Information Security Foundation based on ISO/IEC 27002 v6.0 (ISFS)

Page:    1 / 6   
Total 87 questions

You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

  • A. The risk that hackers can do as they wish on the network without detection
  • B. The risk that fire may break out in the server room
  • C. The risk of a virus outbreak
  • D. The risk of undesired e-mails


Answer : A

A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.
  • B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.


Answer : B

Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

  • A. Paul, the recipient of the information.
  • B. Paul and Susan, the sender and the recipient of the information.
  • C. Susan, the sender of the information.


Answer : A

Which measure assures that valuable information is not left out available for the taking?

  • A. Clear desk policy
  • B. Infra-red detection
  • C. Access passes


Answer : A

What is an example of a good physical security measure?

  • A. All employees and visitors carry an access pass.
  • B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.
  • C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.


Answer : A

You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money.
What is this kind of threat called?

  • A. Human threat
  • B. Natural threat
  • C. Social Engineering


Answer : A

Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

  • A. ISO/IEC 27001:2005
  • B. Intellectual Property Rights
  • C. ISO/IEC 27002:2005
  • D. Personal data protection legislation


Answer : D

You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?

  • A. This incident should be reported immediately.
  • B. You should first investigate this incident yourself and try to limit the damage.
  • C. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.


Answer : A

A Dutch company requests to be listed on the American Stock Exchange. Which legislation within the scope of information security is relevant in this case?

  • A. Public Records Act
  • B. Dutch Tax Law
  • C. Sarbanes-Oxley Act
  • D. Security regulations for the Dutch government


Answer : C

  • A. Detective measure
  • B. Preventive measure
  • C. Repressive measure


Answer : A

At Midwest Insurance, all information is classified. What is the goal of this classification of information?

  • A. To create a manual about how to handle mobile devices
  • B. Applying labels making the information easier to recognize
  • C. Structuring information according to its sensitivity


Answer : C

Which one of the threats listed below can occur as a result of the absence of a physical measure?

  • A. A user can view the files belonging to another user.
  • B. A server shuts off because of overheating.
  • C. A confidential document is left in the printer.
  • D. Hackers can freely enter the computer network.


Answer : B

What is the best description of a risk analysis?

  • A. A risk analysis is a method of mapping risks without looking at company processes.
  • B. A risk analysis helps to estimate the risks and develop the appropriate security measures.
  • C. A risk analysis calculates the exact financial consequences of damages.


Answer : B

What is the goal of an organization's security policy?

  • A. To provide direction and support to information security
  • B. To define all threats to and measures for ensuring information security
  • C. To document all incidents that threaten the reliability of information
  • D. To document all procedures required to maintain information security


Answer : A

The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
- The security requirements for the network are specified.
- A test environment is set up for the purpose of testing reports coming from the database.
- The various employee functions are assigned corresponding access rights.
- RFID access passes are introduced for the building.
Which one of these measures is not a technical measure?

  • A. The specification of requirements for the network
  • B. Setting up a test environment
  • C. Introducing a logical access policy
  • D. Introducing RFID access passes


Answer : D

Page:    1 / 6   
Total 87 questions