
Answer: C
NEW QUESTION 29
......
EXIN ISMP Official Cert Guide PDF: https://pass4sure.test4cram.com/ISMP_real-exam-dumps.html