ISFS Online Practice Questions and Answers
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
A. Information Security Management System
B. The use of tokens to gain access to information systems
C. Validation of input and output data in applications
D. Encryption of information
What is an example of a security incident?
A. The lighting in the department no longer works.
B. A member of staff loses a laptop.
C. You cannot set the correct fonts in your word processing software.
D. A file is saved under an incorrect name.
In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?
A. In the second step, you make your identity known, which means you are given access to the system.
B. The authentication step checks the username against a list of users who have access to the system.
C. The system determines whether access may be granted by determining whether the token used is authentic.
D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.
You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?
A. Backup tape
B. Intrusion alarm
C. Sprinkler installation
D. Access restriction to special rooms
You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arson is not entirely out of the question. What is the relationship between the threat of fire and the risk of fire?
A. The risk of fire is the threat of fire multiplied by the chance that the fire may occur and the consequences thereof.
B. The threat of fire is the risk of fire multiplied by the chance that the fire may occur and the consequences thereof.
Logging in to a computer system is an access-granting process consisting of three steps:
identification, authentication and authorization. What occurs during the first step of this process identification?
A. The first step consists of checking if the user is using the correct certificate.
B. The first step consists of checking if the user appears on the list of authorized users.
C. The first step consists of comparing the password with the registered password.
D. The first step consists of granting access to the information to which the user is authorized.
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
A. A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.
B. A code of conduct is a standard part of a labor contract.
C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure. What are some other measures?
A. Detective, repressive and corrective measures
B. Partial, adaptive and corrective measures
C. Repressive, adaptive and corrective measures
You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money. What is this kind of threat called?
A. Human threat
B. Natural threat
C. Social Engineering
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
A. ISO/IEC 27001:2005
B. Intellectual Property Rights
C. ISO/IEC 27002:2005
D. Personal data protection legislation
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2024 leads4pass.com.