
2024年最新のに更新されたのはISFSテストエンジンとPDFで完全版無料問題集保証!
最新のExin Certification ISFS実際の無料試験問題
質問 # 26
Why is air-conditioning placed in the server room?
- A. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted.
The air in the room is also dehumidified and filtered. - B. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.
- C. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.
- D. It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
正解:A
質問 # 27
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
- A. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
- B. A code of conduct is a standard part of a labor contract.
- C. A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.
正解:A
質問 # 28
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?
- A. Mandatory Access Control (MAC)
- B. Public Key Infrastructure (PKI)
- C. Discretionary Access Control (DAC)
正解:A
質問 # 29
Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?
- A. Logical access security measures
- B. Physical security measures
- C. Measures required by laws and regulations
- D. Clear Desk Policy
正解:C
質問 # 30
Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?
- A. The employer is permitted to check this if the employee is informed after each instance of checking.
- B. The employer is permitted to check this if the employees are aware that this could happen.
- C. The employer is in no way permitted to check the use of IT services by employees.
- D. The employer is permitted to check this if a firewall is also installed.
正解:B
質問 # 31
You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arson is not entirely out of the question. What is the relationship between the threat of fire and the risk of fire?
- A. The threat of fire is the risk of fire multiplied by the chance that the fire may occur and the consequences thereof.
- B. The risk of fire is the threat of fire multiplied by the chance that the fire may occur and the consequences thereof.
正解:B
質問 # 32
What is an example of a good physical security measure?
- A. All employees and visitors carry an access pass.
- B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.
- C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
正解:A
質問 # 33
We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?
- A. Timeliness, Accuracy and Completeness
- B. Availability, Information Value and Confidentiality
- C. Availability, Integrity and Confidentiality
- D. Availability, Integrity and Completeness
正解:C
質問 # 34
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?
- A. Determining the costs of threats
- B. Establishing a balance between the costs of an incident and the costs of a security measure
- C. Determining relevant vulnerabilities and threats
- D. Identifying assets and their value
正解:A
質問 # 35
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
- A. ISO/IEC 27001:2005
- B. Intellectual Property Rights
- C. Personal data protection legislation
- D. ISO/IEC 27002:2005
正解:C
質問 # 36
You have an office that designs corporate logos. You have been working on a draft for a large client. Just as you are going to press the <save> button, the screen goes blank. The hard disk is damaged and cannot be repaired. You find an early version of the design in your mail folder and you reproduce the draft for the customer. What is such a measure called?
- A. Reductive measure
- B. Preventive measure
- C. Corrective measure
正解:C
質問 # 37
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?
- A. Risk analyses help to find a balance between threats and risks.
- B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- C. A risk analysis is used to remove the risk of a threat.
- D. A risk analysis identifies threats from the known risks.
正解:B
質問 # 38
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?
- A. Risk analyses help to find a balance between threats and risks.
- B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- C. A risk analysis is used to remove the risk of a threat.
- D. A risk analysis identifies threats from the known risks.
正解:B
質問 # 39
You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?
- A. Backup tape
- B. Access restriction to special rooms
- C. Sprinkler installation
- D. Intrusion alarm
正解:D
質問 # 40
What is a risk analysis used for?
- A. A risk analysis is used to express the value of information for an organization in monetary terms.
- B. A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
- C. A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.
- D. A risk analysis is used to clarify to management their responsibilities.
正解:C
質問 # 41
What is the best way to comply with legislation and regulations for personal data protection?
- A. Performing a threat analysis
- B. Appointing the responsibility to someone
- C. Performing a vulnerability analysis
- D. Maintaining an incident register
正解:B
質問 # 42
What is the relationship between data and information?
- A. Data is structured information.
- B. Information is the meaning and value assigned to a collection of data.
正解:B
質問 # 43
In the organization where you work, information of a very sensitive nature is processed.
Management is legally obliged to implement the highest-level security measures. What is this kind of risk strategy called?
- A. Risk neutral
- B. Risk avoiding
- C. Risk bearing
正解:B
質問 # 44
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?
- A. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label.
- B. Reports can be developed more easily and with fewer errors.
- C. The costs for automating are easier to charge to the responsible departments.
- D. A determination can be made as to which report should be printed first and which one can wait a little longer.
正解:A
質問 # 45
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?
- A. Availability
- B. Integrity
- C. Confidentiality
正解:C
質問 # 46
Which measure assures that valuable information is not left out available for the taking?
- A. Clear desk policy
- B. Access passes
- C. Infra-red detection
正解:A
質問 # 47
What is the most important reason for applying segregation of duties?
- A. Segregation of duties makes it clear who is responsible for what.
- B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
- C. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
- D. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
正解:D
解説:
Explanation
質問 # 48
There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?
- A. Burned documents
- B. Water damage due to the fire extinguishers
- C. Burned computer systems
- D. Melted backup tapes
正解:B
質問 # 49
What is the objective of classifying information?
- A. Creating a label that indicates how confidential the information is
- B. Defining different levels of sensitivity into which information may be arranged
- C. Authorizing the use of an information system
- D. Displaying on the document who is permitted access
正解:B
質問 # 50
Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?
- A. Flood
- B. Lightning strike
- C. Arson
- D. Loss of a USB stick
正解:C
質問 # 51
......
ISFS問題集には更新された練習テストと80独特な問題:https://jp.fast2test.com/ISFS-premium-file.html
最新の100%試験合格率爆上がり ISFS問題集PDF:https://drive.google.com/open?id=1LDE4tmm2HiCoKUD3XeO-Pe5_xx64LL7W