Exin ismp practice test

Information Security Management Professional based on ISO/IEC 27001 Exam


Question 1

What is the best way to start setting the information security controls?

  • A. Implement the security measures as prescribed by a risk analysis tool
  • B. Resort back to the default factory standards
  • C. Use a standard security baseline
Answer:

C

Discussions
0 / 600

Question 2

Security monitoring is an important control measure to make sure that the required security level is
maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner
in the cloud.
What should be an important control in the contract?

  • A. The network communication channel is secured by using encryption.
  • B. The third party is certified against ISO/IEC 27001.
  • C. The third party is certified for adhering to privacy protection controls.
  • D. Your IT auditor has the right to audit the external party's service management processes.
Answer:

D

Discussions
0 / 600

Question 3

What needs to be decided prior to considering the treatment of risks?

  • A. Criteria for determining whether or not the risk can be accepted
  • B. How to apply appropriate controls to reduce the risks
  • C. Mitigation plans
  • D. The development of own guidelines
Answer:

A

Discussions
0 / 600

Question 4

The information security manager is writing the Information Security Management System (ISMS)
documentation. The controls that are to be implemented must be described in one of the phases of
the
Plan-Do-
Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?

  • A. Plan
  • B. Do
  • C. Check
  • D. Act
Answer:

A

Discussions
0 / 600

Question 5

The ambition of the security manager is to certify the organization against ISO/IEC 27001.
What is an activity in the certification program?

  • A. Formulate the security requirements in the outsourcing contracts
  • B. Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)
  • C. Perform a risk assessment of the secure internet connectivity architecture of the datacenter
  • D. Produce a Statement of Applicability based on risk assessments
Answer:

D

Discussions
0 / 600

Question 6

The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

  • A. The Board of Directors
  • B. The operational manager
  • C. The security manager
  • D. The user
Answer:

C

Discussions
0 / 600

Question 7

A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?

  • A. Seize and investigate the private laptop of the employee
  • B. Investigate the contents of the workstation of the employee
  • C. Investigate the private mailbox of the employee
  • D. Put a phone tap on the employee's business phone
Answer:

B

Discussions
0 / 600

Question 8

What is a risk treatment strategy?

  • A. Mobile updates
  • B. Risk acceptance
  • C. Risk exclusion
  • D. Software installation
Answer:

B

Discussions
0 / 600

Question 9

An experienced security manager is well aware of the risks related to communication over the
internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between
employees confidential.
Which is the main risk of PKI?

  • A. The Certificate Authority (CA) is hacked.
  • B. The certificate is invalid because it is on a Certificate Revocation List.
  • C. The users lose their public keys.
  • D. The HR department wants to be a Registration Authority (RA).
Answer:

A

Discussions
0 / 600

Question 10

A security manager for a large company has the task to achieve physical protection for corporate
data stores.
Through which control can physical protection be achieved?

  • A. Having visitors sign in and out of the corporate datacenter
  • B. Using a firewall to prevent access to the network infrastructure
  • C. Using access control lists to prevent logical access to organizational infrastructure
  • D. Using key access controls for employees needing access
Answer:

D

Discussions
0 / 600
To page 2