
[2023年11月20日] 最新をゲットせよ!ISFS認定練習テスト問題と試験問題集
リアルISFS試験問題集解答で有効なISFS問題集PDF
EXIN ISFS試験は、特定のベンダーやテクノロジーに沿っていないベンダーニュートラルな認定試験です。これにより、この認定試験は、広範囲の組織や産業に関連性があり、適用可能であることが保証されます。この認定試験は、グローバルで認められ、雇用主に高く評価されています。なぜなら、候補者が情報セキュリティ管理の基本原則をしっかりと理解していることを示しているからです。
質問 # 16
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?
- A. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- B. Risk analyses help to find a balance between threats and risks.
- C. A risk analysis identifies threats from the known risks.
- D. A risk analysis is used to remove the risk of a threat.
正解:A
質問 # 17
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers.
You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?
- A. Availability
- B. Integrity
- C. Confidentiality
正解:C
質問 # 18
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?
- A. Integrity measure
- B. Technical measure
- C. Availability measure
- D. Organizational measure
正解:B
質問 # 19
Which one of the threats listed below can occur as a result of the absence of a physical measure?
- A. Hackers can freely enter the computer network.
- B. A confidential document is left in the printer.
- C. A server shuts off because of overheating.
- D. A user can view the files belonging to another user.
正解:C
質問 # 20
What is the objective of classifying information?
- A. Defining different levels of sensitivity into which information may be arranged
- B. Authorizing the use of an information system
- C. Creating a label that indicates how confidential the information is
- D. Displaying on the document who is permitted access
正解:A
質問 # 21
The act of taking organizational security measures is inextricably linked with all other measures that have to be taken. What is the name of the system that guarantees the coherence of information security in the organization?
- A. Information Security Management System (ISMS)
- B. Rootkit
- C. Security regulations for special information for the government
正解:A
質問 # 22
What is the best way to comply with legislation and regulations for personal data protection?
- A. Appointing the responsibility to someone
- B. Maintaining an incident register
- C. Performing a threat analysis
- D. Performing a vulnerability analysis
正解:A
質問 # 23
A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?
- A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.
- B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
正解:B
解説:
Explanation
質問 # 24
Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?
- A. Indirect damage
- B. Direct damage
正解:A
質問 # 25
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?
- A. Availability
- B. Integrity
- C. Confidentiality
正解:C
質問 # 26
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?
- A. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.
- B. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
- C. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.
- D. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.
正解:A
質問 # 27
There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?
- A. Melted backup tapes
- B. Burned computer systems
- C. Water damage due to the fire extinguishers
- D. Burned documents
正解:C
質問 # 28
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk.
He asks you for your password. What kind of threat is this?
- A. Organizational threat
- B. Natural threat
- C. Social Engineering
正解:C
質問 # 29
In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level security measures. What is this kind of risk strategy called?
- A. Risk avoiding
- B. Risk bearing
- C. Risk neutral
正解:A
質問 # 30
Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?
- A. Logical access security measures
- B. Physical security measures
- C. Measures required by laws and regulations
- D. Clear Desk Policy
正解:C
質問 # 31
What is the relationship between data and information?
- A. Data is structured information.
- B. Information is the meaning and value assigned to a collection of data.
正解:B
質問 # 32
You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?
- A. Appoint security personnel
- B. Encrypt the hard drives of laptops and USB sticks
- C. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
- D. Set up an access control policy
正解:C
質問 # 33
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization.
What occurs during the first step of this process: identification?
- A. The first step consists of granting access to the information to which the user is authorized.
- B. The first step consists of checking if the user appears on the list of authorized users.
- C. The first step consists of checking if the user is using the correct certificate.
- D. The first step consists of comparing the password with the registered password.
正解:B
質問 # 34
Three characteristics determine the reliability of information. Which characteristics are these?
- A. Availability, Nonrepudiation and Confidentiality
- B. Availability, Integrity and Correctness
- C. Availability, Integrity and Confidentiality
正解:C
質問 # 35
......
ISO/IEC 27001 (ISFS) に基づく EXIN Information Security Foundation 認定試験は、情報セキュリティ管理の基本的な理解力を確認するグローバルに認められた資格です。この技術的な資格試験は、情報セキュリティ管理システム (ISMS) の事前知識がほとんどないプロフェッショナルに適しています。候補者が情報セキュリティ管理、情報セキュリティコントロール、およびリスク管理の概念を理解するのを支援します。また、業界で使用される標準用語を理解する能力を確認することができます。
Exin ISFSは、情報セキュリティのスキルと専門知識を確立したい個人にとって、重要で価値のある認証です。情報セキュリティ基準、ベストプラクティス、および管理原則を基本ではあるが徹底的な理解を提供します。それは世界的に認識されており、個人が情報セキュリティに関する基本的な知識を持っていることを実証し、現場での能力を証明しています。
ISFS試験問題集でPDF問題とテストエンジン:https://jp.fast2test.com/ISFS-premium-file.html
最新ISFS試験問題集には合格保証付きます:https://drive.google.com/open?id=1LDE4tmm2HiCoKUD3XeO-Pe5_xx64LL7W