ISFS Online Practice Questions and Answers

What is an example of a physical security measure?

A. A code of conduct that requires staff to adhere to the clear desk policy, ensuring that confidential information is not left visibly on the desk at the end of the work day

B. An access control policy with passes that have to be worn visibly

C. The encryption of confidential information

D. Special fire extinguishers with inert gas, such as Argon

An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

A. Availability measure

B. Integrity measure

C. Organizational measure

D. Technical measure

What is the greatest risk for an organization if no information security policy has been defined?

A. If everyone works with the same account, it is impossible to find out who worked on what.

B. Information security activities are carried out by only a few people.

C. Too many measures are implemented.

D. It is not possible for an organization to implement information security in a consistent manner.

What is the objective of classifying information?

A. Authorizing the use of an information system

B. Creating a label that indicates how confidential the information is

C. Defining different levels of sensitivity into which information may be arranged

D. Displaying on the document who is permitted access

You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?

A. The integrity of the data on the USB memory stick is no longer guaranteed.

B. The availability of the data on the USB memory stick is no longer guaranteed.

C. The confidentiality of the data on the USB memory stick is no longer guaranteed.

You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?

A. The information security policy gives direction to the information security efforts.

B. The information security policy supplies instructions for the daily practice of information security.

C. The information security policy establishes which devices will be protected.

D. The information security policy establishes who is responsible for which area of information security.

My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

A. Discretionary Access Control (DAC)

B. Mandatory Access Control (MAC)

C. Public Key Infrastructure (PKI)

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

You have an office that designs corporate logos. You have been working on a draft for a large client. Just as you are going to press the button, the screen goes blank. The hard disk is damaged and cannot be repaired. You find an early version of the design in your mail folder and you reproduce the draft for the customer. What is such a measure called?

A. Corrective measure

B. Preventive measure

C. Reductive measure

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

A. Risk bearing

B. Risk avoiding

C. Risk neutral