The Board of Directors of an organization is accountable for obtaining adequate assurance. Who should be responsible for coordinating the information security awareness campaigns?
A. The Board of Directors
B. The operational manager
C. The security manager
D. The user
What is a risk treatment strategy?
A. Mobile updates
B. Risk acceptance
C. Risk exclusion
D. Software installation
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
A. Boardroom and general office space
B. Computer room and storage facility
C. Lobby and public restaurant
D. Meeting rooms and Human Resource rooms
A protocol to investigate fraud by employees is being designed. Which measure can be part of this protocol?
A. Seize and investigate the private laptop of the employee
B. Investigate the contents of the workstation of the employee
C. Investigate the private mailbox of the employee
D. Put a phone tap on the employee's business phone
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e- mails between employees confidential.
Which is the main risk of PKI?
A. The Certificate Authority (CA) is hacked.
B. The certificate is invalid because it is on a Certificate Revocation List.
C. The users lose their public keys.
D. The HR department wants to be a Registration Authority (RA).
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
A. Confidentiality
B. Integrity
C. Availability
What needs to be decided prior to considering the treatment of risks?
A. Criteria for determining whether or not the risk can be accepted
B. How to apply appropriate controls to reduce the risks
C. Mitigation plans
D. The development of own guidelines
Who should be asked to check compliance with the information security policy throughout the company?
A. Internal audit department
B. External forensics investigators
C. The same company that checks the yearly financial statement
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?
A. The network communication channel is secured by using encryption.
B. The third party is certified against ISO/IEC 27001.
C. The third party is certified for adhering to privacy protection controls.
D. Your IT auditor has the right to audit the external party's service management processes.
The security manager of a global company has decided that a risk assessment needs to be completed across the company.
What is the primary objective of the risk assessment?
A. Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure
B. Identify, quantify and prioritize risks against criteria for risk acceptance
C. Identify, quantify and prioritize the scope of this risk assessment
D. Identify, quantify and prioritize which controls are going to be used to mitigate risk
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EXIN exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ISMP exam preparations and EXIN certification application, do not hesitate to visit our Vcedump.com to find your solutions here.