Unique Top-selling ISFS Exams - New 2024 EXIN Pratice Exam [Q33-Q53]

Rate this post

Unique Top-selling ISFS Exams – New 2024 EXIN Pratice Exam

Exin Certification Dumps ISFS Exam for Full Questions – Exam Study Guide

EXIN ISFS certification exam is a two-hour, online, closed-book exam consisting of 40 multiple-choice questions. The passing score for the exam is 65%. ISFS exam is available in multiple languages, including English, Dutch, French, German, Japanese, and Spanish. The ISFS certification is valid for a lifetime, and candidates who pass the exam receive a credit towards the EXIN Information Security Foundation based on ISO/IEC 27001 certification.

The Information Security Foundation based on ISO/IEC 27001 certification exam is designed to provide a broad understanding of the principles of information security management. It covers various topics such as confidentiality, integrity, and availability of information, risk management, and security controls. ISFS exam is designed to test the knowledge and skills required to implement and maintain an effective information security management system. It is an entry-level certification that is ideal for individuals who are new to the field of information security.

QUESTION 33
Three characteristics determine the reliability of information. Which characteristics are these?

Availability, Integrity and Correctness

Availability, Integrity and Confidentiality

Availability, Nonrepudiation and Confidentiality

Explanation/Reference:

QUESTION 34
Three characteristics determine the reliability of information. Which characteristics are these?

Availability, Integrity and Correctness

Availability, Integrity and Confidentiality

Availability, Nonrepudiation and Confidentiality

QUESTION 35
You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?

The information security policy gives direction to the information security efforts.

The information security policy supplies instructions for the daily practice of information security.

The information security policy establishes which devices will be protected.

The information security policy establishes who is responsible for which area of information security.

QUESTION 36
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

Identifying assets and their value

Determining the costs of threats

Establishing a balance between the costs of an incident and the costs of a security measure

Determining relevant vulnerabilities and threats

QUESTION 37
Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure.
What are some other measures?

Detective, repressive and corrective measures

Partial, adaptive and corrective measures

Repressive, adaptive and corrective measures

QUESTION 38
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

Availability measure

Integrity measure

Organizational measure

Technical measure

QUESTION 39
Which measure assures that valuable information is not left out available for the taking?

Clear desk policy

Infra-red detection

Access passes

QUESTION 40
Who is authorized to change the classification of a document?

The author of the document

The administrator of the document

The owner of the document

The manager of the owner of the document

QUESTION 41
Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

Lightning strike

Arson

Flood

Loss of a USB stick

QUESTION 42
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers.
You don’t want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

Availability

Integrity

Confidentiality

QUESTION 43
Which of these is not malicious software?

Phishing

Spyware

Virus

Worm

QUESTION 44
Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?

Make the employees responsible for submitting their personal data.

Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.

Appoint a person responsible for supporting managers in adhering to the policy.

Issue a ban on the provision of personal information.

QUESTION 45
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

The costs for automating are easier to charge to the responsible departments.

A determination can be made as to which report should be printed first and which one can wait a little longer.

Everyone can easiliy see how sensitive the reports’ contents are by consulting the grading label.

Reports can be developed more easily and with fewer errors.

QUESTION 46
You have an office that designs corporate logos. You have been working on a draft for a large client. Just as you are going to press the <save> button, the screen goes blank. The hard disk is damaged and cannot be repaired. You find an early version of the design in your mail folder and you reproduce the draft for the customer. What is such a measure called?

Corrective measure

Preventive measure

Reductive measure

QUESTION 47
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?

Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.

Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.

Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.

Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.

QUESTION 48
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?

A risk analysis identifies threats from the known risks.

A risk analysis is used to clarify which threats are relevant and what risks they involve.

A risk analysis is used to remove the risk of a threat.

Risk analyses help to find a balance between threats and risks.

QUESTION 49
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Public Key Infrastructure (PKI)

QUESTION 50
The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
-The security requirements for the network are specified.
-A test environment is set up for the purpose of testing reports coming from the database.
-The various employee functions are assigned corresponding access rights.
–
RFID access passes are introduced for the building. Which one of these measures is not a technical measure?

The specification of requirements for the network

Setting up a test environment

Introducing a logical access policy

Introducing RFID access passes

QUESTION 51
You own a small company in a remote industrial areA. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to be a false alarm every time. You decide to set up a hidden camerA. What is such a measure called?

Detective measure

Preventive measure

Repressive measure

Explanation/Reference:

QUESTION 52
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

If the risk analysis has not been carried out.

When computer systems are kept in a cellar below ground level.

When the computer systems are not insured.

When the organization is located near a river.

QUESTION 53
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

The recipient, Rachel

The person who drafted the insurance terms and conditions

The manager, Linda

The sender, Peter

Loading …