Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

ISFS Questions and Answers

Note! Following ISFS Exam is Retired now. Please select the alternative replacement for your Exam Certification.

ISFS Questions and Answers

Question # 6

The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following

measures to assure information security:

- The security requirements for the network are specified.

- A test environment is set up for the purpose of testing reports coming from the database.

- The various employee functions are assigned corresponding access rights.

- RFID access passes are introduced for the building.

Which one of these measures is not a technical measure?

A.

The specification of requirements for the network

B.

Setting up a test environment

C.

Introducing a logical access policy

D.

Introducing RFID access passes

Full Access
Question # 7

What is a risk analysis used for?

A.

A risk analysis is used to express the value of information for an organization in monetary

terms.

B.

A risk analysis is used to clarify to management their responsibilities.

C.

A risk analysis is used in conjunction with security measures to reduce risks to an acceptable

level.

D.

A risk analysis is used to ensure that security measures are deployed in a cost-effective and

timely fashion.

Full Access
Question # 8

Which one of the threats listed below can occur as a result of the absence of a physical measure?

A.

A user can view the files belonging to another user.

B.

A server shuts off because of overheating.

C.

A confidential document is left in the printer.

D.

Hackers can freely enter the computer network.

Full Access
Question # 9

A well executed risk analysis provides a great deal of useful information. A risk analysis has four

main objectives. What is not one of the four main objectives of a risk analysis?

A.

Identifying assets and their value

B.

Determining the costs of threats

C.

Establishing a balance between the costs of an incident and the costs of a security measure

D.

Determining relevant vulnerabilities and threats

Full Access
Question # 10

Your company is in the news as a result of an unfortunate action by one of your employees. The

phones are ringing off the hook with customers wanting to cancel their contracts. What do we call

this type of damage?

A.

Direct damage

B.

Indirect damage

Full Access
Question # 11

You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use this time

to send and read their private mail and surf the Internet. In legal terms, in which way can the use

of the Internet and e-mail facilities be best regulated?

A.

Installing an application that makes certain websites no longer accessible and that filters attachments in e-mails

B.

Drafting a code of conduct for the use of the Internet and e-mail in which the rights and obligations of both the employer and staff are set down

C.

Implementing privacy regulations

D.

Installing a virus scanner

Full Access
Question # 12

You work for a flexible employer who doesnt mind if you work from home or on the road. You

regularly take copies of documents with you on a USB memory stick that is not secure. What are

the consequences for the reliability of the information if you leave your USB memory stick behind

on the train?

A.

The integrity of the data on the USB memory stick is no longer guaranteed.

B.

The availability of the data on the USB memory stick is no longer guaranteed.

C.

The confidentiality of the data on the USB memory stick is no longer guaranteed.

Full Access