Exin ISFS ISO/IEC Exam Practice Test Instant Access

Question 1

What physical security measure is necessary to control access to company information?

AAir-conditioning

BUsername and password

CThe use of break-resistant glass and doors with the right locks, frames and hinges

DProhibiting the use of USB sticks

Answer : C

Question 2

Which one of the threats listed below can occur as a result of the absence of a physical measure?

AA user can view the files belonging to another user.

BA server shuts off because of overheating.

CA confidential document is left in the printer.

DHackers can freely enter the computer network.

Answer : B

Question 3

Why do organizations have an information security policy?

AIn order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.

BIn order to ensure that staff do not break any laws.

CIn order to give direction to how information security is set up within an organization.

DIn order to ensure that everyone knows who is responsible for carrying out the backup procedures.

Answer : C

Question 4

Your company has to ensure that it meets the requirements set down in personal data protection

legislation. What is the first thing you should do?

AMake the employees responsible for submitting their personal data.

BTranslate the personal data protection legislation into a privacy policy that is geared to the
company and the contracts with the customers.

CAppoint a person responsible for supporting managers in adhering to the policy.

DIssue a ban on the provision of personal information.

Answer : B

Question 5

The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following

measures to assure information security:

- The security requirements for the network are specified.

- A test environment is set up for the purpose of testing reports coming from the database.

- The various employee functions are assigned corresponding access rights.

- RFID access passes are introduced for the building.

Which one of these measures is not a technical measure?

AThe specification of requirements for the network

BSetting up a test environment

CIntroducing a logical access policy

DIntroducing RFID access passes

Answer : D

Question 6

Midwest Insurance controls access to its offices with a passkey system. We call this a preventive

measure. What are some other measures?

ADetective, repressive and corrective measures

BPartial, adaptive and corrective measures

CRepressive, adaptive and corrective measures

Answer : A

Question 7

The consultants at Smith Consultants Inc. work on laptops that are protected by asymmetrical

cryptography. To keep the management of the keys cheap, all consultants use the same key pair.

What is the companys risk if they operate in this manner?

AIf the private key becomes known all laptops must be supplied with new keys.

BIf the Public Key Infrastructure (PKI) becomes known all laptops must be supplied with new
keys.

CIf the public key becomes known all laptops must be supplied with new keys.

Answer : A

Exin Information Security Foundation ISFS ISO/IEC Exam Practice Test