Get Full Version of the Exam
http://www.EnsurePass.com/ISFS.html
Question No.11
Which of the following measures is a preventive measure?
-
Installing a logging system that enables changes in a system to be recognized
-
Shutting down all internet traffic after a hacker has gained access to the company systems
-
Putting sensitive information in a safe
-
Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk
Correct Answer: C
Question No.12
What is a risk analysis used for?
-
A risk analysis is used to express the value of information for an organization in monetary terms.
-
A risk analysis is used to clarify to management their responsibilities.
-
A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
-
A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.
Correct Answer: D
Question No.13
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?
-
Identifying assets and their value
-
Determining the costs of threats
-
Establishing a balance between the costs of an incident and the costs of a security measure
-
Determining relevant vulnerabilities and threats
Correct Answer: B
Question No.14
What is an example of a security incident?
-
The lighting in the department no longer works.
-
A member of staff loses a laptop.
-
You cannot set the correct fonts in your word processing software.
-
A file is saved under an incorrect name.
Correct Answer: B
Question No.15
Which of the following measures is a corrective measure?
-
Incorporating an Intrusion Detection System (IDS) in the design of a computer centre
-
Installing a virus scanner in an information system
-
Making a backup of the data that has been created or altered that day
-
Restoring a backup of the correct database after a corrupt copy of the database was written over the original
Correct Answer: D
Question No.16
We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?
-
Availability, Information Value and Confidentiality
-
Availability, Integrity and Confidentiality
-
Availability, Integrity and Completeness
-
Timeliness, Accuracy and Completeness
Correct Answer: B
Question No.17
Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?
-
Make the employees responsible for submitting their personal data.
-
Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.
-
Appoint a person responsible for supporting managers in adhering to the policy.
-
Issue a ban on the provision of personal information.
Correct Answer: B
Question No.18
What sort of security does a Public Key Infrastructure (PKI) offer?
-
It provides digital certificates which can be used to digitally sign documents. Such signatures irrefutably determine from whom a document was sent.
-
Having a PKI shows customers that a web-based business is secure.
-
By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.
-
A PKI ensures that backups of company data are made on a regular basis.
Correct Answer: C
Question No.19
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?
-
Availability measure
-
Integrity measure
-
Organizational measure
-
Technical measure
Correct Answer: D
Question No.20
What is the greatest risk for an organization if no information security policy has been defined?
-
If everyone works with the same account, it is impossible to find out who worked on what.
-
Information security activities are carried out by only a few people.
-
Too many measures are implemented.
-
It is not possible for an organization to implement information security in a consistent manner.
Correct Answer: D
Get Full Version of the Exam
ISFS Dumps
ISFS VCE and PDF