• Home
  • Articles
  • [2022] Use Valid ISFS Exam - Actual Exam Question & Answer [Q24-Q49]

[2022] Use Valid ISFS Exam - Actual Exam Question & Answer [Q24-Q49]

Share

[2022] Use Valid ISFS Exam - Actual Exam Question & Answer

Test Engine to Practice ISFS Test Questions


Exin Information Security Foundation (based on ISO/IEC 27002) (EX0-105) ISFS Exam

Exin Information Security Foundation (based on ISO/IEC 27002) (EX0-105) ISFS Exam which is related to Exin Information Security Foundation based on ISO/IEC 27002 and credits toward Exin Information Security Management Certification. This exam validates the Candidate knowledge and skills of the concept of Information, relationships between threats, risks and the reliability of the information, importance of measures, physical security, technical measures, measures security policy and security organization.

 

NEW QUESTION 24
Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?

  • A. Make the employees responsible for submitting their personal data.
  • B. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.
  • C. Appoint a person responsible for supporting managers in adhering to the policy.
  • D. Issue a ban on the provision of personal information.

Answer: B

 

NEW QUESTION 25
Which of the following measures is a corrective measure?

  • A. Installing a virus scanner in an information system
  • B. Restoring a backup of the correct database after a corrupt copy of the database was written over the original
  • C. Making a backup of the data that has been created or altered that day
  • D. Incorporating an Intrusion Detection System (IDS) in the design of a computer centre

Answer: B

 

NEW QUESTION 26
When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files.
What is the correct definition of availability?

  • A. The total amount of time that an information system is accessible to the users
  • B. The degree to which the system capacity is enough to allow all users to work with it
  • C. The degree to which the continuity of an organization is guaranteed
  • D. The degree to which an information system is available for the users

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 27
You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money. What is this kind of threat called?

  • A. Natural threat
  • B. Human threat
  • C. Social Engineering

Answer: B

 

NEW QUESTION 28
There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?

  • A. The availability of the information is no longer guaranteed.
  • B. The confidentiality of the information is no longer guaranteed.
  • C. The integrity of the information is no longer guaranteed.

Answer: B

 

NEW QUESTION 29
Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

  • A. Loss of a USB stick
  • B. Lightning strike
  • C. Arson
  • D. Flood

Answer: C

 

NEW QUESTION 30
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?

  • A. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
  • B. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.
  • C. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.
  • D. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.

Answer: C

 

NEW QUESTION 31
What do employees need to know to report a security incident?

  • A. How to report an incident and to whom.
  • B. Whether the incident has occurred before and what was the resulting damage.
  • C. The measures that should have been taken to prevent the incident in the first place.
  • D. Who is responsible for the incident and whether it was intentional.

Answer: A

 

NEW QUESTION 32
Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?

  • A. Clear Desk Policy
  • B. Physical security measures
  • C. Logical access security measures
  • D. Measures required by laws and regulations

Answer: D

 

NEW QUESTION 33
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

  • A. Natural threat
  • B. Organizational threat
  • C. Social Engineering

Answer: C

 

NEW QUESTION 34
What is the definition of the Annual Loss Expectancy?

  • A. The Annual Loss Expectancy is the minimum amount for which an organization must insure itself.
  • B. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident during the year.
  • C. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.
  • D. The Annual Loss Expectancy is the average damage calculated by insurance companies for businesses in a country.

Answer: B

 

NEW QUESTION 35
You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?

  • A. The confidentiality of the data on the USB memory stick is no longer guaranteed.
  • B. The integrity of the data on the USB memory stick is no longer guaranteed.
  • C. The availability of the data on the USB memory stick is no longer guaranteed.

Answer: A

 

NEW QUESTION 36
What is the objective of classifying information?

  • A. Displaying on the document who is permitted access
  • B. Creating a label that indicates how confidential the information is
  • C. Authorizing the use of an information system
  • D. Defining different levels of sensitivity into which information may be arranged

Answer: D

 

NEW QUESTION 37
There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?

  • A. The availability of the information is no longer guaranteed.
  • B. The confidentiality of the information is no longer guaranteed.
  • C. The integrity of the information is no longer guaranteed.

Answer: B

Explanation:
Explanation

 

NEW QUESTION 38
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?

  • A. The first step consists of checking if the user is using the correct certificate.
  • B. The first step consists of granting access to the information to which the user is authorized.
  • C. The first step consists of comparing the password with the registered password.
  • D. The first step consists of checking if the user appears on the list of authorized users.

Answer: D

 

NEW QUESTION 39
What is the goal of an organization's security policy?

  • A. To define all threats to and measures for ensuring information security
  • B. To document all incidents that threaten the reliability of information
  • C. To provide direction and support to information security
  • D. To document all procedures required to maintain information security

Answer: C

 

NEW QUESTION 40
In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

  • A. The system determines whether access may be granted by determining whether the token used is authentic.
  • B. The authentication step checks the username against a list of users who have access to the system.
  • C. In the second step, you make your identity known, which means you are given access to the system.
  • D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.

Answer: A

 

NEW QUESTION 41
Why is compliance important for the reliability of the information?

  • A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
  • B. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
  • C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.
  • D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.

Answer: B

 

NEW QUESTION 42
What is the most important reason for applying segregation of duties?

  • A. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
  • B. Segregation of duties makes it clear who is responsible for what.
  • C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

Answer: C

Explanation:
Explanation

 

NEW QUESTION 43
What is the greatest risk for an organization if no information security policy has been defined?

  • A. Too many measures are implemented.
  • B. It is not possible for an organization to implement information security in a consistent manner.
  • C. Information security activities are carried out by only a few people.
  • D. If everyone works with the same account, it is impossible to find out who worked on what.

Answer: B

 

NEW QUESTION 44
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

  • A. Organizational measure
  • B. Integrity measure
  • C. Technical measure
  • D. Availability measure

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 45
A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
  • B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

Answer: A

Explanation:
Explanation

 

NEW QUESTION 46
A Dutch company requests to be listed on the American Stock Exchange. Which legislation within the scope of information security is relevant in this case?

  • A. Dutch Tax Law
  • B. Security regulations for the Dutch government
  • C. Sarbanes-Oxley Act
  • D. Public Records Act

Answer: C

 

NEW QUESTION 47
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

  • A. Determining relevant vulnerabilities and threats
  • B. Identifying assets and their value
  • C. Determining the costs of threats
  • D. Establishing a balance between the costs of an incident and the costs of a security measure

Answer: C

 

NEW QUESTION 48
Why is air-conditioning placed in the server room?

  • A. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.
  • B. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted.
    The air in the room is also dehumidified and filtered.
  • C. It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
  • D. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.

Answer: B

 

NEW QUESTION 49
......

ISFS Actual Questions Answers PDF 100% Cover Real Exam Questions: https://www.itcertmagic.com/EXIN/real-ISFS-exam-prep-dumps.html

ISFS Real Exam Questions Test Engine Dumps Training With 80 Questions: https://drive.google.com/open?id=12qonXmVU6yQGWmw3SwqdOKQdpnZ24mlr 

Related Articles

more
EXIN ISFS Certification Practice Exam