Exin ISFS ISO/IEC Exam Practice Test Instant Access

Question 1

Your company has to ensure that it meets the requirements set down in personal data protection

legislation. What is the first thing you should do?

AMake the employees responsible for submitting their personal data.

BTranslate the personal data protection legislation into a privacy policy that is geared to the
company and the contracts with the customers.

CAppoint a person responsible for supporting managers in adhering to the policy.

DIssue a ban on the provision of personal information.

Answer : B

Question 2

What is a risk analysis used for?

AA risk analysis is used to express the value of information for an organization in monetary
terms.

BA risk analysis is used to clarify to management their responsibilities.

CA risk analysis is used in conjunction with security measures to reduce risks to an acceptable
level.

DA risk analysis is used to ensure that security measures are deployed in a cost-effective and
timely fashion.

Answer : D

Question 3

Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms

and conditions for a life insurance policy to Rachel, a client. Who determines the value of the

information in the insurance terms and conditions document?

AThe recipient, Rachel

BThe person who drafted the insurance terms and conditions

CThe manager, Linda

DThe sender, Peter

Answer : A

Question 4

Which of the following measures is a corrective measure?

AIncorporating an Intrusion Detection System (IDS) in the design of a computer centre

BInstalling a virus scanner in an information system

CMaking a backup of the data that has been created or altered that day

DRestoring a backup of the correct database after a corrupt copy of the database was written
over the original

Answer : D

Question 5

You have just started working at a large organization. You have been asked to sign a code of

conduct as well as a contract. What does the organization wish to achieve with this?

AA code of conduct helps to prevent the misuse of IT facilities.

BA code of conduct is a legal obligation that organizations have to meet.

CA code of conduct prevents a virus outbreak.

DA code of conduct gives staff guidance on how to report suspected misuses of IT facilities.

Answer : A

Question 6

Why do organizations have an information security policy?

AIn order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.

BIn order to ensure that staff do not break any laws.

CIn order to give direction to how information security is set up within an organization.

DIn order to ensure that everyone knows who is responsible for carrying out the backup procedures.

Answer : C

Question 7

There is a network printer in the hallway of the company where you work. Many employees dont

pick up their printouts immediately and leave them in the printer. What are the consequences of

this to the reliability of the information?

AThe integrity of the information is no longer guaranteed.

BThe availability of the information is no longer guaranteed.

CThe confidentiality of the information is no longer guaranteed.

Answer : C

Exin ISFS Information Security Foundation ISO/IEC Exam Practice Test