[Aug 08, 2022] Fully Updated Dumps PDF – Latest ISMP Exam Questions and Answers [Q11-Q29]

NO.11 When should information security controls be considered?

NO.12 A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?

NO.13 An information security officer is asked to write a retention policy for a financial system. She is aware of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?

NO.14 The Board of Directors of an organization is accountable for obtaining adequate assurance.
Who should be responsible for coordinating the information security awareness campaigns?

NO.15 Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.
What requirement is in the data recovery policy to realize minimal data loss?

NO.16 In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person’s picture on the smart card?

NO.17 What is the best way to start setting the information security controls?

NO.18 It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and external audits.
What component of the audit trail is the most important for an external auditor?

NO.19 A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?

NO.20 Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?

NO.21 The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?

NO.22 A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?