Information Security Foundation based on ISO/IEC 27001

Question 1

Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?

A. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.

B. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.

C. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.

D. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.

Correct Answer: B

Question 2

What is a risk analysis used for?

A. A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.

B. A risk analysis is used to express the value of information for an organization in monetary terms.

C. A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.

D. A risk analysis is used to clarify to management their responsibilities.

Correct Answer: A

Question 3

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

Correct Answer: A

Question 4

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

A. Availability

B. Integrity

C. Confidentiality

Correct Answer: C

Question 5

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

A. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label.

B. Reports can be developed more easily and with fewer errors.

C. A determination can be made as to which report should be printed first and which one can wait a little longer.

D. The costs for automating are easier to charge to the responsible departments.

Correct Answer: A

Question 6

Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

A. Flood

B. Arson

C. Loss of a USB stick

D. Lightning strike

Correct Answer: B

Question 7

The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
-The security requirements for the network are specified.
-A test environment is set up for the purpose of testing reports coming from the database.
-The various employee functions are assigned corresponding access rights.
-
RFID access passes are introduced for the building. Which one of these measures is not a technical measure?

A. Introducing a logical access policy

B. Introducing RFID access passes

C. The specification of requirements for the network

D. Setting up a test environment

Correct Answer: B

Question 8

You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

A. The risk of undesired e-mails

B. The risk that fire may break out in the server room

C. The risk that hackers can do as they wish on the network without detection

D. The risk of a virus outbreak

Correct Answer: C

EXIN Information Security Foundation based on ISO/IEC 27001 - ISFS Exam Practice Test

Latest Update

Useful Links

Contact Us