EXIN ISMP日常練習試験は2022年最新のに更新された31問あります
有効問題を試そう!ISMP試験で実際の試験問題と解答
質問 12
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do- Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
- A. Do
- B. Plan
- C. Check
- D. Act
正解: B
質問 13
The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.
Which mitigation plan covers short-term recovery after a security incident has occurred?
- A. The disaster recovery plan
- B. The risk treatment plan
- C. The incident response plan
- D. The Business Continuity Plan (BCP)
正解: C
質問 14
Who should be asked to check compliance with the information security policy throughout the company?
- A. The same company that checks the yearly financial statement
- B. External forensics investigators
- C. Internal audit department
正解: B
質問 15
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
- A. When decision makers have been informed of uncontrolled risks and proper authority groups decide to leave the risks in place
- B. Once the controls are implemented
- C. When the risk analysis is completed
- D. Once the transference of the risk is complete
正解: A
質問 16
A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
- A. Availability
- B. Confidentiality
- C. Integrity
正解: A
質問 17
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?
- A. To authenticate the owner of the card
- B. To verify the iris of the card owner
- C. To authorize the owner of the card
- D. To identify the role of the card owner
正解: A
質問 18
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
- A. Decide the criteria for determining if the risk can be accepted
- B. Remediate the risk regardless of cost
- C. Design appropriate controls to reduce the risk
- D. Begin risk remediation immediately as the organization is currently at risk
正解: A
質問 19
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?
- A. Management and control of the security services
- B. Which security services are provided and in which supporting architectures are they defined
- C. The information security policy, the risk assessment and the controls in the security services
正解: B
質問 20
What is the main reason to use a firewall to separate two parts of your internal network?
- A. To enable the installation of an Intrusion Detection System
- B. To control traffic intensity between two network segments
- C. To decrease network loads
- D. To separate areas with different confidentiality requirements
正解: D
質問 21
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?
- A. System-specific policies for business systems
- B. Log review, consolidation and management
- C. Access criteria and access control mechanisms
正解: C
質問 22
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?
- A. Reduce RTO
- B. Reduce the time between RTO and RPO
- C. Maximize RPO
- D. Reduce RPO
正解: D
質問 23
What is the best way to start setting the information security controls?
- A. Use a standard security baseline
- B. Resort back to the default factory standards
- C. Implement the security measures as prescribed by a risk analysis tool
正解: A
質問 24
......
テストエンジンに練習ISMPテスト問題:https://www.goshiken.com/EXIN/ISMP-mondaishu.html