
ISFSのPDF試験材料2023年最新の実際に出るISFS問題集
更新されたのはEXIN ISFS問題集PDFオンラインエンジン
EXIN ISFS 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 45
Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure.
What are some other measures?
- A. Partial, adaptive and corrective measures
- B. Repressive, adaptive and corrective measures
- C. Detective, repressive and corrective measures
正解: C
質問 46
A Dutch company requests to be listed on the American Stock Exchange. Which legislation within the scope of information security is relevant in this case?
- A. Security regulations for the Dutch government
- B. Public Records Act
- C. Dutch Tax Law
- D. Sarbanes-Oxley Act
正解: D
質問 47
You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arson is not entirely out of the question. What is the relationship between the threat of fire and the risk of fire?
- A. The threat of fire is the risk of fire multiplied by the chance that the fire may occur and the consequences thereof.
- B. The risk of fire is the threat of fire multiplied by the chance that the fire may occur and the consequences thereof.
正解: B
質問 48
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?
- A. A risk analysis identifies threats from the known risks.
- B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- C. Risk analyses help to find a balance between threats and risks.
- D. A risk analysis is used to remove the risk of a threat.
正解: B
質問 49
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?
- A. Availability
- B. Confidentiality
- C. Integrity
正解: B
質問 50
You have an office that designs corporate logos. You have been working on a draft for a large client. Just as you are going to press the <save> button, the screen goes blank. The hard disk is damaged and cannot be repaired. You find an early version of the design in your mail folder and you reproduce the draft for the customer. What is such a measure called?
- A. Reductive measure
- B. Corrective measure
- C. Preventive measure
正解: B
質問 51
What do employees need to know to report a security incident?
- A. Whether the incident has occurred before and what was the resulting damage.
- B. Who is responsible for the incident and whether it was intentional.
- C. How to report an incident and to whom.
- D. The measures that should have been taken to prevent the incident in the first place.
正解: C
質問 52
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?
- A. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff.
Inform the building security personnel that work will also be carried out in the evenings and at night. - B. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.
- C. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
- D. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.
正解: A
質問 53
In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?
- A. The authentication step checks the username against a list of users who have access to the system.
- B. The system determines whether access may be granted by determining whether the token used is authentic.
- C. In the second step, you make your identity known, which means you are given access to the system.
- D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.
正解: B
質問 54
At Midwest Insurance, all information is classified. What is the goal of this classification of information?
- A. To create a manual about how to handle mobile devices
- B. Structuring information according to its sensitivity
- C. Applying labels making the information easier to recognize
正解: B
質問 55
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?
- A. A risk analysis identifies threats from the known risks.
- B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- C. Risk analyses help to find a balance between threats and risks.
- D. A risk analysis is used to remove the risk of a threat.
正解: B
質問 56
The consultants at Smith Consultants Inc. work on laptops that are protected by asymmetrical cryptography. To keep the management of the keys cheap, all consultants use the same key pair. What is the companys risk if they operate in this manner?
- A. If the private key becomes known all laptops must be supplied with new keys.
- B. If the public key becomes known all laptops must be supplied with new keys.
- C. If the Public Key Infrastructure (PKI) becomes known all laptops must be supplied with new keys.
正解: A
質問 57
When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files. What is the correct definition of availability?
- A. The total amount of time that an information system is accessible to the users
- B. The degree to which an information system is available for the users
- C. The degree to which the system capacity is enough to allow all users to work with it
- D. The degree to which the continuity of an organization is guaranteed
正解: B
質問 58
You have just started working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?
- A. A code of conduct is a legal obligation that organizations have to meet.
- B. A code of conduct helps to prevent the misuse of IT facilities.
- C. A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.
- D. A code of conduct prevents a virus outbreak.
正解: B
質問 59
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?
- A. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.
- B. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.
- C. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
- D. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.
正解: B
質問 60
Who is authorized to change the classification of a document?
- A. The owner of the document
- B. The administrator of the document
- C. The author of the document
- D. The manager of the owner of the document
正解: A
質問 61
Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?
- A. The employer is permitted to check this if the employees are aware that this could happen.
- B. The employer is permitted to check this if the employee is informed after each instance of checking.
- C. The employer is in no way permitted to check the use of IT services by employees.
- D. The employer is permitted to check this if a firewall is also installed.
正解: A
質問 62
You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?
- A. The integrity of the data on the USB memory stick is no longer guaranteed.
- B. The availability of the data on the USB memory stick is no longer guaranteed.
- C. The confidentiality of the data on the USB memory stick is no longer guaranteed.
正解: C
質問 63
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?
- A. The first step consists of checking if the user is using the correct certificate.
- B. The first step consists of checking if the user appears on the list of authorized users.
- C. The first step consists of comparing the password with the registered password.
- D. The first step consists of granting access to the information to which the user is authorized.
正解: B
質問 64
Why is air-conditioning placed in the server room?
- A. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted.
The air in the room is also dehumidified and filtered. - B. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.
- C. It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
- D. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.
正解: A
質問 65
An airline company employee notices that she has access to one of the company's applications that she has not used before. Is this an information security incident?
- A. Yes
- B. No
正解: B
質問 66
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?
- A. Identifying assets and their value
- B. Determining the costs of threats
- C. Determining relevant vulnerabilities and threats
- D. Establishing a balance between the costs of an incident and the costs of a security measure
正解: B
質問 67
What is the greatest risk for an organization if no information security policy has been defined?
- A. Information security activities are carried out by only a few people.
- B. If everyone works with the same account, it is impossible to find out who worked on what.
- C. Too many measures are implemented.
- D. It is not possible for an organization to implement information security in a consistent manner.
正解: D
質問 68
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
- A. Intellectual Property Rights
- B. Personal data protection legislation
- C. ISO/IEC 27001:2005
- D. ISO/IEC 27002:2005
正解: B
質問 69
......
EXIN ISFS問題集PDFのベストを目指すなら問題集を使おう!高得点目指すならここ:https://jp.fast2test.com/ISFS-premium-file.html
ISFSのPDFで問題解答!PDFサンプル問題は信頼され続ける:https://drive.google.com/open?id=1LDE4tmm2HiCoKUD3XeO-Pe5_xx64LL7W