Free Information Security Management Professional based on ISO/IEC 27001 Exam ISMP Exam Practice Test

In a company a personalized smart card is used for both physical and logical access control.What is the main purpose of the person's picture on the smart card?

• To authenticate the owner of the card
  
• To authorize the owner of the card
  
• To identify the role of the card owner
  
• To verify the iris of the card owner
  

A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have tobe met. One of the criteria is data classification.What is the most important classification aspect of the unit price of an object in a 24h webshop?

• Confidentiality
  
• Integrity
  
• Availability
  

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.What requirement is in the data recovery policy to realize minimal data loss?

• Maximize RPO
  
• Reduce RPO
  
• Reduce RTO
  
• Reduce the time between RTO and RPO
  

The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.What is her main argument for this choice?

• Open designs are easily configured.
  
• Open designs have more functionality.
  
• Open designs are tested extensively.
  

The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do-Check-Act (PDCA) cycle of the ISMS.In which phase should these controls be described?

• Plan
  
• Do
  
• Check
  
• Act
  

When should information security controls be considered?

• After the risk assessment
  
• As part of the scoping meeting
  
• At the kick-off meeting
  
• During the risk assessment work
  

It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains anumber of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal andexternal audits.What component of the audit trail is the most important for an external auditor?

• Access criteria and access control mechanisms
  
• Log review, consolidation and management
  
• System-specific policies for business systems
  

A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.What is the best option for the treatment of risks?

• Begin risk remediation immediately as the organization is currently at risk
  
• Decide the criteria for determining if the risk can be accepted
  
• Design appropriate controls to reduce the risk
  
• Remediate the risk regardless of cost
  

What needs to be decided prior to considering the treatment of risks?

• Criteria for determining whether or not the risk can be accepted
  
• How to apply appropriate controls to reduce the risks
  
• Mitigation plans
  
• The development of own guidelines
  

The ambition of the security manager is to certify the organization against ISO/IEC 27001.What is an activity in the certification program?

• Formulate the security requirements in the outsourcing contracts
  
• Implement the security baselines in Secure Systems Development Life Cycle (SecSDLC)
  
• Perform a risk assessment of the secure internet connectivity architecture of the datacenter
  
• Produce a Statement of Applicability based on risk assessments