• Home
  • Blogs
  • Verified ISMP dumps Q&As - 100% Pass from Pass4Leader [Q11-Q30]

Verified ISMP dumps Q&As - 100% Pass from Pass4Leader [Q11-Q30]

Share

Verified ISMP dumps Q&As - 100% Pass from Pass4Leader

Pass ISMP Exam in First Attempt Guaranteed 2021 Dumps!

NEW QUESTION 11
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?

  • A. The incident response plan
  • B. The disaster recovery plan
  • C. The Business Continuity Plan (BCP)
  • D. The risk treatment plan

Answer: A

 

NEW QUESTION 12
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

  • A. The security manager
  • B. The Board of Directors
  • C. The user
  • D. The operational manager

Answer: A

 

NEW QUESTION 13
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?

  • A. Act
  • B. Do
  • C. Plan
  • D. Check

Answer: C

 

NEW QUESTION 14
What is a key item that must be kept in mind when designing an enterprise-wide information security program?

  • A. Determine controls in the light of specific risks an organization is facing
  • B. Put an incident management and log file analysis program in place immediately
  • C. Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible
  • D. When defining controls follow an approach and framework that is consistent with organizational culture

Answer: A

 

NEW QUESTION 15
What needs to be decided prior to considering the treatment of risks?

  • A. Mitigation plans
  • B. Criteria for determining whether or not the risk can be accepted
  • C. How to apply appropriate controls to reduce the risks
  • D. The development of own guidelines

Answer: B

 

NEW QUESTION 16
The security manager of a global company has decided that a risk assessment needs to be completed across the company.
What is the primary objective of the risk assessment?

  • A. Identify, quantify and prioritize risks against criteria for risk acceptance
  • B. Identify, quantify and prioritize which controls are going to be used to mitigate risk
  • C. Identify, quantify and prioritize the scope of this risk assessment
  • D. Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure

Answer: A

 

NEW QUESTION 17
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?

  • A. To authorize the owner of the card
  • B. To verify the iris of the card owner
  • C. To identify the role of the card owner
  • D. To authenticate the owner of the card

Answer: D

 

NEW QUESTION 18
A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?

  • A. Using access control lists to prevent logical access to organizational infrastructure
  • B. Using a firewall to prevent access to the network infrastructure
  • C. Having visitors sign in and out of the corporate datacenter
  • D. Using key access controls for employees needing access

Answer: D

 

NEW QUESTION 19
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

  • A. System-specific policies for business systems
  • B. Access criteria and access control mechanisms
  • C. Log review, consolidation and management

Answer: B

 

NEW QUESTION 20
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?

  • A. The Certificate Authority (CA) is hacked.
  • B. The users lose their public keys.
  • C. The HR department wants to be a Registration Authority (RA).
  • D. The certificate is invalid because it is on a Certificate Revocation List.

Answer: A

 

NEW QUESTION 21
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?

  • A. Lobby and public restaurant
  • B. Computer room and storage facility
  • C. Meeting rooms and Human Resource rooms
  • D. Boardroom and general office space

Answer: A

 

NEW QUESTION 22
What is a risk treatment strategy?

  • A. Software installation
  • B. Mobile updates
  • C. Risk acceptance
  • D. Risk exclusion

Answer: C

 

NEW QUESTION 23
......

ISMP Dumps Full Questions - Exam Study Guide: https://www.pass4leader.com/EXIN/ISMP-exam.html

Related Blogs

more
Go To ISMP Questions