Information Security Foundation based on ISO/IEC 27002
Review Quantity: ISFS
Related Qualifications: EXIN,Inc
Available Dialects: The english language, Western, Chinese language, Speaking spanish, Russian language,
Japanese, This particular language, Colonial
Review Brand : Information Security Foundation based on ISO/IEC 27002
Questions : [productnum] Q&As
Replace Moment: [productupdatetime]
Cost: [productprice]
2021 Sep ISFS braindumps
Q1. An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?
A. Availability measure
B. Integrity measure
C. Organizational measure
D. Technical measure
Answer: D
Q2. What is the greatest risk for an organization if no information security policy has been defined?
A. If everyone works with the same account, it is impossible to find out who worked on what.
B. Information security activities are carried out by only a few people.
C. Too many measures are implemented.
D. It is not possible for an organization to implement information security in a consistent manner.
Answer: D
Q3. A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?
A. Identifying assets and their value
B. Determining the costs of threats
C. Establishing a balance between the costs of an incident and the costs of a security measure
D. Determining relevant vulnerabilities and threats
Answer: B
Q4. You work in the IT department of a medium-sized company. Confidential information has got into
the wrong hands several times. This has hurt the image of the company. You have been asked to
propose organizational security measures for laptops at your company. What is the first step that
you should take?
A. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
B. Appoint security personnel
C. Encrypt the hard drives of laptops and USB sticks
D. Set up an access control policy
Answer: A
Q5. What is an example of a security incident?
A. The lighting in the department no longer works.
B. A member of staff loses a laptop.
C. You cannot set the correct fonts in your word processing software.
D. A file is saved under an incorrect name.
Answer: B
Improved ISFS exam question:
Q6. Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?
A. Lightning strike
B. Arson
C. Flood
D. Loss of a USB stick
Answer: B
Q7. Why do organizations have an information security policy?
A. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
B. In order to ensure that staff do not break any laws.
C. In order to give direction to how information security is set up within an organization.
D. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.
Answer:: C
Q8. Which one of the threats listed below can occur as a result of the absence of a physical measure?
A. A user can view the files belonging to another user.
B. A server shuts off because of overheating.
C. A confidential document is left in the printer.
D. Hackers can freely enter the computer network.
Answer: B
Q9. The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
A. Information Security Management System
B. The use of tokens to gain access to information systems
C. Validation of input and output data in applications
D. Encryption of information
Answer: A
Q10. What is the relationship between data and information?
A. Data is structured information.
B. Information is the meaning and value assigned to a collection of data.
Answer: B