Free Information Security Management Professional based on ISO/IEC 27001 Exam ISMP Exam Practice Test

A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.What is the best option for the treatment of risks?

• Begin risk remediation immediately as the organization is currently at risk
  
• Decide the criteria for determining if the risk can be accepted
  
• Design appropriate controls to reduce the risk
  
• Remediate the risk regardless of cost
  

The security manager of a global company has decided that a risk assessment needs to be completed across the company.What is the primary objective of the risk assessment?

• Identify, quantify and prioritize each of the business-critical assets residing on the corporate infrastructure
  
• Identify, quantify and prioritize risks against criteria for risk acceptance
  
• Identify, quantify and prioritize the scope of this risk assessment
  
• Identify, quantify and prioritize which controls are going to be used to mitigate risk
  

A protocol to investigate fraud by employees is being designed.Which measure can be part of this protocol?

• Seize and investigate the private laptop of the employee
  
• Investigate the contents of the workstation of the employee
  
• Investigate the private mailbox of the employee
  
• Put a phone tap on the employee's business phone
  

The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.Which mitigation plan covers short-term recovery after a security incident has occurred?

• The Business Continuity Plan (BCP)
  
• The disaster recovery plan
  
• The incident response plan
  
• The risk treatment plan
  

Which security item is designed to take collections of data from multiple computers?

• Firewall
  
• Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
  
• Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
  
• Virtual Private Network (VPN)
  

The Board of Directors of an organization is accountable for obtaining adequate assurance.Who should be responsible for coordinating the information security awareness campaigns?

• The Board of Directors
  
• The operational manager
  
• The security manager
  
• The user
  

The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do-Check-Act (PDCA) cycle of the ISMS.In which phase should these controls be described?

• Plan
  
• Do
  
• Check
  
• Act
  

When should information security controls be considered?

• After the risk assessment
  
• As part of the scoping meeting
  
• At the kick-off meeting
  
• During the risk assessment work
  

A security manager for a large company has the task to achieve physical protection for corporate data stores.Through which control can physical protection be achieved?

• Having visitors sign in and out of the corporate datacenter
  
• Using a firewall to prevent access to the network infrastructure
  
• Using access control lists to prevent logical access to organizational infrastructure
  
• Using key access controls for employees needing access
  

What needs to be decided prior to considering the treatment of risks?

• Criteria for determining whether or not the risk can be accepted
  
• How to apply appropriate controls to reduce the risks
  
• Mitigation plans
  
• The development of own guidelines