EXIN Information Security Foundation based on ISO/IEC 27001

QUESTION NO: 1
What do employees need to know to report a security incident?

A. How to report an incident and to whom. B. Who is responsible for the incident and whether it was intentional. C. The measures that should have been taken to prevent the incident in the first place. D. Whether the incident has occurred before and what was the resulting damage.

Correct Answer: A

QUESTION NO: 2
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

A. Discretionary Access Control (DAC) B. Public Key Infrastructure (PKI) C. Mandatory Access Control (MAC)

Correct Answer: C

QUESTION NO: 3
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

A. When the organization is located near a river. B. When the computer systems are not insured. C. If the risk analysis has not been carried out. D. When computer systems are kept in a cellar below ground level.

Correct Answer: D

QUESTION NO: 4
In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level security measures. What is this kind of risk strategy called?

A. Risk avoiding B. Risk neutral C. Risk bearing

Correct Answer: A

QUESTION NO: 5
Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?

A. Clear Desk Policy B. Physical security measures C. Measures required by laws and regulations D. Logical access security measures

Correct Answer: C

QUESTION NO: 6
You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

A. The risk of a virus outbreak B. The risk that fire may break out in the server room C. The risk that hackers can do as they wish on the network without detection D. The risk of undesired e-mails

Correct Answer: C

QUESTION NO: 7
Why is compliance important for the reliability of the information?

A. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information. B. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly. C. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner. D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.

Correct Answer: C

QUESTION NO: 8
Why is air-conditioning placed in the server room?

A. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged. B. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted. The air in the room is also dehumidified and filtered. C. It is not pleasant for the maintenance staff to have to work in a server room that is too warm. D. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.

Correct Answer: B

EXIN Information Security Foundation based on ISO/IEC 27001 - ISFS Exam Questions