Duration: 1 hour and 30 minutes
Number of questions: 30 (Multiple Choice)
Pass mark: 65%
Open book: No
Electronic equipment allowed: No
Level: Advanced
ECTS credits: 4
Available languages: English, Dutch, Brazilian Portuguese, Chinese
Requirements for certification: The Information Security Management Professional training course with an EXIN accredited training provider (ATP), including having successfully fulfilled the two (2) practical assignments as part of the course.
Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational, physical and technical aspects of information security.
Who is this certification for?
This module is intended for everyone who is involved in the implementation, evaluation, and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification.
Main subjects
Information security perspectives: the perspectives of the business, the customer, and the service provider
Risk Management: Analysis of the risks, choosing controls, dealing with remaining risks
Information security controls: Organizational, technical and physical controls
Required reading
EXIN Information Security Management Professional based on ISO/IEC 27001 Body of Knowledge EXIN (2020)
QUESTION 1
Zoning is a security control to separate physical areas with different security levels. Zones with higher security
levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
A. Boardroom and general office space
B. Computer room and storage facility
C. Lobby and public restaurant
D. Meeting rooms and Human Resource rooms
Correct Answer: C
QUESTION 2
Which security item is designed to take collections of data from multiple computers?
A. Firewall
B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS)
C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS)
D. Virtual Private Network (VPN)
Correct Answer: C
QUESTION 3
A security manager just finished the final copy of a risk assessment. This assessment contains a list of
identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
A. Begin risk remediation immediately as the organization is currently at risk
B. Decide the criteria for determining if the risk can be accepted
C. Design appropriate controls to reduce the risk
D. Remediate the risk regardless of cost
Correct Answer: B
Examkingdom Exin ISMP Exam pdf, Certkingdom Exin ISMP PDF
Best Exin ISMP Certification, Exin ISMP Training at certkingdom.com