ITIL 4 Practitioner Information Security Management Practice Exam — Free 20+ Questions | ExamCademy
ITIL 4 Practitioner Information Security ManagementPreview
By ITIL
Updated
20Q per page
About the ITIL 4 Practitioner Information Security Management Exam
›
20Practice Questions
3Study Modes
FreeTo Get Started
Mode Selection
Question 1
Roles and competencies
0
Question 2
Key concepts
Report a problem
0
Question 3
Practice processes
0
Question 4
Information and technology
0
Question 5
Information and technology
0
Question 6
Practice processes
0
Question 7
The ITIL capability model
0
Question 8
Partners and suppliers
0
That's the end of the Preview
This exam has 20 community-verified practice questions. Create a free account to access all questions, comments, and explanations.
Topics covered:
Key conceptsPractice success factorsPractice processesRoles and competenciesInformation and technologyPartners and suppliersThe ITIL capability modelPractice success
Which activity is performed by an information security manager?
ARepresenting the organization in strategic conversations with regulators
BConducting information security training and education
CDefining the balance between business performance and information security
DGoverning security management employees across the organization
A newly appointed chief information security officer (CISO) has been asked to explain the purpose of information security management to the board.
Which explanation is the BEST for the CISO to use?
AInformation security management will protect the organization’s IT systems and services
BInformation security management will help to ensure that the organization can always rely on its data in performing the business activities.
CInformation security management will ensure that the organization uses the right controls to manage security risks
DInformation security management will enable the organization to pass external audits
Which input to the ‘assessment and review’ process help to assess whether information security controls are effective?
ANew and changed technology
BExternal standards
CBusiness process information
DInformation security records and reports
To support an audit, an information security consultant wants to share with relevant teams a list of additional controls that are needed to protect the organization’s assets.
What type of tool is BEST to assist with this?
AWorkflow management and collaboration tools
BMonitoring and event management tools
COrchestration systems
DSIEM tools
What TWO types of tools are the BEST to use to isolate a compromised server from the network?
Analysis and reporting tool
Workflow management and collaboration tool
SIEM tool
Knowledge management tool
A1 and 2
B2 and 3
C3 and 4
D1 and 4
What activity helps identify potential events that could impact the security of information?
ASecurity plan tests
BSecurity awareness training
CSecurity incident management
DVulnerability assessments
An organization has very effective information security controls; its information security management plans are regularly tested. The information security team is working on integration of information security in all aspects of the organization, but this work has just begun.
Which capability level does this information security management practice demonstrate?
ALevel 1
BLevel 2
CLevel 3
DLevel 4
An organization has mapped the value stream for resolving incidents, and has identified many handoffs to and from third parties. These handoffs require potentially sensitive information to be shared so that the incidents can be resolved, and this results in a risk that information might be leaked.
What TWO things should the organization do to manage this risk?
Resolve all incidents that involve sensitive information using in-house staff only
Automatically detect sensitive information and remove it when it is not essential for the supplier
Ensure contracts specify how the suppliers should manage this information
Delete all sensitive data from incident records so that is cannot be leaked during incident investigation
Preview
