2022 Easily pass ISMP Exam with our Dumps & PDF Test Engine [Q14-Q30]

4/5 - (1 vote)

2022 Easily pass ISMP Exam with our Dumps & PDF Test Engine

ISMP PDF Pass Leader, ISMP Latest Real Test

NO.14 What is a risk treatment strategy?

Mobile updates

Risk acceptance

Risk exclusion

Software installation

NO.15 Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?

Maximize RPO

Reduce RPO

Reduce RTO

Reduce the time between RTO and RPO

NO.16 Which security item is designed to take collections of data from multiple computers?

Firewall

Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)

Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)

Virtual Private Network (VPN)

NO.17 What is the best way to start setting the information security controls?

Resort back to the default factory standards

Use a standard security baseline

Implement the security measures as prescribed by a risk analysis tool

NO.18 A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?

Having visitors sign in and out of the corporate datacenter

Using a firewall to prevent access to the network infrastructure

Using access control lists to prevent logical access to organizational infrastructure

Using key access controls for employees needing access

NO.19 What needs to be decided prior to considering the treatment of risks?

Criteria for determining whether or not the risk can be accepted

How to apply appropriate controls to reduce the risks

Mitigation plans

The development of own guidelines

NO.20 An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?

The Certificate Authority (CA) is hacked.

The certificate is invalid because it is on a Certificate Revocation List.

The users lose their public keys.

The HR department wants to be a Registration Authority (RA).

NO.21 An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?

In company policies

In finance management procedures

In legislation

NO.22 Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?

The network communication channel is secured by using encryption.

The third party is certified against ISO/IEC 27001.

The third party is certified for adhering to privacy protection controls.

Your IT auditor has the right to audit the external party’s service management processes.

NO.23 The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

The Board of Directors

The operational manager

The security manager

The user

NO.24 An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization’s risk appetite.
When has the risk assessment program accomplished its primary goal?

Once the controls are implemented

Once the transference of the risk is complete

When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place

When the risk analysis is completed

NO.25 The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?

Open designs are easily configured.

Open designs have more functionality.

Open designs are tested extensively.

Loading …

ISMP Dumps Ensure Your Passing: https://www.prepawaytest.com/EXIN/ISMP-practice-exam-dumps.html

Leave a Reply Cancel reply