Exin ISMP Exam Questions

Question 6 of 30

A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?

A.

Have a brainstorm with representatives of all stakeholders

B.

Interview top management

C.

Send a checklist for threat identification to all staff involved in information security.

Question 7 of 30

It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

A.

Access criteria and access control mechanisms

B.

Log review, consolidation and management

C.

System-specific policies for business systems

Question 8 of 30

What is the main reason to use a firewall to separate two parts of your internal network?

A.

To control traffic intensity between two network segments

B.

To decrease network loads

C.

To enable the installation of an Intrusion Detection System

D.

To separate areas with different confidentiality requirements

Question 9 of 30

A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?

A.

Confidentiality

B.

Integrity

C.

Availability

Question 10 of 30

In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security architecture.
Which elements should the security architect draft?

A.

Management and control of the security services

B.

The information security policy, the risk assessment and the controls in the security services

C.

Which security services are provided and in which supporting architectures are they defined