ISFS Exam Questions

What is a risk analysis used for?

A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

What is an example of a security incident?

Which of the following measures is a corrective measure?

We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

What is an example of a non-human threat to the physical environment?

In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identific...

Which of these is not malicious software?

Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

What is the definition of the Annual Loss Expectancy?

What is the most important reason for applying segregation of duties?

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

Why is compliance important for the reliability of the information?

You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server,...

Which type of malware builds a network of contaminated computers?

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business...

Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. Wha...

An airline company employee notices that she has access to one of the company's applications that she has not used before. Is this an information security incident?

Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?

You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arso...

You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. Wha...

What is the best way to comply with legislation and regulations for personal data protection?

There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the e...

There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequ...

What is a human threat to the reliability of the information on your company website?

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigne...

Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this...

In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level security measures. What is thi...

The act of taking organizational security measures is inextricably linked with all other measures that have to be taken. What is the name of the system that guarantees the coherenc...

You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy....

What is a repressive measure in the case of a fire?

The consultants at Smith Consultants Inc. work on laptops that are protected by asymmetrical cryptography. To keep the management of the keys cheap, all consultants use the same ke...

You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This inclu...

You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centra...

Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?

Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure. What are some other measures?

You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What...

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your companys information is worth more and more and gone are the days when you could kee...

Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

Which measure assures that valuable information is not left out available for the taking?

What is an example of a good physical security measure?

You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time an...

Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When sho...

A Dutch company requests to be listed on the American Stock Exchange. Which legislation within the scope of information security is relevant in this case?

You own a small company in a remote industrial areA. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to...

At Midwest Insurance, all information is classified. What is the goal of this classification of information?

Which one of the threats listed below can occur as a result of the absence of a physical measure?