Unique Top-selling ISFS Exams - New 2023 EXIN Pratice Exam [Q28-Q49] : Actual Test Materials : http://blog.actualtests4sure.com

Q28. Which one of the threats listed below can occur as a result of the absence of a physical measure?

A user can view the files belonging to another user.

A server shuts off because of overheating.

A confidential document is left in the printer.

Hackers can freely enter the computer network.

Q29. What is the objective of classifying information?

Authorizing the use of an information system

Creating a label that indicates how confidential the information is

Defining different levels of sensitivity into which information may be arranged

Displaying on the document who is permitted access

Q30. A Dutch company requests to be listed on the American Stock Exchange. Which legislation within the scope of information security is relevant in this case?

Public Records Act

Dutch Tax Law

Sarbanes-Oxley Act

Security regulations for the Dutch government

Q31. What is an example of a good physical security measure?

All employees and visitors carry an access pass.

Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

Q32. What is the goal of an organization’s security policy?

To provide direction and support to information security

To define all threats to and measures for ensuring information security

To document all incidents that threaten the reliability of information

To document all procedures required to maintain information security

Q33. You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?

Backup tape

Intrusion alarm

Sprinkler installation

Access restriction to special rooms

Q34. An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

Availability measure

Integrity measure

Organizational measure

Technical measure

Q35. You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?

The integrity of the data on the USB memory stick is no longer guaranteed.

The availability of the data on the USB memory stick is no longer guaranteed.

The confidentiality of the data on the USB memory stick is no longer guaranteed.

Q36. What is the relationship between data and information?

Data is structured information.

Information is the meaning and value assigned to a collection of data.

Q37. In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

In the second step, you make your identity known, which means you are given access to the system.

The authentication step checks the username against a list of users who have access to the system.

The system determines whether access may be granted by determining whether the token used is authentic.

During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.

Q38. What physical security measure is necessary to control access to company information?

Air-conditioning

Username and password

The use of break-resistant glass and doors with the right locks, frames and hinges

Prohibiting the use of USB sticks

Q39. What is a risk analysis used for?

A risk analysis is used to express the value of information for an organization in monetary terms.

A risk analysis is used to clarify to management their responsibilities.

A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.

A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.

Q40. You own a small company in a remote industrial areA. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to be a false alarm every time. You decide to set up a hidden camerA. What is such a measure called?

Detective measure

Preventive measure

Repressive measure

Q41. Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization.
What occurs during the first step of this process: identification?

The first step consists of checking if the user is using the correct certificate.

The first step consists of checking if the user appears on the list of authorized users.

The first step consists of comparing the password with the registered password.

The first step consists of granting access to the information to which the user is authorized.

Q42. At Midwest Insurance, all information is classified. What is the goal of this classification of information?

To create a manual about how to handle mobile devices

Applying labels making the information easier to recognize

Structuring information according to its sensitivity

Q43. A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

Q44. What is the most important reason for applying segregation of duties?

Segregation of duties makes it clear who is responsible for what.

Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.

Q45. Which of the following measures is a corrective measure?

Incorporating an Intrusion Detection System (IDS) in the design of a computer centre

Installing a virus scanner in an information system

Making a backup of the data that has been created or altered that day

Restoring a backup of the correct database after a corrupt copy of the database was written over the original

Q46. A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

Q47. You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.

A code of conduct is a standard part of a labor contract.

A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.

Q48. What sort of security does a Public Key Infrastructure (PKI) offer?

It provides digital certificates which can be used to digitally sign documents. Such signatures irrefutably determine from whom a document was sent.

Having a PKI shows customers that a web-based business is secure.

By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.

A PKI ensures that backups of company data are made on a regular basis.

Q49. You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security incident to the helpdesk. The incident cycle isinitiated. What are the stages of the security incident cycle?

Threat, Damage, Incident, Recovery

Threat, Damage, Recovery, Incident

Threat, Incident, Damage, Recovery

Threat, Recovery, Incident, Damage