
[2021] ISMP Actual Exam Dumps, ISMP Practice Test
CertkingdomPDF ISMP dumps & Information Security Management sure practice dumps
NEW QUESTION 17
The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?
- A. Open designs have more functionality.
- B. Open designs are easily configured.
- C. Open designs are tested extensively.
Answer: C
NEW QUESTION 18
What is a risk treatment strategy?
- A. Software installation
- B. Mobile updates
- C. Risk acceptance
- D. Risk exclusion
Answer: C
NEW QUESTION 19
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
- A. When the risk analysis is completed
- B. Once the controls are implemented
- C. Once the transference of the risk is complete
- D. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
Answer: D
NEW QUESTION 20
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?
- A. Reduce the time between RTO and RPO
- B. Maximize RPO
- C. Reduce RTO
- D. Reduce RPO
Answer: D
NEW QUESTION 21
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?
- A. Which security services are provided and in which supporting architectures are they defined
- B. The information security policy, the risk assessment and the controls in the security services
- C. Management and control of the security services
Answer: A
NEW QUESTION 22
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?
- A. The security manager
- B. The Board of Directors
- C. The user
- D. The operational manager
Answer: A
NEW QUESTION 23
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
- A. System-specific policies for business systems
- B. Access criteria and access control mechanisms
- C. Log review, consolidation and management
Answer: B
NEW QUESTION 24
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
- A. Remediate the risk regardless of cost
- B. Decide the criteria for determining if the risk can be accepted
- C. Design appropriate controls to reduce the risk
- D. Begin risk remediation immediately as the organization is currently at risk
Answer: B
NEW QUESTION 25
The security manager of a global company has decided that a risk assessment needs to be completed across the company.
What is the primary objective of the risk assessment?
- A. Identify, quantify and prioritize risks against criteria for risk acceptance
- B. Identify, quantify and prioritize which controls are going to be used to mitigate risk
- C. Identify, quantify and prioritize the scope of this risk assessment
- D. Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure
Answer: A
NEW QUESTION 26
Which security item is designed to take collections of data from multiple computers?
- A. Firewall
- B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
- C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
- D. Virtual Private Network (VPN)
Answer: C
NEW QUESTION 27
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?
- A. The Certificate Authority (CA) is hacked.
- B. The users lose their public keys.
- C. The HR department wants to be a Registration Authority (RA).
- D. The certificate is invalid because it is on a Certificate Revocation List.
Answer: A
NEW QUESTION 28
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
- A. Act
- B. Do
- C. Plan
- D. Check
Answer: C
NEW QUESTION 29
......
ISMP Actual Questions and Braindumps: https://www.certkingdompdf.com/ISMP-latest-certkingdom-dumps.html