
ISMP Dumps Updated Jan 12, 2022 Practice Test and 31 unique questions
2022 Latest 100% Exam Passing Ratio - ISMP Dumps PDF
NEW QUESTION 13
An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?
- A. In finance management procedures
- B. In company policies
- C. In legislation
Answer: C
NEW QUESTION 14
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
- A. Act
- B. Do
- C. Plan
- D. Check
Answer: C
NEW QUESTION 15
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?
- A. Your IT auditor has the right to audit the external party's service management processes.
- B. The network communication channel is secured by using encryption.
- C. The third party is certified against ISO/IEC 27001.
- D. The third party is certified for adhering to privacy protection controls.
Answer: A
NEW QUESTION 16
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
- A. Lobby and public restaurant
- B. Computer room and storage facility
- C. Meeting rooms and Human Resource rooms
- D. Boardroom and general office space
Answer: A
NEW QUESTION 17
What is the best way to start setting the information security controls?
- A. Resort back to the default factory standards
- B. Use a standard security baseline
- C. Implement the security measures as prescribed by a risk analysis tool
Answer: B
NEW QUESTION 18
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?
- A. Send a checklist for threat identification to all staff involved in information security
- B. Have a brainstorm with representatives of all stakeholders
- C. Interview top management
Answer: B
NEW QUESTION 19
Which security item is designed to take collections of data from multiple computers?
- A. Firewall
- B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
- C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
- D. Virtual Private Network (VPN)
Answer: C
NEW QUESTION 20
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?
- A. To authorize the owner of the card
- B. To verify the iris of the card owner
- C. To identify the role of the card owner
- D. To authenticate the owner of the card
Answer: D
NEW QUESTION 21
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
- A. When the risk analysis is completed
- B. Once the controls are implemented
- C. Once the transference of the risk is complete
- D. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
Answer: D
NEW QUESTION 22
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?
- A. Reduce the time between RTO and RPO
- B. Maximize RPO
- C. Reduce RTO
- D. Reduce RPO
Answer: D
NEW QUESTION 23
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
- A. Investigate the contents of the workstation of the employee
- B. Seize and investigate the private laptop of the employee
- C. Put a phone tap on the employee's business phone
- D. Investigate the private mailbox of the employee
Answer: A
NEW QUESTION 24
When should information security controls be considered?
- A. During the risk assessment work
- B. After the risk assessment
- C. As part of the scoping meeting
- D. At the kick-off meeting
Answer: B
NEW QUESTION 25
......
Verified ISMP dumps Q&As - 100% Pass from CertkingdomPDF: https://www.certkingdompdf.com/ISMP-latest-certkingdom-dumps.html