EX0-105 Exam Questions

The term `big data' is commonly used. However data itself has less (or no) value for an organization. Which process adds value to the data and turns data into `information'?

Lightning strikes the data center and the power surge destroys several servers. What type of threat is this?

What is the purpose of authentication?

Your company is concerned about the effect of global warming on sea levels and asks you to make preparations that prevents downtime of the billing process. What will you create?

What is the most common risk strategy besides Risk bearing and Risk neutral?

A Dutch company is processing information from Dutch civilians; this implies applicability of some Dutch regulations regarding the privacy of these civilians. The company is mandat...

Which security measure is not an organizational level security measure?

Which legislation regulates the storage and destruction of archive documents?

Which threat can materialize as a result of the absence of physical security?

Someone sends an e-mail. The sender wants the recipient to be able to verify who wrote and sent the email. What does the sender attach to the email?

An employee detects abnormal behavior of her desktop computer. After reporting to the system administrator and a first investigation, the system administrators decide to get some h...

Two friends want to exchange a confidential document. It is important that eavesdroppers cannot see this information. Furthermore the receiver should be able to validate the sender...

Which regulation is only applicable for United States public companies (e.g. listed on the New York Stock Exchange)?

A marketing employee accidentally e-mails a spreadsheet with all the company's clients, their personal and commercial data, to the wrong email address. Who determines the value of...

What is not a criteria in the review process where it is determined whether segregation of duties is applicable for an employee?

What is the purpose of a Disaster Recovery Plan (DRP)?

The incident cycle has four stages. Which stage follows the Threat stage?

Two friends want to exchange a confidential document by e-mail. They decide to use cryptography to protect the confidentiality of the document. To be able to encrypt alid decrypt t...

What is not a category for security measures?

What is `a potential cause of an unwanted incident, which may result in harm to a system or organization' called?

You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use...

Why is air-conditioning placed in the server room?

Who is authorized to change the classification of a document?

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is...

What is an example of a physical security measure?

What physical security measure is necessary to control access to company information?

Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

What is the definition of the Annual Loss Expectancy?

What is the most important reason for applying segregation of duties?

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

Why is compliance important for the reliability of the information?

What is the main reliability aspect of information besides Confidentiality and Integrity?

An information security incident has several stages which together are known as the incident cycle. At different stages within this cycle different kinds of security measures are a...

What is accomplished if reports are assigned the appropriate grading?

Of which concept is `measures taken to safeguard an information system from attacks' the definition?

What is the physical equivalent of the logical information security measure Intrusion Detection System (IDS)?

An employee is about to lose his job and decides to delete as many documents as possible from the network storage server. In which main threat category does this threat belong?

What are the two main types of damage, resulting from incidents?