EXINは2024年最新のISFSサンプル問題は信頼され続けるISFSテストエンジン [Q35-Q57]

Share

EXINは2024年最新のISFSサンプル問題は信頼され続けるISFSテストエンジン

無料お試しEXIN ISFS問題集PDFは必ずベストの問題集オプションを使おう


EXIN ISFS試験認定は、情報セキュリティ管理、IT管理に携わるプロフェッショナル、または情報セキュリティ管理の原則を理解することに関心を持つプロフェッショナルにとって、貴重な認定資格です。この認定は、グローバルに認知されたISO/IEC 27001標準に基づき、情報セキュリティ管理の主要な概念をカバーしています。この認定はベンダーに中立的であり、グローバルに認知されているため、雇用者から高い評価を受けています。


EXIN ISFS試験は、ISO/IEC 27001に基づく情報セキュリティ管理の知識と理解を認定する資格です。この資格は、受験者が情報セキュリティ管理の原則、コンセプト、ベストプラクティスに熟知していることを証明するために設計されています。この認定は、情報セキュリティ管理、IT管理に関わるプロフェッショナル、または情報セキュリティ管理の原則を理解することに興味のあるプロフェッショナルを対象としています。

 

質問 # 35
A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
  • B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

正解:A

解説:
Explanation


質問 # 36
Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

  • A. Susan, the sender of the information.
  • B. Paul, the recipient of the information.
  • C. Paul and Susan, the sender and the recipient of the information.

正解:B


質問 # 37
You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?

  • A. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.
  • B. You should first investigate this incident yourself and try to limit the damage.
  • C. This incident should be reported immediately.

正解:C


質問 # 38
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

  • A. Confidentiality
  • B. Availability
  • C. Integrity

正解:A


質問 # 39
Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?

  • A. Indirect damage
  • B. Direct damage

正解:A


質問 # 40
What is the most important reason for applying segregation of duties?

  • A. Segregation of duties makes it clear who is responsible for what.
  • B. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
  • C. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • D. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

正解:D

解説:
Explanation


質問 # 41
What is the greatest risk for an organization if no information security policy has been defined?

  • A. If everyone works with the same account, it is impossible to find out who worked on what.
  • B. Too many measures are implemented.
  • C. Information security activities are carried out by only a few people.
  • D. It is not possible for an organization to implement information security in a consistent manner.

正解:D


質問 # 42
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

  • A. The person who drafted the insurance terms and conditions
  • B. The sender, Peter
  • C. The recipient, Rachel
  • D. The manager, Linda

正解:C


質問 # 43
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

  • A. Public Key Infrastructure (PKI)
  • B. Discretionary Access Control (DAC)
  • C. Mandatory Access Control (MAC)

正解:C


質問 # 44
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?

  • A. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.
  • B. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.
  • C. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
  • D. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.

正解:D


質問 # 45
You own a small company in a remote industrial areA. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to be a false alarm every time. You decide to set up a hidden camerA. What is such a measure called?

  • A. Repressive measure
  • B. Detective measure
  • C. Preventive measure

正解:B


質問 # 46
Three characteristics determine the reliability of information. Which characteristics are these?

  • A. Availability, Integrity and Confidentiality
  • B. Availability, Integrity and Correctness
  • C. Availability, Nonrepudiation and Confidentiality

正解:A


質問 # 47
You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arson is not entirely out of the question. What is the relationship between the threat of fire and the risk of fire?

  • A. The threat of fire is the risk of fire multiplied by the chance that the fire may occur and the consequences thereof.
  • B. The risk of fire is the threat of fire multiplied by the chance that the fire may occur and the consequences thereof.

正解:B


質問 # 48
You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?

  • A. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
  • B. Encrypt the hard drives of laptops and USB sticks
  • C. Appoint security personnel
  • D. Set up an access control policy

正解:A


質問 # 49
What is a human threat to the reliability of the information on your company website?

  • A. Because of a lack of maintenance, a fire hydrant springs a leak and floods the premises. Your employees cannot come into the office and therefore can not keep the information on the website up to date.
  • B. One of your employees commits an error in the price of a product on your website.
  • C. The computer hosting your website is overloaded and crashes. Your website is offline.

正解:B


質問 # 50
Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure. What are some other measures?

  • A. Repressive, adaptive and corrective measures
  • B. Partial, adaptive and corrective measures
  • C. Detective, repressive and corrective measures

正解:C


質問 # 51
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the companys staff. Which kind of security measure could have prevented this?

  • A. A physical security measure
  • B. An organizational security measure
  • C. A technical security measure

正解:A


質問 # 52
Why is air-conditioning placed in the server room?

  • A. It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
  • B. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.
  • C. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted.
    The air in the room is also dehumidified and filtered.
  • D. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.

正解:C


質問 # 53
Which of these is not malicious software?

  • A. Phishing
  • B. Spyware
  • C. Worm
  • D. Virus

正解:A


質問 # 54
What is an example of a non-human threat to the physical environment?

  • A. Fraudulent transaction
  • B. Storm
  • C. Corrupted file
  • D. Virus

正解:B


質問 # 55
Which measure assures that valuable information is not left out available for the taking?

  • A. Clear desk policy
  • B. Access passes
  • C. Infra-red detection

正解:A


質問 # 56
Three characteristics determine the reliability of information. Which characteristics are these?

  • A. Availability, Integrity and Confidentiality
  • B. Availability, Integrity and Correctness
  • C. Availability, Nonrepudiation and Confidentiality

正解:A

解説:
Explanation/Reference:


質問 # 57
......


EXIN ISFS(ISO/IEC 27001に基づく情報セキュリティ基礎)認定試験は、ISO/IEC 27001に基づく情報セキュリティの強固な基盤を確立することを意図した理想的な認定です。この認定試験は、グローバル標準である情報セキュリティ(ISO/IEC 27001)に基づく堅牢な情報セキュリティ管理システム(ISMS)を実装するために必要な知識とスキルを評価します。この認定試験は、情報セキュリティオフィサーや情報セキュリティスペシャリスト、またはコンサルタントを目指すプロフェッショナルを対象としています。

 

有効な問題最新版を試そうISFSテスト解釈ISFS有効な試験ガイド:https://jp.fast2test.com/ISFS-premium-file.html

ISFS試験資料EXIN学習ガイド:https://drive.google.com/open?id=1LDE4tmm2HiCoKUD3XeO-Pe5_xx64LL7W


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어