Practice Examples and Dumps & Tips for 2022 Latest ISMP Valid Tests Dumps [Q14-Q37]

Practice Examples and Dumps & Tips for 2022 Latest ISMP Valid Tests Dumps

Latest [Jan 22, 2022] 100% Passing Guarantee - Brilliant ISMP Exam Questions PDF

NEW QUESTION 14
An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?

• A. In company policies
• B. In legislation
• C. In finance management procedures

Answer: B

 

NEW QUESTION 15
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?

• A. To verify the iris of the card owner
• B. To authorize the owner of the card
• C. To authenticate the owner of the card
• D. To identify the role of the card owner

Answer: C

 

NEW QUESTION 16
The security manager of a global company has decided that a risk assessment needs to be completed across the company.
What is the primary objective of the risk assessment?

• A. Identify, quantify and prioritize which controls are going to be used to mitigate risk
• B. Identify, quantify and prioritize risks against criteria for risk acceptance
• C. Identify, quantify and prioritize the scope of this risk assessment
• D. Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure

Answer: B

 

NEW QUESTION 17
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?

• A. The doors should stay closed in case of fire to prevent access to confidential areas.
• B. The security architect will be informed when there is a fire.
• C. The doors will automatically open in case of fire.

Answer: C

 

NEW QUESTION 18
The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?

• A. Open designs have more functionality.
• B. Open designs are tested extensively.
• C. Open designs are easily configured.

Answer: B

 

NEW QUESTION 19
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?

• A. The disaster recovery plan
• B. The incident response plan
• C. The risk treatment plan
• D. The Business Continuity Plan (BCP)

Answer: B

 

NEW QUESTION 20
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?

• A. Remediate the risk regardless of cost
• B. Begin risk remediation immediately as the organization is currently at risk
• C. Design appropriate controls to reduce the risk
• D. Decide the criteria for determining if the risk can be accepted

Answer: D

 

NEW QUESTION 21
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

• A. Log review, consolidation and management
• B. Access criteria and access control mechanisms
• C. System-specific policies for business systems

Answer: B

 

NEW QUESTION 22
What needs to be decided prior to considering the treatment of risks?

• A. Mitigation plans
• B. Criteria for determining whether or not the risk can be accepted
• C. The development of own guidelines
• D. How to apply appropriate controls to reduce the risks

Answer: B

 

NEW QUESTION 23
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?

• A. Interview top management
• B. Have a brainstorm with representatives of all stakeholders
• C. Send a checklist for threat identification to all staff involved in information security

Answer: B

 

NEW QUESTION 24
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?

• A. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
• B. Once the controls are implemented
• C. Once the transference of the risk is complete
• D. When the risk analysis is completed

Answer: A

 

NEW QUESTION 25
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?

• A. Computer room and storage facility
• B. Lobby and public restaurant
• C. Boardroom and general office space
• D. Meeting rooms and Human Resource rooms

Answer: B

 

NEW QUESTION 26
......

ISMP are Available for Instant Access: https://exam-labs.prep4sureguide.com/ISMP-prep4sure-exam-guide.html