[Aug-2021] Valid Way To Pass EXIN Exam Dumps with ISMP Exam Study Guide [Q14-Q30]

[Aug-2021] Valid Way To Pass EXIN Exam Dumps with ISMP Exam Study Guide

All ISMP Dumps and Information Security Management Professional based on ISO/IEC 27001 Training Courses Help candidates to study and pass the Exams hassle-free!

NEW QUESTION 14
Which security item is designed to take collections of data from multiple computers?

• A. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
• B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
• C. Firewall
• D. Virtual Private Network (VPN)

Answer: A

NEW QUESTION 15
What is the best way to start setting the information security controls?

• A. Implement the security measures as prescribed by a risk analysis tool
• B. Use a standard security baseline
• C. Resort back to the default factory standards

Answer: B

NEW QUESTION 16
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?

• A. Interview top management
• B. Have a brainstorm with representatives of all stakeholders
• C. Send a checklist for threat identification to all staff involved in information security

Answer: B

NEW QUESTION 17
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?

• A. Begin risk remediation immediately as the organization is currently at risk
• B. Remediate the risk regardless of cost
• C. Decide the criteria for determining if the risk can be accepted
• D. Design appropriate controls to reduce the risk

Answer: C

NEW QUESTION 18
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?

• A. Your IT auditor has the right to audit the external party's service management processes.
• B. The third party is certified against ISO/IEC 27001.
• C. The network communication channel is secured by using encryption.
• D. The third party is certified for adhering to privacy protection controls.

Answer: A

NEW QUESTION 19
The ambition of the security manager is to certify the organization against ISO/IEC 27001.
What is an activity in the certification program?

• A. Perform a risk assessment of the secure internet connectivity architecture of the datacenter
• B. Produce a Statement of Applicability based on risk assessments
• C. Formulate the security requirements in the outsourcing contracts
• D. Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)

Answer: B

NEW QUESTION 20
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?

• A. Integrity
• B. Availability
• C. Confidentiality

Answer: B

NEW QUESTION 21
What is the main reason to use a firewall to separate two parts of your internal network?

• A. To decrease network loads
• B. To separate areas with different confidentiality requirements
• C. To enable the installation of an Intrusion Detection System
• D. To control traffic intensity between two network segments

Answer: B

NEW QUESTION 22
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?

• A. Boardroom and general office space
• B. Computer room and storage facility
• C. Lobby and public restaurant
• D. Meeting rooms and Human Resource rooms

Answer: C

NEW QUESTION 23
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

• A. The Board of Directors
• B. The security manager
• C. The operational manager
• D. The user

Answer: B

NEW QUESTION 24
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?

• A. Management and control of the security services
• B. The information security policy, the risk assessment and the controls in the security services
• C. Which security services are provided and in which supporting architectures are they defined

Answer: C

NEW QUESTION 25
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

• A. Log review, consolidation and management
• B. Access criteria and access control mechanisms
• C. System-specific policies for business systems

Answer: B

NEW QUESTION 26
......

Get Latest [Aug-2021] Conduct effective penetration tests using  BraindumpsPrep ISMP