It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
A. Access criteria and access control mechanisms
B. Log review, consolidation and management
C. System-specific policies for business systems
Which security item is designed to take collections of data from multiple computers?
A. Firewall
B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
D. Virtual Private Network (VPN)
The ambition of the security manager is to certify the organization against ISO/IEC 27001. What is an activity in the certification program?
A. Formulate the security requirements in the outsourcing contracts
B. Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)
C. Perform a risk assessment of the secure internet connectivity architecture of the datacenter
D. Produce a Statement of Applicability based on risk assessments
What is the main reason to use a firewall to separate two parts of your internal network?
A. To control traffic intensity between two network segments
B. To decrease network loads
C. To enable the installation of an Intrusion Detection System
D. To separate areas with different confidentiality requirements
When is revision of an employee's access rights mandatory?
A. After any position change
B. At hire
C. At least each year
D. At all moments stated in the information security policy
What is a key item that must be kept in mind when designing an enterprise-wide information security program?
A. When defining controls follow an approach and framework that is consistent with organizational culture
B. Determine controls in the light of specific risks an organization is facing
C. Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible
D. Put an incident management and log file analysis program in place immediately
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?
A. Maximize RPO
B. Reduce RPO
C. Reduce RTO
D. Reduce the time between RTO and RPO
When should information security controls be considered?
A. After the risk assessment
B. As part of the scoping meeting
C. At the kick-off meeting
D. During the risk assessment work
The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?
A. Open designs are easily configured.
B. Open designs have more functionality.
C. Open designs are tested extensively.
An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?
A. In company policies
B. In finance management procedures
C. In legislation
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EXIN exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ISMP exam preparations and EXIN certification application, do not hesitate to visit our Vcedump.com to find your solutions here.