Exin ISFS ISO/IEC Exam Practice Test Instant Access

Question 1

You apply for a position in another company and get the job. Along with your contract, you are

asked to sign a code of conduct. What is a code of conduct?

AA code of conduct specifies how employees are expected to conduct themselves and is the
same for all companies.

BA code of conduct is a standard part of a labor contract.

CA code of conduct differs from company to company and specifies, among other things, the
rules of behavior with regard to the usage of information systems.

Answer : C

Question 2

What is the most important reason for applying segregation of duties?

ASegregation of duties makes it clear who is responsible for what.

BSegregation of duties ensures that, when a person is absent, it can be investigated whether he
or she has been committing fraud.

CTasks and responsibilities must be separated in order to minimize the opportunities for
business assets to be misused or changed, whether the change be unauthorized or
unintentional.

DSegregation of duties makes it easier for a person who is ready with his or her part of the work
to take time off or to take over the work of another person.

Answer : C

Question 3

Your company is in the news as a result of an unfortunate action by one of your employees. The

phones are ringing off the hook with customers wanting to cancel their contracts. What do we call

this type of damage?

ADirect damage

BIndirect damage

Answer : B

Question 4

A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the companys staff. Which kind of security measure could have prevented this?

AA physical security measure

BAn organizational security measure

CA technical security measure

Answer : A

Question 5

What is the best way to comply with legislation and regulations for personal data protection?

APerforming a threat analysis

BMaintaining an incident register

CPerforming a vulnerability analysis

DAppointing the responsibility to someone

Answer : D

Question 6

In most organizations, access to the computer or the network is granted only after the user has

entered a correct username and password. This process consists of 3 steps: identification,

authentication and authorization. What is the purpose of the second step, authentication?

AIn the second step, you make your identity known, which means you are given access to the
system.

BThe authentication step checks the username against a list of users who have access to the
system.

CThe system determines whether access may be granted by determining whether the token
used is authentic.

DDuring the authentication step, the system gives you the rights that you need, such as being
able to read the data in the system.

Answer : C

Question 7

What is an example of a physical security measure?

AA code of conduct that requires staff to adhere to the clear desk policy, ensuring that confidential information is not left visibly on the desk at the end of the work day

BAn access control policy with passes that have to be worn visibly

CThe encryption of confidential information

DSpecial fire extinguishers with inert gas, such as Argon

Answer : D

Exin ISFS Information Security Foundation ISO/IEC Exam Practice Test