최신 ISFS 무료덤프 - EXIN Information Security Foundation based on ISO/IEC 27001

문제1

A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

A. Determining the costs of threats

B. Identifying assets and their value

C. Determining relevant vulnerabilities and threats

D. Establishing a balance between the costs of an incident and the costs of a security measure

정답: A

문제2

In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level security measures. What is this kind of risk strategy called?

A. Risk neutral

B. Risk bearing

C. Risk avoiding

정답: C

문제3

When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files. What is the correct definition of availability?

A. The degree to which the continuity of an organization is guaranteed

B. The degree to which the system capacity is enough to allow all users to work with it

C. The total amount of time that an information system is accessible to the users

D. The degree to which an information system is available for the users

정답: D

문제4

What is the relationship between data and information?

A. Information is the meaning and value assigned to a collection of data.

B. Data is structured information.

정답: A

문제5

Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?

A. The employer is permitted to check this if a firewall is also installed.

B. The employer is in no way permitted to check the use of IT services by employees.

C. The employer is permitted to check this if the employees are aware that this could happen.

D. The employer is permitted to check this if the employee is informed after each instance of checking.

정답: C

문제6

You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security incident to the helpdesk. The incident cycle isinitiated. What are the stages of the security incident cycle?

A. Threat, Incident, Damage, Recovery

B. Threat, Recovery, Incident, Damage

C. Threat, Damage, Recovery, Incident

D. Threat, Damage, Incident, Recovery

정답: A

문제7

Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?

A. Appoint a person responsible for supporting managers in adhering to the policy.

B. Make the employees responsible for submitting their personal data.

C. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.

D. Issue a ban on the provision of personal information.

정답: C

문제8

Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure. What are some other measures?

A. Repressive, adaptive and corrective measures

B. Detective, repressive and corrective measures

C. Partial, adaptive and corrective measures

정답: B

최신 ISFS 무료덤프 - EXIN Information Security Foundation based on ISO/IEC 27001

우리와 연락하기

유용한 링크

최신 업데이트