Information Security Foundation based on ISO/IEC 27002 v6.0

Page:    1 / 6   
Exam contains 80 questions

What is the most important reason for applying segregation of duties?

  • A. Segregation of duties makes it clear who is responsible for what.
  • B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • D. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.


Answer : C

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

  • A. If the risk analysis has not been carried out.
  • B. When computer systems are kept in a cellar below ground level.
  • C. When the computer systems are not insured.
  • D. When the organization is located near a river.


Answer : B

Why is compliance important for the reliability of the information?

  • A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
  • B. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
  • C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.
  • D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.


Answer : B

You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?

  • A. Backup tape
  • B. Intrusion alarm
  • C. Sprinkler installation
  • D. Access restriction to special rooms


Answer : B

What is the relationship between data and information?

  • A. Data is structured information.
  • B. Information is the meaning and value assigned to a collection of data.


Answer : B

Which type of malware builds a network of contaminated computers?

  • A. Logic Bomb
  • B. Storm Worm or Botnet
  • C. Trojan
  • D. Virus


Answer : B

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

  • A. Natural threat
  • B. Organizational threat
  • C. Social Engineering


Answer : C

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers. You dont want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?

  • A. Availability
  • B. Integrity
  • C. Confidentiality


Answer : C

Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?

  • A. Direct damage
  • B. Indirect damage


Answer : B

An airline company employee notices that she has access to one of the companys applications that she has not used before. Is this an information security incident?

  • A. Yes
  • B. No


Answer : B

Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?

  • A. The employer is permitted to check this if the employee is informed after each instance of checking.
  • B. The employer is permitted to check this if the employees are aware that this could happen.
  • C. The employer is permitted to check this if a firewall is also installed.
  • D. The employer is in no way permitted to check the use of IT services by employees.


Answer : B

  • A. The risk of fire is the threat of fire multiplied by the chance that the fire may occur and the consequences thereof.
  • B. The threat of fire is the risk of fire multiplied by the chance that the fire may occur and the consequences thereof.


Answer : A

You work for a flexible employer who doesnt mind if you work from home or on the road.

You -
regularly take copies of documents with you on a USB memory stick that is not secure.

What are -
the consequences for the reliability of the information if you leave your USB memory stick behind on the train?

  • A. The integrity of the data on the USB memory stick is no longer guaranteed.
  • B. The availability of the data on the USB memory stick is no longer guaranteed.
  • C. The confidentiality of the data on the USB memory stick is no longer guaranteed.


Answer : C

What is the best way to comply with legislation and regulations for personal data protection?

  • A. Performing a threat analysis
  • B. Maintaining an incident register
  • C. Performing a vulnerability analysis
  • D. Appointing the responsibility to someone


Answer : D

There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?

  • A. Melted backup tapes
  • B. Burned computer systems
  • C. Burned documents
  • D. Water damage due to the fire extinguishers


Answer : D

Page:    1 / 6   
Exam contains 80 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy