EXIN ISMP
Q: 1
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?
Options
Q: 2
Who should be asked to check compliance with the information security policy throughout the
company?
Options
Q: 3
An information security officer is asked to write a retention policy for a financial system. She is aware
of the fact that some data must be kept for a long time and other data must be deleted.
Where should she look for guidelines first?
Options
Q: 4
An experienced security manager is well aware of the risks related to communication over the
internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between
employees confidential.
Which is the main risk of PKI?
Options
Q: 5
When should information security controls be considered?
Options
Q: 6
What is a risk treatment strategy?
Options
Q: 7
The information security manager is writing the Information Security Management System (ISMS)
documentation. The controls that are to be implemented must be described in one of the phases of
the
Plan-Do-
Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
Options
Q: 8
A security manager just finished the final copy of a risk assessment. This assessment contains a list of
identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
Options
Q: 9
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that
migrating to the cloud is better feasible in the future. The security architect is asked to make a first
draft
of
the
security
architecture.
Which elements should the security architect draft?
Options
Q: 10
A company's webshop offers prospects and customers the possibility to search the catalog and place
orders around the clock. In order to satisfy the needs of both customer and business several
requirements
have
to
be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
Options
Question 1 of 10
