Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Certensure Logo
  1. Home
  2. Exin
  3. Privacy & Data Protection
  4. ISFS - Information Security Foundation based on ISO/IEC 27002

Exin ISFS Information Security Foundation based on ISO/IEC 27002 Exam Practice Test

Demo: 12 questions
Total 80 questions
Get ISFS Full Access Download ISFS PDF

Information Security Foundation based on ISO/IEC 27002 Questions and Answers

Question 1

What is the best way to comply with legislation and regulations for personal data protection?

Options:

A.

Performing a threat analysis

B.

Maintaining an incident register

C.

Performing a vulnerability analysis

D.

Appointing the responsibility to someone

Question 2

What is a human threat to the reliability of the information on your company website?

Options:

A.

One of your employees commits an error in the price of a product on your website.

B.

The computer hosting your website is overloaded and crashes. Your website is offline.

C.

Because of a lack of maintenance, a fire hydrant springs a leak and floods the premises. Your

employees cannot come into the office and therefore can not keep the information on the

website up to date.

Question 3

Which type of malware builds a network of contaminated computers?

Options:

A.

Logic Bomb

B.

Storm Worm or Botnet

C.

Trojan

D.

Virus

Question 4

My user profile specifies which network drives I can read and write to. What is the name of the

type of logical access management wherein my access and rights are determined centrally?

Options:

A.

Discretionary Access Control (DAC)

B.

Mandatory Access Control (MAC)

C.

Public Key Infrastructure (PKI)

Question 5

A non-human threat for computer systems is a flood. In which situation is a flood always a

relevant threat?

Options:

A.

If the risk analysis has not been carried out.

B.

When computer systems are kept in a cellar below ground level.

C.

When the computer systems are not insured.

D.

When the organization is located near a river.

Question 6

Which one of the threats listed below can occur as a result of the absence of a physical measure?

Options:

A.

A user can view the files belonging to another user.

B.

A server shuts off because of overheating.

C.

A confidential document is left in the printer.

D.

Hackers can freely enter the computer network.

Question 7

What is the objective of classifying information?

Options:

A.

Authorizing the use of an information system

B.

Creating a label that indicates how confidential the information is

C.

Defining different levels of sensitivity into which information may be arranged

D.

Displaying on the document who is permitted access

Question 8

What do employees need to know to report a security incident?

Options:

A.

How to report an incident and to whom.

B.

Whether the incident has occurred before and what was the resulting damage.

C.

The measures that should have been taken to prevent the incident in the first place.

D.

Who is responsible for the incident and whether it was intentional.

Question 9

You read in the newspapers that the ex-employee of a large company systematically deleted files

out of revenge on his manager. Recovering these files caused great losses in time and money.

What is this kind of threat called?

Options:

A.

Human threat

B.

Natural threat

C.

Social Engineering

Question 10

Which of the following measures is a preventive measure?

Options:

A.

Installing a logging system that enables changes in a system to be recognized

B.

Shutting down all internet traffic after a hacker has gained access to the company systems

C.

Putting sensitive information in a safe

D.

Classifying a risk as acceptable because the cost of addressing the threat is higher than the

value of the information at risk

Question 11

What is the goal of an organization's security policy?

Options:

A.

To provide direction and support to information security

B.

To define all threats to and measures for ensuring information security

C.

To document all incidents that threaten the reliability of information

D.

To document all procedures required to maintain information security

Question 12

The act of taking organizational security measures is inextricably linked with all other measures

that have to be taken. What is the name of the system that guarantees the coherence of

information security in the organization?

Options:

A.

Information Security Management System (ISMS)

B.

Rootkit

C.

Security regulations for special information for the government

Load More ISFS Questions
Demo: 12 questions
Total 80 questions
Get ISFS Full Access Download ISFS PDF