• Home
  • Articles
  • EXIN ISMP Real 2022 Braindumps Mock Exam Dumps [Q13-Q37]

EXIN ISMP Real 2022 Braindumps Mock Exam Dumps [Q13-Q37]

Share

EXIN ISMP Real 2022 Braindumps Mock Exam Dumps

ISMP Exam Questions | Real ISMP Practice Dumps

NEW QUESTION 13
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?

  • A. Decide the criteria for determining if the risk can be accepted
  • B. Remediate the risk regardless of cost
  • C. Design appropriate controls to reduce the risk
  • D. Begin risk remediation immediately as the organization is currently at risk

Answer: A

 

NEW QUESTION 14
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

  • A. The operational manager
  • B. The Board of Directors
  • C. The user
  • D. The security manager

Answer: D

 

NEW QUESTION 15
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?

  • A. Send a checklist for threat identification to all staff involved in information security
  • B. Interview top management
  • C. Have a brainstorm with representatives of all stakeholders

Answer: C

 

NEW QUESTION 16
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?

  • A. Investigate the private mailbox of the employee
  • B. Put a phone tap on the employee's business phone
  • C. Investigate the contents of the workstation of the employee
  • D. Seize and investigate the private laptop of the employee

Answer: C

 

NEW QUESTION 17
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?

  • A. To authenticate the owner of the card
  • B. To verify the iris of the card owner
  • C. To authorize the owner of the card
  • D. To identify the role of the card owner

Answer: A

 

NEW QUESTION 18
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?

  • A. The Certificate Authority (CA) is hacked.
  • B. The HR department wants to be a Registration Authority (RA).
  • C. The users lose their public keys.
  • D. The certificate is invalid because it is on a Certificate Revocation List.

Answer: A

 

NEW QUESTION 19
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?

  • A. Management and control of the security services
  • B. Which security services are provided and in which supporting architectures are they defined
  • C. The information security policy, the risk assessment and the controls in the security services

Answer: B

 

NEW QUESTION 20
What needs to be decided prior to considering the treatment of risks?

  • A. Criteria for determining whether or not the risk can be accepted
  • B. How to apply appropriate controls to reduce the risks
  • C. The development of own guidelines
  • D. Mitigation plans

Answer: A

 

NEW QUESTION 21
When is revision of an employee's access rights mandatory?

  • A. At least each year
  • B. After any position change
  • C. At all moments stated in the information security policy
  • D. At hire

Answer: C

 

NEW QUESTION 22
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?

  • A. The third party is certified for adhering to privacy protection controls.
  • B. The third party is certified against ISO/IEC 27001.
  • C. Your IT auditor has the right to audit the external party's service management processes.
  • D. The network communication channel is secured by using encryption.

Answer: C

 

NEW QUESTION 23
What is a risk treatment strategy?

  • A. Mobile updates
  • B. Risk acceptance
  • C. Software installation
  • D. Risk exclusion

Answer: B

 

NEW QUESTION 24
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?

  • A. Availability
  • B. Confidentiality
  • C. Integrity

Answer: A

 

NEW QUESTION 25
......

Verified ISMP Exam Dumps Q&As - Provide ISMP with Correct Answers: https://www.lead2passexam.com/EXIN/valid-ISMP-exam-dumps.html

Related Articles

more
EXIN ISMP Certification Practice Exam