• Home
  • Articles
  • ISFS Tested & Approved Exin Certification Study Materials [Q17-Q39]

ISFS Tested & Approved Exin Certification Study Materials [Q17-Q39]

Share

ISFS Tested & Approved Exin Certification Study Materials

Validate your Skills with Updated Exin Certification Exam Questions & Answers and Test Engine


EXIN ISFS Certification Exam is recognized globally and is highly valued by employers. Information Security Foundation based on ISO/IEC 27001 certification is proof that an individual has the knowledge and skills required to implement and maintain an effective information security management system. It is a great way to enhance one's career prospects in the field of information security.

 

NEW QUESTION # 17
What is the greatest risk for an organization if no information security policy has been defined?

  • A. It is not possible for an organization to implement information security in a consistent manner.
  • B. If everyone works with the same account, it is impossible to find out who worked on what.
  • C. Too many measures are implemented.
  • D. Information security activities are carried out by only a few people.

Answer: A


NEW QUESTION # 18
Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?

  • A. Appoint a person responsible for supporting managers in adhering to the policy.
  • B. Make the employees responsible for submitting their personal data.
  • C. Issue a ban on the provision of personal information.
  • D. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.

Answer: D


NEW QUESTION # 19
You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?

  • A. The availability of the data on the USB memory stick is no longer guaranteed.
  • B. The confidentiality of the data on the USB memory stick is no longer guaranteed.
  • C. The integrity of the data on the USB memory stick is no longer guaranteed.

Answer: B


NEW QUESTION # 20
What is an example of a good physical security measure?

  • A. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.
  • B. All employees and visitors carry an access pass.
  • C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

Answer: B


NEW QUESTION # 21
What is the best way to comply with legislation and regulations for personal data protection?

  • A. Performing a vulnerability analysis
  • B. Appointing the responsibility to someone
  • C. Maintaining an incident register
  • D. Performing a threat analysis

Answer: B


NEW QUESTION # 22
What action is an unintentional human threat?

  • A. Arson
  • B. Incorrect use of fire extinguishing equipment
  • C. Theft of a laptop
  • D. Social engineering

Answer: B


NEW QUESTION # 23
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

  • A. Organizational threat
  • B. Social Engineering
  • C. Natural threat

Answer: B


NEW QUESTION # 24
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?

  • A. Risk analyses help to find a balance between threats and risks.
  • B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
  • C. A risk analysis is used to remove the risk of a threat.
  • D. A risk analysis identifies threats from the known risks.

Answer: B


NEW QUESTION # 25
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

  • A. Mandatory Access Control (MAC)
  • B. Discretionary Access Control (DAC)
  • C. Public Key Infrastructure (PKI)

Answer: A


NEW QUESTION # 26
You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?

  • A. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.
  • B. This incident should be reported immediately.
  • C. You should first investigate this incident yourself and try to limit the damage.

Answer: B


NEW QUESTION # 27
Which of the following measures is a preventive measure?

  • A. Putting sensitive information in a safe
  • B. Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk
  • C. Installing a logging system that enables changes in a system to be recognized
  • D. Shutting down all internet traffic after a hacker has gained access to the company systems

Answer: A


NEW QUESTION # 28
What is the most important reason for applying segregation of duties?

  • A. Segregation of duties makes it clear who is responsible for what.
  • B. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • C. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • D. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.

Answer: B


NEW QUESTION # 29
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

  • A. When the organization is located near a river.
  • B. When computer systems are kept in a cellar below ground level.
  • C. When the computer systems are not insured.
  • D. If the risk analysis has not been carried out.

Answer: B


NEW QUESTION # 30
What is a risk analysis used for?

  • A. A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
  • B. A risk analysis is used to express the value of information for an organization in monetary terms.
  • C. A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.
  • D. A risk analysis is used to clarify to management their responsibilities.

Answer: C


NEW QUESTION # 31
What is the objective of classifying information?

  • A. Displaying on the document who is permitted access
  • B. Authorizing the use of an information system
  • C. Creating a label that indicates how confidential the information is
  • D. Defining different levels of sensitivity into which information may be arranged

Answer: D


NEW QUESTION # 32
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?

  • A. Risk analyses help to find a balance between threats and risks.
  • B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
  • C. A risk analysis is used to remove the risk of a threat.
  • D. A risk analysis identifies threats from the known risks.

Answer: B


NEW QUESTION # 33
There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?

  • A. Burned computer systems
  • B. Melted backup tapes
  • C. Burned documents
  • D. Water damage due to the fire extinguishers

Answer: D


NEW QUESTION # 34
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

  • A. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
  • B. A code of conduct is a standard part of a labor contract.
  • C. A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.

Answer: A


NEW QUESTION # 35
You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

  • A. The risk that fire may break out in the server room
  • B. The risk that hackers can do as they wish on the network without detection
  • C. The risk of undesired e-mails
  • D. The risk of a virus outbreak

Answer: B


NEW QUESTION # 36
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk.
He asks you for your password. What kind of threat is this?

  • A. Organizational threat
  • B. Social Engineering
  • C. Natural threat

Answer: B


NEW QUESTION # 37
At Midwest Insurance, all information is classified. What is the goal of this classification of information?

  • A. Structuring information according to its sensitivity
  • B. Applying labels making the information easier to recognize
  • C. To create a manual about how to handle mobile devices

Answer: A


NEW QUESTION # 38
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

  • A. Determining the costs of threats
  • B. Identifying assets and their value
  • C. Establishing a balance between the costs of an incident and the costs of a security measure
  • D. Determining relevant vulnerabilities and threats

Answer: A


NEW QUESTION # 39
......


EXIN ISFS certification program is designed for professionals who need to have a basic understanding of information security. It is suitable for individuals who are starting their careers in information security, as well as for those who are already working in related fields such as IT, risk management, audit and compliance. Information Security Foundation based on ISO/IEC 27001 certification provides a solid foundation in information security and helps individuals to develop the necessary skills and competencies to manage information security risks effectively.

 

ISFS [Sep-2023] Newly Released] ISFS Exam Questions For You To Pass: https://www.actual4dump.com/EXIN/ISFS-actualtests-dumps.html

For your comfort, Actual4dump provides you the convenience of free Exin Certification braindumps demo: https://drive.google.com/open?id=1_Mfv_VYTmVLWjs743seRpFBSq5UxCcDL

Related Articles

more
EXIN ISFS Certification Practice Exam