01. A security manager for a large company has the task to achieve physical protection for corporate data stores. Through which control can physical protection be achieved?
a) Having visitors sign in and out of the corporate datacenter
b) Install a firewall to prevent access to the network infrastructure
c) Using key access card controls for employees needing access
d) Writing a policy stating who may have access to the company
02. An operations manager wants some advice about opening a second data center as a hot standby location. What would the information security officer (ISO) advise the operations manager to do?
a) Make sure that network and power supply are made redundant and from different providers
b) Make sure that physical access is only granted to specific operators
c) Make sure that the company will not be a victim of the Patriot Act legislation
d) Make sure that the location has a different physical risk profile than the primary location
03. An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization’s risk appetite. When has the risk assessment program accomplished its primary goal?
a) Once the controls are implemented
b) Once the transference of the risk is complete
c) When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
d) When the risk analysis is completed
04. The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans. Which mitigation plan covers short-term recovery after a security incident has occurred?
a) The business continuity plan (BCP)
b) The disaster recovery plan
c) The incident response plan
d) The risk treatment plan
05. Which security item is designed to take large collections of network-related traffic that can indicate a denial-of-service attack?
a) Firewall
b) Host-based intrusion detection and prevention system (host-based IDPS)
c) Network-based intrusion detection and prevention system (network-based IDPS)
d) Virtual private network (VPN)
06. Why are the security elements in the IT infrastructure important?
a) To enable business continuity of the IT infrastructure
b) To manage information security incidents which impact the IT infrastructure
c) To prevent unauthorized physical access to the IT infrastructure
d) To protect the information assets which are on the IT infrastructure
07. Which is a key element of security strategy development?
a) Description of how the services are being supported
b) Policy that does not conflict with the law of the organization's country
c) Relevant control objectives
d) Return on Investment (ROI)
08. Why is it important to define which security services will be provided?
a) To better align the information security requirements and the customer service
b) To determine the information security strategy of an organization
c) To make sure an organization is compliant with the requirements of ISO/IEC 27001
d) To understand the scope of the information security management system (ISMS)
09. Whose responsibility is it to coordinate an organization’s security awareness program?
a) Everyone in the organization
b) The IT department
c) Information security management
d) The secretary of the CIO
10. Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The security manager of a hotel is responsible for security and is considering different zones for the hotel. What business functions should be combined into one security zone?
a) Boardroom and general office space
b) Fitness area and storage facility
c) Hotel rooms and public bar
d) Public restaurant and lobby
Answers:
Question: 01
Answer: c |
Question: 02
Answer: d |
Question: 03
Answer: c |
Question: 04
Answer: b |
Question: 05
Answer: c |
Question: 06
Answer: d |
Question: 07
Answer: c |
Question: 08
Answer: a |
Question: 09
Answer: c |
Question: 10
Answer: d |
Note: For any error in EXIN Information Security Management Professional based on ISO/IEC 27001 certification exam sample questions, please update us by writing an email on feedback@certfun.com.
The purpose of this Sample Question Set is to provide you with information about the EXIN Information Security Management Professional based on ISO/IEC 27001 (ISMP) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the ISMP certification test. To get familiar with real exam environment, we suggest you try our Sample EXIN ISMP Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EXIN Information Security Management Professional based on ISO/IEC 27001 certification exam.