최신 ISFS 무료덤프 - EXIN Information Security Foundation based on ISO/IEC 27001

문제1

My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

A. Discretionary Access Control (DAC)

B. Mandatory Access Control (MAC)

C. Public Key Infrastructure (PKI)

정답: B

문제2

A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

A. Determining the costs of threats

B. Identifying assets and their value

C. Determining relevant vulnerabilities and threats

D. Establishing a balance between the costs of an incident and the costs of a security measure

정답: A

문제3

When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files. What is the correct definition of availability?

A. The degree to which the continuity of an organization is guaranteed

B. The degree to which the system capacity is enough to allow all users to work with it

C. The total amount of time that an information system is accessible to the users

D. The degree to which an information system is available for the users

정답: D

문제4

What is a risk analysis used for?

A. A risk analysis is used to express the value of information for an organization in monetary terms.

B. A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.

C. A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.

D. A risk analysis is used to clarify to management their responsibilities.

정답: C

문제5

You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?

A. You should first investigate this incident yourself and try to limit the damage.

B. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.

C. This incident should be reported immediately.

정답: C

문제6

Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?

A. Appoint a person responsible for supporting managers in adhering to the policy.

B. Make the employees responsible for submitting their personal data.

C. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.

D. Issue a ban on the provision of personal information.

정답: C

문제7

Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

A. ISO/IEC 27002:2005

B. Intellectual Property Rights

C. ISO/IEC 27001:2005

D. Personal data protection legislation

정답: D

문제8

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

A. Integrity

B. Availability

C. Confidentiality

정답: C

최신 ISFS 무료덤프 - EXIN Information Security Foundation based on ISO/IEC 27001

우리와 연락하기

유용한 링크

최신 업데이트