ISMP Online Practice Questions and Answers

Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.

What should be an important control in the contract?

A. The network communication channel is secured by using encryption.

B. The third party is certified against ISO/IEC 27001.

C. The third party is certified for adhering to privacy protection controls.

D. Your IT auditor has the right to audit the external party's service management processes.

A company's webshop offers prospects and customers the possibility to search the catalog and place orders around the clock. In order to satisfy the needs of both customer and business several requirements have to be met. One of the criteria is data classification.

What is the most important classification aspect of the unit price of an object in a 24h webshop?

A. Confidentiality

B. Integrity

C. Availability

Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.

What combination of business functions should be combined into one security zone?

A. Boardroom and general office space

B. Computer room and storage facility

C. Lobby and public restaurant

D. Meeting rooms and Human Resource rooms

The Board of Directors of an organization is accountable for obtaining adequate assurance. Who should be responsible for coordinating the information security awareness campaigns?

A. The Board of Directors

B. The operational manager

C. The security manager

D. The user

In a company a personalized smart card is used for both physical and logical access control. What is the main purpose of the person's picture on the smart card?

A. To authenticate the owner of the card

B. To authorize the owner of the card

C. To identify the role of the card owner

D. To verify the iris of the card owner

When should information security controls be considered?

A. After the risk assessment

B. As part of the scoping meeting

C. At the kick-off meeting

D. During the risk assessment work

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are key terms in business continuity management (BCM). Reducing loss of data is one of the focus areas of a BCM policy.

What requirement is in the data recovery policy to realize minimal data loss?

A. Maximize RPO

B. Reduce RPO

C. Reduce RTO

D. Reduce the time between RTO and RPO

When is revision of an employee's access rights mandatory?

A. After any position change

B. At hire

C. At least each year

D. At all moments stated in the information security policy

What is a key item that must be kept in mind when designing an enterprise-wide information security program?

A. When defining controls follow an approach and framework that is consistent with organizational culture

B. Determine controls in the light of specific risks an organization is facing

C. Put an enterprise-wide network and Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) into place as soon as possible

D. Put an incident management and log file analysis program in place immediately

Which security item is designed to take collections of data from multiple computers?

A. Firewall

B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)

C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)

D. Virtual Private Network (VPN)