Exin ISFS ISO/IEC Exam Practice Test Instant Access

Question 1

What is an example of a security incident?

AThe lighting in the department no longer works.

BA member of staff loses a laptop.

CYou cannot set the correct fonts in your word processing software.

DA file is saved under an incorrect name.

Answer : B

Question 2

What is the objective of classifying information?

AAuthorizing the use of an information system

BCreating a label that indicates how confidential the information is

CDefining different levels of sensitivity into which information may be arranged

DDisplaying on the document who is permitted access

Answer : C

Question 3

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.

Since the assignments are irregular, you outsource the administration of your business to

temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

AAvailability

BIntegrity

CConfidentiality

Answer : C

Question 4

You are the first to arrive at work in the morning and notice that the CD ROM on which you saved

contracts yesterday has disappeared. You were the last to leave yesterday. When should you

report this information security incident?

AThis incident should be reported immediately.

BYou should first investigate this incident yourself and try to limit the damage.

CYou should wait a few days before reporting this incident. The CD ROM can still reappear and,
in that case, you will have made a fuss for nothing.

Answer : A

Question 5

The act of taking organizational security measures is inextricably linked with all other measures

that have to be taken. What is the name of the system that guarantees the coherence of

information security in the organization?

AInformation Security Management System (ISMS)

BRootkit

CSecurity regulations for special information for the government

Answer : A

Question 6

What is a risk analysis used for?

AA risk analysis is used to express the value of information for an organization in monetary
terms.

BA risk analysis is used to clarify to management their responsibilities.

CA risk analysis is used in conjunction with security measures to reduce risks to an acceptable
level.

DA risk analysis is used to ensure that security measures are deployed in a cost-effective and
timely fashion.

Answer : D

Question 7

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and

now want to determine your risk strategy. You decide to take measures for the large risks but not

for the small risks. What is this risk strategy called?

ARisk bearing

BRisk avoiding

CRisk neutral

Answer : C

Exin ISFS Information Security Foundation ISO/IEC Exam Practice Test