ISFS Free Exam Questions & Answers PDF Updated on Dec-2021 [Q26-Q51]

Share

ISFS Free Exam Questions & Answers PDF Updated on Dec-2021

Latest ISFS Exam Dumps Recently Updated 80 Questions

NEW QUESTION 26
You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?

  • A. Sprinkler installation
  • B. Access restriction to special rooms
  • C. Backup tape
  • D. Intrusion alarm

Answer: D

 

NEW QUESTION 27
Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?

  • A. Direct damage
  • B. Indirect damage

Answer: B

 

NEW QUESTION 28
When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files. What is the correct definition of availability?

  • A. The degree to which the system capacity is enough to allow all users to work with it
  • B. The degree to which the continuity of an organization is guaranteed
  • C. The total amount of time that an information system is accessible to the users
  • D. The degree to which an information system is available for the users

Answer: D

 

NEW QUESTION 29
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

  • A. A code of conduct is a standard part of a labor contract.
  • B. A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.
  • C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.

Answer: C

 

NEW QUESTION 30
What is the most important reason for applying segregation of duties?

  • A. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
  • B. Segregation of duties makes it clear who is responsible for what.
  • C. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • D. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

Answer: D

Explanation:
Explanation

 

NEW QUESTION 31
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

  • A. Organizational measure
  • B. Availability measure
  • C. Integrity measure
  • D. Technical measure

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 32
At Midwest Insurance, all information is classified. What is the goal of this classification of information?

  • A. Structuring information according to its sensitivity
  • B. Applying labels making the information easier to recognize
  • C. To create a manual about how to handle mobile devices

Answer: A

 

NEW QUESTION 33
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the companys staff. Which kind of security measure could have prevented this?

  • A. A technical security measure
  • B. A physical security measure
  • C. An organizational security measure

Answer: B

 

NEW QUESTION 34
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk.
He asks you for your password. What kind of threat is this?

  • A. Social Engineering
  • B. Natural threat
  • C. Organizational threat

Answer: A

 

NEW QUESTION 35
What is an example of a good physical security measure?

  • A. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
  • B. All employees and visitors carry an access pass.
  • C. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

Answer: B

 

NEW QUESTION 36
What do employees need to know to report a security incident?

  • A. Who is responsible for the incident and whether it was intentional.
  • B. The measures that should have been taken to prevent the incident in the first place.
  • C. How to report an incident and to whom.
  • D. Whether the incident has occurred before and what was the resulting damage.

Answer: C

 

NEW QUESTION 37
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

  • A. A determination can be made as to which report should be printed first and which one can wait a little longer.
  • B. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label.
  • C. The costs for automating are easier to charge to the responsible departments.
  • D. Reports can be developed more easily and with fewer errors.

Answer: B

 

NEW QUESTION 38
The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
-The security requirements for the network are specified.
-A test environment is set up for the purpose of testing reports coming from the database.
-The various employee functions are assigned corresponding access rights.
-
RFID access passes are introduced for the building. Which one of these measures is not a technical measure?

  • A. Setting up a test environment
  • B. The specification of requirements for the network
  • C. Introducing RFID access passes
  • D. Introducing a logical access policy

Answer: C

 

NEW QUESTION 39
Your company has to ensure that it meets the requirements set down in personal data protection legislation.
What is the first thing you should do?

  • A. Make the employees responsible for submitting their personal data.
  • B. Issue a ban on the provision of personal information.
  • C. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.
  • D. Appoint a person responsible for supporting managers in adhering to the policy.

Answer: C

 

NEW QUESTION 40
Why is air-conditioning placed in the server room?

  • A. It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
  • B. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.
  • C. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted.
    The air in the room is also dehumidified and filtered.
  • D. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.

Answer: C

 

NEW QUESTION 41
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?

  • A. A risk analysis identifies threats from the known risks.
  • B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
  • C. Risk analyses help to find a balance between threats and risks.
  • D. A risk analysis is used to remove the risk of a threat.

Answer: B

 

NEW QUESTION 42
What is an example of a security incident?

  • A. A file is saved under an incorrect name.
  • B. You cannot set the correct fonts in your word processing software.
  • C. The lighting in the department no longer works.
  • D. A member of staff loses a laptop.

Answer: D

 

NEW QUESTION 43
What is a repressive measure in the case of a fire?

  • A. Putting out a fire after it has been detected by a fire detector
  • B. Repairing damage caused by the fire
  • C. Taking out fire insurance

Answer: A

 

NEW QUESTION 44
Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?

  • A. Physical security measures
  • B. Logical access security measures
  • C. Measures required by laws and regulations
  • D. Clear Desk Policy

Answer: C

 

NEW QUESTION 45
There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?

  • A. The availability of the information is no longer guaranteed.
  • B. The integrity of the information is no longer guaranteed.
  • C. The confidentiality of the information is no longer guaranteed.

Answer: C

 

NEW QUESTION 46
Which of the following measures is a preventive measure?

  • A. Putting sensitive information in a safe
  • B. Installing a logging system that enables changes in a system to be recognized
  • C. Shutting down all internet traffic after a hacker has gained access to the company systems
  • D. Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk

Answer: A

 

NEW QUESTION 47
A couple of years ago you started your company which has now grown from 1 to 20 employees. Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
  • B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

Answer: A

 

NEW QUESTION 48
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

  • A. Public Key Infrastructure (PKI)
  • B. Mandatory Access Control (MAC)
  • C. Discretionary Access Control (DAC)

Answer: B

 

NEW QUESTION 49
Three characteristics determine the reliability of information. Which characteristics are these?

  • A. Availability, Integrity and Correctness
  • B. Availability, Nonrepudiation and Confidentiality
  • C. Availability, Integrity and Confidentiality

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 50
A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
  • B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

Answer: A

Explanation:
Explanation

 

NEW QUESTION 51
......


Who should take the ISFS exam

The Exin ISFS certification is an internationally-recognized validation that identifies persons who earn it as possessing skilled in Exin Information Security Management Certification. If a candidate wants significant improvement in career growth needs enhanced knowledge, skills, and talents. The Exin Information Security Foundation based on ISO/IEC 27002 ISFS Exam certification provides proof of this advanced knowledge and skill. If a candidate has knowledge of associated technologies and skills that are required to pass the Exin Information Security Foundation based on ISO/IEC 27002 ISFS Exam then he should take this exam.


Exin Information Security Foundation (based on ISO/IEC 27002) (EX0-105) ISFS Exam

Exin Information Security Foundation (based on ISO/IEC 27002) (EX0-105) ISFS Exam which is related to Exin Information Security Foundation based on ISO/IEC 27002 and credits toward Exin Information Security Management Certification. This exam validates the Candidate knowledge and skills of the concept of Information, relationships between threats, risks and the reliability of the information, importance of measures, physical security, technical measures, measures security policy and security organization.

 

EXIN ISFS Real 2021 Braindumps Mock Exam Dumps: https://www.free4torrent.com/ISFS-braindumps-torrent.html

ISFS Exam Questions | Real ISFS Practice Dumps: https://drive.google.com/open?id=1mjkRS-dh0VEXAZbA_38a2A62-4AmaXl0