14 Jul

Vendor: EXIN
Exam Code: ISFS
Exam Name: Information Security Foundation based on ISO/IEC 27002

What is a risk analysis used for?

A.    A risk analysis is used to express the value of information for an organization in monetary terms.
B.    A risk analysis is used to clarify to management their responsibilities.
C.    A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
D.    A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.

Answer: D

A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

A.    Identifying assets and their value
B.    Determining the costs of threats
C.    Establishing a balance between the costs of an incident and the costs of a security measure
D.    Determining relevant vulnerabilities and threats

Answer: B

What is an example of a security incident?

A.    The lighting in the department no longer works.
B.    A member of staff loses a laptop.
C.    You cannot set the correct fonts in your word processing software.
D.    A file is saved under an incorrect name.

Answer: B

Which of the following measures is a corrective measure?

A.    Incorporating an Intrusion Detection System (IDS) in the design of a computer centre
B.    Installing a virus scanner in an information system
C.    Making a backup of the data that has been created or altered that day
D.    Restoring a backup of the correct database after a corrupt copy of the database was written over the original

Answer: D

We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

A.    Availability, Information Value and Confidentiality
B.    Availability, Integrity and Confidentiality
C.    Availability, Integrity and Completeness
D.    Timeliness, Accuracy and Completeness

Answer: B

What is an example of a non-human threat to the physical environment?

A.    Fraudulent transaction
B.    Corrupted file
C.    Storm
D.    Virus

Answer: C

In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

A.    In the second step, you make your identity known, which means you are given access to the system.
B.    The authentication step checks the username against a list of users who have access to the system.
C.    The system determines whether access may be granted by determining whether the token used is authentic.
D.    During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.

Answer: C

Which of these is not malicious software?

A.    Phishing
B.    Spyware
C.    Virus
D.    Worm

Answer: A

Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

A.    Lightning strike
B.    Arson
C.    Flood
D.    Loss of a USB stick

Answer: B

If you want to pass EXIN ISFS successfully, donot missing to read latest lead2pass EXIN ISFS exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.