• Home
  • Articles
  • [Q15-Q33] Real Exam Questions ISMP Dumps Exam Questions in here [Jan-2022]

[Q15-Q33] Real Exam Questions ISMP Dumps Exam Questions in here [Jan-2022]

Share

Real Exam Questions ISMP Dumps Exam Questions in here [Jan-2022]

Get Latest Jan-2022 Conduct effective penetration tests using  ISMP

NEW QUESTION 15
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?

  • A. The Certificate Authority (CA) is hacked.
  • B. The users lose their public keys.
  • C. The HR department wants to be a Registration Authority (RA).
  • D. The certificate is invalid because it is on a Certificate Revocation List.

Answer: A

 

NEW QUESTION 16
When is revision of an employee's access rights mandatory?

  • A. At hire
  • B. At least each year
  • C. At all moments stated in the information security policy
  • D. After any position change

Answer: C

 

NEW QUESTION 17
Who should be asked to check compliance with the information security policy throughout the company?

  • A. Internal audit department
  • B. The same company that checks the yearly financial statement
  • C. External forensics investigators

Answer: C

 

NEW QUESTION 18
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?

  • A. Confidentiality
  • B. Availability
  • C. Integrity

Answer: B

 

NEW QUESTION 19
What is a key item that must be kept in mind when designing an enterprise-wide information security program?

  • A. Determine controls in the light of specific risks an organization is facing
  • B. Put an incident management and log file analysis program in place immediately
  • C. Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible
  • D. When defining controls follow an approach and framework that is consistent with organizational culture

Answer: A

 

NEW QUESTION 20
When should information security controls be considered?

  • A. During the risk assessment work
  • B. After the risk assessment
  • C. As part of the scoping meeting
  • D. At the kick-off meeting

Answer: B

 

NEW QUESTION 21
An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?

  • A. In finance management procedures
  • B. In company policies
  • C. In legislation

Answer: C

 

NEW QUESTION 22
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?

  • A. The incident response plan
  • B. The disaster recovery plan
  • C. The Business Continuity Plan (BCP)
  • D. The risk treatment plan

Answer: A

 

NEW QUESTION 23
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?

  • A. The doors will automatically open in case of fire.
  • B. The security architect will be informed when there is a fire.
  • C. The doors should stay closed in case of fire to prevent access to confidential areas.

Answer: A

 

NEW QUESTION 24
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?

  • A. Which security services are provided and in which supporting architectures are they defined
  • B. The information security policy, the risk assessment and the controls in the security services
  • C. Management and control of the security services

Answer: A

 

NEW QUESTION 25
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?

  • A. Investigate the contents of the workstation of the employee
  • B. Seize and investigate the private laptop of the employee
  • C. Put a phone tap on the employee's business phone
  • D. Investigate the private mailbox of the employee

Answer: A

 

NEW QUESTION 26
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

  • A. System-specific policies for business systems
  • B. Access criteria and access control mechanisms
  • C. Log review, consolidation and management

Answer: B

 

NEW QUESTION 27
......

Authentic Best resources for ISMP Online Practice Exam: https://www.prep4sureexam.com/ISMP-dumps-torrent.html

Related Articles

more
EXIN ISMP Certification Practice Exam

Copyright © 2026 Prep4sureExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy