• Home
  • Articles
  • EXIN ISMP Practice Exam - 31 Unique Questions [Q12-Q30]

EXIN ISMP Practice Exam - 31 Unique Questions [Q12-Q30]

Share

EXIN ISMP Practice Exam - 31 Unique Questions

Latest Questions ISMP Guide to Prepare Free Practice Tests

NEW QUESTION 12
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?

  • A. Interview top management
  • B. Send a checklist for threat identification to all staff involved in information security
  • C. Have a brainstorm with representatives of all stakeholders

Answer: C

 

NEW QUESTION 13
Who should be asked to check compliance with the information security policy throughout the company?

  • A. External forensics investigators
  • B. Internal audit department
  • C. The same company that checks the yearly financial statement

Answer: A

 

NEW QUESTION 14
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?

  • A. Maximize RPO
  • B. Reduce the time between RTO and RPO
  • C. Reduce RPO
  • D. Reduce RTO

Answer: C

 

NEW QUESTION 15
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?

  • A. Plan
  • B. Check
  • C. Do
  • D. Act

Answer: A

 

NEW QUESTION 16
The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?

  • A. Open designs have more functionality.
  • B. Open designs are easily configured.
  • C. Open designs are tested extensively.

Answer: C

 

NEW QUESTION 17
A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?

  • A. Using access control lists to prevent logical access to organizational infrastructure
  • B. Having visitors sign in and out of the corporate datacenter
  • C. Using a firewall to prevent access to the network infrastructure
  • D. Using key access controls for employees needing access

Answer: D

 

NEW QUESTION 18
What is a key item that must be kept in mind when designing an enterprise-wide information security program?

  • A. Determine controls in the light of specific risks an organization is facing
  • B. Put an incident management and log file analysis program in place immediately
  • C. Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible
  • D. When defining controls follow an approach and framework that is consistent with organizational culture

Answer: A

 

NEW QUESTION 19
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?

  • A. Lobby and public restaurant
  • B. Computer room and storage facility
  • C. Meeting rooms and Human Resource rooms
  • D. Boardroom and general office space

Answer: A

 

NEW QUESTION 20
The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

  • A. The user
  • B. The operational manager
  • C. The Board of Directors
  • D. The security manager

Answer: D

 

NEW QUESTION 21
The ambition of the security manager is to certify the organization against ISO/IEC 27001.
What is an activity in the certification program?

  • A. Formulate the security requirements in the outsourcing contracts
  • B. Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)
  • C. Produce a Statement of Applicability based on risk assessments
  • D. Perform a risk assessment of the secure internet connectivity architecture of the datacenter

Answer: C

 

NEW QUESTION 22
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?

  • A. To verify the iris of the card owner
  • B. To authorize the owner of the card
  • C. To authenticate the owner of the card
  • D. To identify the role of the card owner

Answer: C

 

NEW QUESTION 23
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?

  • A. The information security policy, the risk assessment and the controls in the security services
  • B. Management and control of the security services
  • C. Which security services are provided and in which supporting architectures are they defined

Answer: C

 

NEW QUESTION 24
......

Correct and Up-to-date EXIN ISMP BrainDumps: https://pass4sure.prep4cram.com/ISMP-exam-cram.html

Related Articles

more
EXIN ISMP Certification Practice Exam

Prep4cram is an excellent team of professionals that provide all of the best exam cram sheets and exam preparations that will help you magnificently prepare for certification exams. Our passing rate of exam prep is higher and higher.

Latest Exam Cram

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Prep4cram NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy