• Home
  • Articles
  • [Q44-Q67] Tested Material Used To ISFS Test Engine Exam Questions in here [Sep-2023]

[Q44-Q67] Tested Material Used To ISFS Test Engine Exam Questions in here [Sep-2023]

Share

Tested Material Used To ISFS Test Engine Exam Questions in here [Sep-2023]

Penetration testers simulate ISFS exam PDF


The ISFS certification exam covers several important topics, including information security concepts, principles and practices, threat analysis, risk management, vulnerability management, business continuity and disaster recovery management, legal and regulatory compliance, and incident management. ISFS certification is designed for anyone who wishes to develop a career in information security or who needs to establish a sound foundation in information security principles, including IT professionals, security professionals, risk and compliance professionals, auditors, and business managers.

 

NEW QUESTION # 44
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk.
He asks you for your password. What kind of threat is this?

  • A. Natural threat
  • B. Social Engineering
  • C. Organizational threat

Answer: B


NEW QUESTION # 45
There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?

  • A. Melted backup tapes
  • B. Burned documents
  • C. Burned computer systems
  • D. Water damage due to the fire extinguishers

Answer: D


NEW QUESTION # 46
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

  • A. The costs for automating are easier to charge to the responsible departments.
  • B. A determination can be made as to which report should be printed first and which one can wait a little longer.
  • C. Reports can be developed more easily and with fewer errors.
  • D. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label.

Answer: D


NEW QUESTION # 47
We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

  • A. Timeliness, Accuracy and Completeness
  • B. Availability, Integrity and Completeness
  • C. Availability, Integrity and Confidentiality
  • D. Availability, Information Value and Confidentiality

Answer: C


NEW QUESTION # 48
What is the most important reason for applying segregation of duties?

  • A. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • B. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
  • C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • D. Segregation of duties makes it clear who is responsible for what.

Answer: C


NEW QUESTION # 49
Which type of malware builds a network of contaminated computers?

  • A. Trojan
  • B. Virus
  • C. Storm Worm or Botnet
  • D. Logic Bomb

Answer: C


NEW QUESTION # 50
You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?

  • A. Appoint security personnel
  • B. Encrypt the hard drives of laptops and USB sticks
  • C. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
  • D. Set up an access control policy

Answer: C


NEW QUESTION # 51
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

  • A. Risk neutral
  • B. Risk avoiding
  • C. Risk bearing

Answer: A


NEW QUESTION # 52
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

  • A. The use of tokens to gain access to information systems
  • B. Validation of input and output data in applications
  • C. Encryption of information
  • D. Information Security Management System

Answer: D


NEW QUESTION # 53
An airline company employee notices that she has access to one of the company's applications that she has not used before. Is this an information security incident?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 54
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

  • A. Technical measure
  • B. Integrity measure
  • C. Organizational measure
  • D. Availability measure

Answer: A


NEW QUESTION # 55
What do employees need to know to report a security incident?

  • A. The measures that should have been taken to prevent the incident in the first place.
  • B. Who is responsible for the incident and whether it was intentional.
  • C. Whether the incident has occurred before and what was the resulting damage.
  • D. How to report an incident and to whom.

Answer: D


NEW QUESTION # 56
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

  • A. When the computer systems are not insured.
  • B. If the risk analysis has not been carried out.
  • C. When computer systems are kept in a cellar below ground level.
  • D. When the organization is located near a river.

Answer: C


NEW QUESTION # 57
You have an office that designs corporate logos. You have been working on a draft for a large client. Just as you are going to press the <save> button, the screen goes blank. The hard disk is damaged and cannot be repaired. You find an early version of the design in your mail folder and you reproduce the draft for the customer. What is such a measure called?

  • A. Reductive measure
  • B. Preventive measure
  • C. Corrective measure

Answer: C


NEW QUESTION # 58
What is an example of a security incident?

  • A. A file is saved under an incorrect name.
  • B. A member of staff loses a laptop.
  • C. You cannot set the correct fonts in your word processing software.
  • D. The lighting in the department no longer works.

Answer: B


NEW QUESTION # 59
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?

  • A. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
  • B. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.
  • C. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.
  • D. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.

Answer: B


NEW QUESTION # 60
You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?

  • A. Appoint security personnel
  • B. Encrypt the hard drives of laptops and USB sticks
  • C. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
  • D. Set up an access control policy

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 61
In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

  • A. In the second step, you make your identity known, which means you are given access to the system.
  • B. The system determines whether access may be granted by determining whether the token used is authentic.
  • C. The authentication step checks the username against a list of users who have access to the system.
  • D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.

Answer: B


NEW QUESTION # 62
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the companys staff. Which kind of security measure could have prevented this?

  • A. A technical security measure
  • B. A physical security measure
  • C. An organizational security measure

Answer: B


NEW QUESTION # 63
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?

  • A. A risk analysis identifies threats from the known risks.
  • B. A risk analysis is used to remove the risk of a threat.
  • C. Risk analyses help to find a balance between threats and risks.
  • D. A risk analysis is used to clarify which threats are relevant and what risks they involve.

Answer: D


NEW QUESTION # 64
In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level security measures. What is this kind of risk strategy called?

  • A. Risk avoiding
  • B. Risk bearing
  • C. Risk neutral

Answer: A


NEW QUESTION # 65
A couple of years ago you started your company which has now grown from 1 to 20 employees. Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.
  • B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

Answer: B


NEW QUESTION # 66
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization.
What occurs during the first step of this process: identification?

  • A. The first step consists of checking if the user is using the correct certificate.
  • B. The first step consists of granting access to the information to which the user is authorized.
  • C. The first step consists of checking if the user appears on the list of authorized users.
  • D. The first step consists of comparing the password with the registered password.

Answer: C


NEW QUESTION # 67
......


EXIN ISFS or Information Security Foundation based on ISO/IEC 27001 is a certification program that is aimed at providing professionals with the basic knowledge and understanding of Information Security. It is a globally recognized certification which focuses on ISO/IEC 27001, which is the international standard for Information Security Management Systems (ISMS). Information Security Foundation based on ISO/IEC 27001 certification is ideal for individuals who want to gain fundamental knowledge and skills in the field of information security.

 

Authentic Best resources for ISFS Online Practice Exam: https://www.actual4exams.com/ISFS-valid-dump.html

Get the superior quality ISFS Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1G_0x4NnYMsUL8_Xon1677MeeNsU7MUGq

Related Articles

more
EXIN ISFS Certification Practice Exam

Take our exam training material as your study reference, and pass your exam with the help of our actual exam dumps. When you choose our latest exam torrent, you will get your IT certification with more confident and more ease.

Latest Actual Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2024 Actual4Exams NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy