ISFS Exam Questions

What is the best description of a risk analysis?

What is the goal of an organization's security policy?

The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security: - The security requirements for the network are s...

A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the...

You have an office that designs corporate logos. You have been working on a draft for a large client. Just as you are going to press the <save> button, the screen goes blank. The h...

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large...

Three characteristics determine the reliability of information. Which characteristics are these?

What action is an unintentional human threat?

You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use...

Why is air-conditioning placed in the server room?

Who is authorized to change the classification of a document?

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is...

What is an example of a physical security measure?

What physical security measure is necessary to control access to company information?

Why do organizations have an information security policy?

You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been...

You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security inci...

Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of...

Which of the following measures is a preventive measure?

Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?

What sort of security does a Public Key Infrastructure (PKI) offer?

An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What ty...

What is the greatest risk for an organization if no information security policy has been defined?

What is the objective of classifying information?

What do employees need to know to report a security incident?

You have just started working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?

Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the valu...

When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our f...

Access management is closely related to which other process?

In which core ITIL publication can you find detailed descriptions of service catalogue management, information security management, and supplier management?

Which process is responsible for the availability, confidentiality and integrity of data?

Which one of the following activities would be performed by access management?

Which of the following BEST describes the purpose of access management?

Which of the following statements describes the objectives of service asset and configuration management? 1. To identify, control, report and verify service assets and configuratio...

Which of the following is a best practice concerning Information Security Risk assessment?

Security controls shall be documented. What will the controls be related to?

Personnel should be competent on the basis of appropriate education and experience. Which of the following is a best practice relating to competence?

What is the purpose of a Problem review?

Which of the following is true of process descriptions?

Which audit is conducted by, or on behalf of, the organization itself for internal purposes and can form the basis for an organization's self-declaration of conformity?