← Back to exam page

ISMP Information Security Management Professional based on ISO/IEC 27001

Loading demo links...

Showing 1–3 of 5 questions

Question 1

When is revision of an employee’s access rights mandatory?

Select an option, then click Submit answer.

  • After any position change

  • At hire

  • At least each year

  • At all moments stated in the information security policy
Question 2

What needs to be decided prior to considering the treatment of risks?

Select an option, then click Submit answer.

  • Criteria for determining whether or not the risk can be accepted

  • How to apply appropriate controls to reduce the risks

  • Mitigation plans

  • The development of own guidelines
Question 3

The handling of security incidents is done by the incident management process under guidelines of information security management. These guidelines call for several types of mitigation plans.

Which mitigation plan covers short-term recovery after a security incident has occurred?

Select an option, then click Submit answer.

  • The Business Continuity Plan (BCP)

  • The disaster recovery plan

  • The incident response plan

  • The risk treatment plan