최신 ISFS 무료덤프 - EXIN Information Security Foundation based on ISO/IEC 27001

문제1

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

A. Risk neutral

B. Risk bearing

C. Risk avoiding

정답: A

문제2

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

A. Integrity

B. Availability

C. Confidentiality

정답: C

문제3

What is the greatest risk for an organization if no information security policy has been defined?

A. Too many measures are implemented.

B. If everyone works with the same account, it is impossible to find out who worked on what.

C. It is not possible for an organization to implement information security in a consistent manner.

D. Information security activities are carried out by only a few people.

정답: C

문제4

You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?

A. The information security policy establishes who is responsible for which area of information security.

B. The information security policy supplies instructions for the daily practice of information security.

C. The information security policy establishes which devices will be protected.

D. The information security policy gives direction to the information security efforts.

정답: D

문제5

What is the relationship between data and information?

A. Information is the meaning and value assigned to a collection of data.

B. Data is structured information.

정답: A

문제6

Why do organizations have an information security policy?

A. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.

B. In order to give direction to how information security is set up within an organization.

C. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.

D. In order to ensure that staff do not break any laws.

정답: B

문제7

You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?

A. Encrypt the hard drives of laptops and USB sticks

B. Appoint security personnel

C. Set up an access control policy

D. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)

정답: D

문제8

You have an office that designs corporate logos. You have been working on a draft for a large client. Just as you are going to press the <save> button, the screen goes blank. The hard disk is damaged and cannot be repaired. You find an early version of the design in your mail folder and you reproduce the draft for the customer. What is such a measure called?

A. Reductive measure

B. Preventive measure

C. Corrective measure

정답: C

최신 ISFS 무료덤프 - EXIN Information Security Foundation based on ISO/IEC 27001

우리와 연락하기

유용한 링크

최신 업데이트