[Jun-2022] Pass EXIN ISMP Tests Engine pdf - All Free Dumps [Q18-Q38]

Rate this post

[Jun-2022] Pass EXIN ISMP Tests Engine pdf – All Free Dumps

Information Security Management Professional based on ISO/IEC 27001 Practice Tests 2022 | Pass ISMP with confidence!

NEW QUESTION 18
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?

Seize and investigate the private laptop of the employee

Investigate the contents of the workstation of the employee

Investigate the private mailbox of the employee

Put a phone tap on the employee’s business phone

NEW QUESTION 19
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

The Board of Directors

The operational manager

The security manager

The user

NEW QUESTION 20
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

Access criteria and access control mechanisms

Log review, consolidation and management

System-specific policies for business systems

NEW QUESTION 21
What is a key item that must be kept in mind when designing an enterprise-wide information security program?

When defining controls follow an approach and framework that is consistent with organizational culture

Determine controls in the light of specific risks an organization is facing

Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible

Put an incident management and log file analysis program in place immediately

NEW QUESTION 22
What is the main reason to use a firewall to separate two parts of your internal network?

To control traffic intensity between two network segments

To decrease network loads

To enable the installation of an Intrusion Detection System

To separate areas with different confidentiality requirements

NEW QUESTION 23
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization’s risk appetite.
When has the risk assessment program accomplished its primary goal?

Once the controls are implemented

Once the transference of the risk is complete

When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place

When the risk analysis is completed

NEW QUESTION 24
Which security item is designed to take collections of data from multiple computers?

Firewall

Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)

Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)

Virtual Private Network (VPN)

NEW QUESTION 25
Who should be asked to check compliance with the information security policy throughout the company?

Internal audit department

External forensics investigators

The same company that checks the yearly financial statement

NEW QUESTION 26
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?

The Certificate Authority (CA) is hacked.

The certificate is invalid because it is on a Certificate Revocation List.

The users lose their public keys.

The HR department wants to be a Registration Authority (RA).

NEW QUESTION 27
The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?

Open designs are easily configured.

Open designs have more functionality.

Open designs are tested extensively.

NEW QUESTION 28
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?

Have a brainstorm with representatives of all stakeholders

Interview top management

Send a checklist for threat identification to all staff involved in information security

NEW QUESTION 29
The ambition of the security manager is to certify the organization against ISO/IEC 27001.
What is an activity in the certification program?

Formulate the security requirements in the outsourcing contracts

Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)

Perform a risk assessment of the secure internet connectivity architecture of the datacenter

Produce a Statement of Applicability based on risk assessments

Loading …