Information Security Foundation based on ISO/IEC 27001 (ISFS) Free Practice Test

Question 1

You have just started working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?

A. A code of conduct helps to prevent the misuse of IT facilities.

B. A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.

C. A code of conduct is a legal obligation that organizations have to meet.

D. A code of conduct prevents a virus outbreak.

Correct Answer: A

Question 2

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

A. A determination can be made as to which report should be printed first and which one can wait a little longer.

B. Reports can be developed more easily and with fewer errors.

C. The costs for automating are easier to charge to the responsible departments.

D. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label.

Correct Answer: D

Question 3

Which one of the threats listed below can occur as a result of the absence of a physical measure?

A. A confidential document is left in the printer.

B. Hackers can freely enter the computer network.

C. A user can view the files belonging to another user.

D. A server shuts off because of overheating.

Correct Answer: D

Question 4

What is an example of a good physical security measure?

A. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

C. All employees and visitors carry an access pass.

Correct Answer: C

Question 5

In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

A. The system determines whether access may be granted by determining whether the token used is authentic.

B. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.

C. In the second step, you make your identity known, which means you are given access to the system.

D. The authentication step checks the username against a list of users who have access to the system.

Correct Answer: A

Question 6

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

A. When computer systems are kept in a cellar below ground level.

B. When the organization is located near a river.

C. If the risk analysis has not been carried out.

D. When the computer systems are not insured.

Correct Answer: A

Question 7

You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

A. The risk that fire may break out in the server room

B. The risk of undesired e-mails

C. The risk of a virus outbreak

D. The risk that hackers can do as they wish on the network without detection

Correct Answer: D

Question 8

Which of the following measures is a corrective measure?

A. Incorporating an Intrusion Detection System (IDS) in the design of a computer centre

B. Installing a virus scanner in an information system

C. Restoring a backup of the correct database after a corrupt copy of the database was written over the original

D. Making a backup of the data that has been created or altered that day

Correct Answer: C

Welcome to TestSimulate

EXIN Information Security Foundation based on ISO/IEC 27001 (ISFS) Free Practice Test