2022年02月 EXIN ISMP認定リアル2022年最新の模擬試験合格させます
ISMP試験問題と有効なISMP問題集でPDF
質問 14
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
- A. Investigate the private mailbox of the employee
- B. Put a phone tap on the employee's business phone
- C. Investigate the contents of the workstation of the employee
- D. Seize and investigate the private laptop of the employee
正解: C
質問 15
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?
- A. The disaster recovery plan
- B. The risk treatment plan
- C. The incident response plan
- D. The Business Continuity Plan (BCP)
正解: C
質問 16
What needs to be decided prior to considering the treatment of risks?
- A. Criteria for determining whether or not the risk can be accepted
- B. How to apply appropriate controls to reduce the risks
- C. The development of own guidelines
- D. Mitigation plans
正解: A
質問 17
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?
- A. Send a checklist for threat identification to all staff involved in information security
- B. Interview top management
- C. Have a brainstorm with representatives of all stakeholders
正解: C
質問 18
Who should be asked to check compliance with the information security policy throughout the company?
- A. The same company that checks the yearly financial statement
- B. External forensics investigators
- C. Internal audit department
正解: B
質問 19
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
- A. Availability
- B. Confidentiality
- C. Integrity
正解: A
質問 20
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?
- A. The security architect will be informed when there is a fire.
- B. The doors will automatically open in case of fire.
- C. The doors should stay closed in case of fire to prevent access to confidential areas.
正解: B
質問 21
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
- A. Do
- B. Plan
- C. Check
- D. Act
正解: B
質問 22
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
- A. System-specific policies for business systems
- B. Log review, consolidation and management
- C. Access criteria and access control mechanisms
正解: C
質問 23
What is a risk treatment strategy?
- A. Mobile updates
- B. Risk acceptance
- C. Software installation
- D. Risk exclusion
正解: B
質問 24
The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?
- A. Open designs are easily configured.
- B. Open designs are tested extensively.
- C. Open designs have more functionality.
正解: B
質問 25
What is the best way to start setting the information security controls?
- A. Use a standard security baseline
- B. Resort back to the default factory standards
- C. Implement the security measures as prescribed by a risk analysis tool
正解: A
質問 26
......
ISMP問題集を無料PDFゲットせよ最近更新された問題:https://www.goshiken.com/EXIN/ISMP-mondaishu.html