• Home
  • Articles
  • Best Preparations of ISMP Exam 2021 Information Security Management Unlimited 31 Questions [Q11-Q35]

Best Preparations of ISMP Exam 2021 Information Security Management Unlimited 31 Questions [Q11-Q35]

Share

Best Preparations of ISMP Exam 2021 Information Security Management Unlimited 31 Questions

Focus on ISMP All-in-One Exam Guide For Quick Preparation.

NEW QUESTION 11
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?

  • A. When the risk analysis is completed
  • B. Once the controls are implemented
  • C. Once the transference of the risk is complete
  • D. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place

Answer: D

 

NEW QUESTION 12
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?

  • A. Your IT auditor has the right to audit the external party's service management processes.
  • B. The third party is certified against ISO/IEC 27001.
  • C. The network communication channel is secured by using encryption.
  • D. The third party is certified for adhering to privacy protection controls.

Answer: A

 

NEW QUESTION 13
The security manager of a global company has decided that a risk assessment needs to be completed across the company.
What is the primary objective of the risk assessment?

  • A. Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure
  • B. Identify, quantify and prioritize the scope of this risk assessment
  • C. Identify, quantify and prioritize which controls are going to be used to mitigate risk
  • D. Identify, quantify and prioritize risks against criteria for risk acceptance

Answer: D

 

NEW QUESTION 14
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?

  • A. The security architect will be informed when there is a fire.
  • B. The doors should stay closed in case of fire to prevent access to confidential areas.
  • C. The doors will automatically open in case of fire.

Answer: C

 

NEW QUESTION 15
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?

  • A. Do
  • B. Check
  • C. Plan
  • D. Act

Answer: C

 

NEW QUESTION 16
The ambition of the security manager is to certify the organization against ISO/IEC 27001.
What is an activity in the certification program?

  • A. Perform a risk assessment of the secure internet connectivity architecture of the datacenter
  • B. Produce a Statement of Applicability based on risk assessments
  • C. Formulate the security requirements in the outsourcing contracts
  • D. Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)

Answer: B

 

NEW QUESTION 17
When is revision of an employee's access rights mandatory?

  • A. After any position change
  • B. At all moments stated in the information security policy
  • C. At hire
  • D. At least each year

Answer: B

 

NEW QUESTION 18
What needs to be decided prior to considering the treatment of risks?

  • A. How to apply appropriate controls to reduce the risks
  • B. Mitigation plans
  • C. The development of own guidelines
  • D. Criteria for determining whether or not the risk can be accepted

Answer: D

 

NEW QUESTION 19
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?

  • A. Interview top management
  • B. Have a brainstorm with representatives of all stakeholders
  • C. Send a checklist for threat identification to all staff involved in information security

Answer: B

 

NEW QUESTION 20
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?

  • A. The risk treatment plan
  • B. The disaster recovery plan
  • C. The incident response plan
  • D. The Business Continuity Plan (BCP)

Answer: C

 

NEW QUESTION 21
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?

  • A. Boardroom and general office space
  • B. Computer room and storage facility
  • C. Lobby and public restaurant
  • D. Meeting rooms and Human Resource rooms

Answer: C

 

NEW QUESTION 22
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?

  • A. Maximize RPO
  • B. Reduce RPO
  • C. Reduce RTO
  • D. Reduce the time between RTO and RPO

Answer: B

 

NEW QUESTION 23
......

Guaranteed Success with ISMP Dumps: https://www.real4prep.com/ISMP-exam.html

Related Articles

more
EXIN ISMP Certification Practice Exam