EX0-105 Exam Questions

You work for a flexible employer who doesn't mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. Wh...

What is the best way to comply with legislation and regulations for personal data protection?

There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the e...

There is a network printer in the hallway of the company where you work. Many employees don't pick up their printouts immediately and leave them in the printer. What are the conseq...

What is a human threat to the reliability of the information on your company website?

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigne...

Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this...

In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level security measures. What is thi...

The act of taking organizational security measures is inextricably linked with all other measures that have to be taken. What is the name of the system that guarantees the coherenc...

You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy....

What is a repressive measure in the case of a fire?

The consultants at Smith Consultants Inc. work on laptops that are protected by asymmetrical cryptography. To keep the management of the keys cheap, all consultants use the same ke...

You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This inclu...

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centra...

Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?

Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure. What are some other measures?

You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What...

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company's information is worth more and more and gone are the days when you could ke...

Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

Which measure assures that valuable information is not left out available for the taking?

What is an example of a good physical security measure?

You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time an...

After a thorough risk analysis and the identification of appropriate security controls, the management team decides that for one specific threat the impact should be covered by ins...

Within a company several employees work mostly outside the perimeter of the company. These employees have laptops on which the necessary (confidential) information is stored. Which...

Which approach does/did the United States take with regard to privacy legislation?

Why is sensitive information graded?

Your organization has an office with space for twenty five (25) workstations. These workstations are all fully equipped and in use. Due to a reorganization ten (10) extra workstati...

Which legislation makes it easier to deal with offences perpetrated through advanced information technology?

An Incident Management process has several purposes. Which is not a purpose of the Incident Management process?

You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security inci...

Which type of malware is a program that collects information of the computer user and sends it to another party?

What is an organizational security measure?

A hacker gains access to a webserver and deletes a file on the server containing credit card numbers. Which of the Confidentiality, Integrity, Availability (CIA) principles of the...

There are three types of "human threats". The threat that a user accidentally deletes a document belongs to which category?

What is a risk analysis used for?

What is the purpose for an organization to have an information security policy?

Physical security must protect a company for anyone to easily access the company assets. This is illustrated by thinking in terms of series of protection rings. Which protection ri...

During a risk analysis a system administrator mentions that due to the lack of communication between Human recourses management (HRM) and system administrators, employees can still...

There are three types of human threats: Intentional human threats, Unintentional human threats and a third human threat. What is the third type of human threat?

Midwest Insurance controls access to its offices with a passkey system. What kind of security measure is this?

You own a store, and money keeps disappearing from the cash register. You want to put an end to this by means of a detective measure. What is an example of a detective measure?

Which of the following statements describes the objectives of service asset and configuration management? 1. To identify, control, report and verify service assets and configuratio...

Which of the following is a best practice concerning Information Security Risk assessment?

Security controls shall be documented. What will the controls be related to?

Personnel should be competent on the basis of appropriate education and experience. Which of the following is a best practice relating to competence?

What is the purpose of a Problem review?

Which of the following is true of process descriptions?

Which audit is conducted by, or on behalf of, the organization itself for internal purposes and can form the basis for an organization's self-declaration of conformity?