A risk manager is asked to perform a complete risk assessment for a company. What is the best method to identify most of the threats to the company?
A. Have a brainstorm with representatives of all stakeholders
B. Interview top management
C. Send a checklist for threat identification to all staff involved in information security
What is the best way to start setting the information security controls?
A. Implement the security measures as prescribed by a risk analysis tool
B. Resort back to the default factory standards
C. Use a standard security baseline
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
A. Begin risk remediation immediately as the organization is currently at risk
B. Decide the criteria for determining if the risk can be accepted
C. Design appropriate controls to reduce the risk
D. Remediate the risk regardless of cost
A security architect argues with the internal fire prevention team about the statement in the information
security policy, that doors to confidential areas should be locked at all times.
The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?
A. The security architect will be informed when there is a fire.
B. The doors should stay closed in case of fire to prevent access to confidential areas.
C. The doors will automatically open in case of fire.
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?
A. The Business Continuity Plan (BCP)
B. The disaster recovery plan
C. The incident response plan
D. The risk treatment plan
A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?
A. Having visitors sign in and out of the corporate datacenter
B. Using a firewall to prevent access to the network infrastructure
C. Using access control lists to prevent logical access to organizational infrastructure
D. Using key access controls for employees needing access
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do-Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
A. Plan
B. Do
C. Check
D. Act
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
A. Once the controls are implemented
B. Once the transference of the risk is complete
C. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
D. When the risk analysis is completed
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?
A. Management and control of the security services
B. The information security policy, the risk assessment and the controls in the security services
C. Which security services are provided and in which supporting architectures are they defined
In a company a personalized smart card is used for both physical and logical access control. What is the main purpose of the person's picture on the smart card?
A. To authenticate the owner of the card
B. To authorize the owner of the card
C. To identify the role of the card owner
D. To verify the iris of the card owner
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EXIN exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ISMP exam preparations and EXIN certification application, do not hesitate to visit our Vcedump.com to find your solutions here.