最適な練習法にはISMP問題集で素晴らしいISMP試験問題PDF
更新された検証済みの合格させるISMP試験リアル問題と解答があります
質問 17
What needs to be decided prior to considering the treatment of risks?
- A. Criteria for determining whether or not the risk can be accepted
- B. How to apply appropriate controls to reduce the risks
- C. The development of own guidelines
- D. Mitigation plans
正解: A
質問 18
When should information security controls be considered?
- A. As part of the scoping meeting
- B. During the risk assessment work
- C. At the kick-off meeting
- D. After the risk assessment
正解: D
質問 19
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
- A. Do
- B. Plan
- C. Check
- D. Act
正解: B
質問 20
An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.
Which is the main risk of PKI?
- A. The Certificate Authority (CA) is hacked.
- B. The HR department wants to be a Registration Authority (RA).
- C. The users lose their public keys.
- D. The certificate is invalid because it is on a Certificate Revocation List.
正解: A
質問 21
When is revision of an employee's access rights mandatory?
- A. At least each year
- B. After any position change
- C. At all moments stated in the information security policy
- D. At hire
正解: C
質問 22
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
- A. Lobby and public restaurant
- B. Boardroom and general office space
- C. Computer room and storage facility
- D. Meeting rooms and Human Resource rooms
正解: A
質問 23
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?
- A. Management and control of the security services
- B. Which security services are provided and in which supporting architectures are they defined
- C. The information security policy, the risk assessment and the controls in the security services
正解: B
質問 24
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
- A. Investigate the private mailbox of the employee
- B. Put a phone tap on the employee's business phone
- C. Investigate the contents of the workstation of the employee
- D. Seize and investigate the private laptop of the employee
正解: C
質問 25
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
- A. Decide the criteria for determining if the risk can be accepted
- B. Remediate the risk regardless of cost
- C. Design appropriate controls to reduce the risk
- D. Begin risk remediation immediately as the organization is currently at risk
正解: A
質問 26
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?
- A. To authenticate the owner of the card
- B. To verify the iris of the card owner
- C. To authorize the owner of the card
- D. To identify the role of the card owner
正解: A
質問 27
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?
- A. Send a checklist for threat identification to all staff involved in information security
- B. Interview top management
- C. Have a brainstorm with representatives of all stakeholders
正解: C
質問 28
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
- A. System-specific policies for business systems
- B. Log review, consolidation and management
- C. Access criteria and access control mechanisms
正解: C
質問 29
......
更新されたPDF(2022年最新)実際にある ISMP試験問題:https://www.goshiken.com/EXIN/ISMP-mondaishu.html