究極のガイドはISFS最新2024年05月22日時間限定!今すぐダウンロード! [Q29-Q47]

Share

究極のガイドはISFS最新2024年05月22日時間限定!今すぐダウンロード!

2024年最新のな厳密検証された合格させるISFS試験にはリアル問題と解答


EXIN ISFS 資格認定プログラムは、情報セキュリティに基本的な理解を持つ必要があるプロフェッショナルを対象に設計されています。情報セキュリティにおけるキャリアを始める個人や、IT、リスク管理、監査、コンプライアンスなど関連分野で働いている人にも適しています。この資格は、情報セキュリティにおける強固な基盤を提供し、情報セキュリティリスクを効果的に管理するために必要なスキルと能力を開発するのに役立ちます。

 

質問 # 29
You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?

  • A. The information security policy supplies instructions for the daily practice of information security.
  • B. The information security policy establishes who is responsible for which area of information security.
  • C. The information security policy establishes which devices will be protected.
  • D. The information security policy gives direction to the information security efforts.

正解:D


質問 # 30
What is the most important reason for applying segregation of duties?

  • A. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
  • B. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • C. Segregation of duties makes it clear who is responsible for what.
  • D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

正解:B

解説:
Explanation


質問 # 31
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization.
What occurs during the first step of this process: identification?

  • A. The first step consists of checking if the user appears on the list of authorized users.
  • B. The first step consists of checking if the user is using the correct certificate.
  • C. The first step consists of granting access to the information to which the user is authorized.
  • D. The first step consists of comparing the password with the registered password.

正解:A


質問 # 32
Why do organizations have an information security policy?

  • A. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.
  • B. In order to give direction to how information security is set up within an organization.
  • C. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
  • D. In order to ensure that staff do not break any laws.

正解:B


質問 # 33
When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files.
What is the correct definition of availability?

  • A. The degree to which the continuity of an organization is guaranteed
  • B. The degree to which the system capacity is enough to allow all users to work with it
  • C. The degree to which an information system is available for the users
  • D. The total amount of time that an information system is accessible to the users

正解:C

解説:
Explanation/Reference:


質問 # 34
You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?

  • A. You should first investigate this incident yourself and try to limit the damage.
  • B. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.
  • C. This incident should be reported immediately.

正解:C


質問 # 35
Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?

  • A. The employer is permitted to check this if a firewall is also installed.
  • B. The employer is permitted to check this if the employee is informed after each instance of checking.
  • C. The employer is permitted to check this if the employees are aware that this could happen.
  • D. The employer is in no way permitted to check the use of IT services by employees.

正解:C


質問 # 36
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

  • A. Risk bearing
  • B. Risk neutral
  • C. Risk avoiding

正解:B


質問 # 37
You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?

  • A. The availability of the data on the USB memory stick is no longer guaranteed.
  • B. The integrity of the data on the USB memory stick is no longer guaranteed.
  • C. The confidentiality of the data on the USB memory stick is no longer guaranteed.

正解:C


質問 # 38
Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?

  • A. Indirect damage
  • B. Direct damage

正解:A


質問 # 39
The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
-The security requirements for the network are specified.
-A test environment is set up for the purpose of testing reports coming from the database.
-The various employee functions are assigned corresponding access rights.
-
RFID access passes are introduced for the building. Which one of these measures is not a technical measure?

  • A. The specification of requirements for the network
  • B. Introducing RFID access passes
  • C. Setting up a test environment
  • D. Introducing a logical access policy

正解:B


質問 # 40
What action is an unintentional human threat?

  • A. Incorrect use of fire extinguishing equipment
  • B. Social engineering
  • C. Theft of a laptop
  • D. Arson

正解:A

解説:
Explanation/Reference:


質問 # 41
You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

  • A. The risk of a virus outbreak
  • B. The risk that hackers can do as they wish on the network without detection
  • C. The risk of undesired e-mails
  • D. The risk that fire may break out in the server room

正解:B


質問 # 42
At Midwest Insurance, all information is classified. What is the goal of this classification of information?

  • A. Applying labels making the information easier to recognize
  • B. Structuring information according to its sensitivity
  • C. To create a manual about how to handle mobile devices

正解:B


質問 # 43
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

  • A. Social Engineering
  • B. Organizational threat
  • C. Natural threat

正解:A


質問 # 44
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

  • A. Identifying assets and their value
  • B. Determining relevant vulnerabilities and threats
  • C. Establishing a balance between the costs of an incident and the costs of a security measure
  • D. Determining the costs of threats

正解:D


質問 # 45
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk.
He asks you for your password. What kind of threat is this?

  • A. Social Engineering
  • B. Organizational threat
  • C. Natural threat

正解:A


質問 # 46
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers.
You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

  • A. Integrity
  • B. Confidentiality
  • C. Availability

正解:B


質問 # 47
......

問題集全額返金保証付き!ISFS問題公式問題集:https://jp.fast2test.com/ISFS-premium-file.html

厳密検証されたISFS試験問題集PDF[2024年最新] 時間限定無料アクセスFast2test:https://drive.google.com/open?id=1LDE4tmm2HiCoKUD3XeO-Pe5_xx64LL7W


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어