最新的Exin Certification認證 ISFS考試題庫

問題1

You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?

A. A risk analysis is used to clarify which threats are relevant and what risks they involve.

B. Risk analyses help to find a balance between threats and risks.

C. A risk analysis identifies threats from the known risks.

D. A risk analysis is used to remove the risk of a threat.

正確答案: A

問題2

My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

A. Public Key Infrastructure (PKI)

B. Discretionary Access Control (DAC)

C. Mandatory Access Control (MAC)

正確答案: C

問題3

What is the most important reason for applying segregation of duties?

A. Segregation of duties makes it clear who is responsible for what.

B. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

C. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.

D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

正確答案: B

問題4

What is the definition of the Annual Loss Expectancy?

A. The Annual Loss Expectancy is the average damage calculated by insurance companies for businesses in a country.

B. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident during the year.

C. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.

D. The Annual Loss Expectancy is the minimum amount for which an organization must insure itself.

正確答案: B

問題5

Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

A. Susan, the sender of the information.

B. Paul, the recipient of the information.

C. Paul and Susan, the sender and the recipient of the information.

正確答案: B

問題6

What action is an unintentional human threat?

A. Social engineering

B. Incorrect use of fire extinguishing equipment

C. Arson

D. Theft of a laptop

正確答案: B

問題7

You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?

A. Access restriction to special rooms

B. Intrusion alarm

C. Backup tape

D. Sprinkler installation

正確答案: B

問題8

Which measure assures that valuable information is not left out available for the taking?

A. Access passes

B. Clear desk policy

C. Infra-red detection

正確答案: B

最新的EXIN Information Security Foundation based on ISO/IEC 27001 - ISFS免費考試真題

最新更新

站內鏈接

聯系我們