ITIL ISFS - Information Security Foundation based on ISO/IEC 27002 Exam
Page: 2 / 16
Total 80 questions
Question #6 (Topic: )
What physical security measure is necessary to control access to company information?
A. Air-conditioning
B. Username and password
C. The use of break-resistant glass and doors with the right locks, frames and hinges
D. Prohibiting the use of USB sticks
Answer: C
Question #7 (Topic: )
Why do organizations have an information security policy?
A. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
B. In order to ensure that staff do not break any laws.
C. In order to give direction to how information security is set up within an organization.
D. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.
Answer: C
Question #8 (Topic: )
You work in the IT department of a medium-sized company. Confidential information has
got into
the wrong hands several times. This has hurt the image of the company. You have been
asked to
propose organizational security measures for laptops at your company. What is the first
step that
you should take?
got into
the wrong hands several times. This has hurt the image of the company. You have been
asked to
propose organizational security measures for laptops at your company. What is the first
step that
you should take?
A. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
B. Appoint security personnel
C. Encrypt the hard drives of laptops and USB sticks
D. Set up an access control policy
Answer: A
Question #9 (Topic: )
You work for a large organization. You notice that you have access to confidential
information that you should not be able to access in your position. You report this security
incident to the helpdesk. The incident cycle isinitiated. What are the stages of the security
incident cycle?
information that you should not be able to access in your position. You report this security
incident to the helpdesk. The incident cycle isinitiated. What are the stages of the security
incident cycle?
A. Threat, Damage, Incident, Recovery
B. Threat, Damage, Recovery, Incident
C. Threat, Incident, Damage, Recovery
D. Threat, Recovery, Incident, Damage
Answer: C
Question #10 (Topic: )
Your organization has an office with space for 25 workstations. These workstations are all
fully
equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which
are
used for a call centre 24 hours per day. Five workstations must always be available. What
physical security measures must be taken in order to ensure this?
fully
equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which
are
used for a call centre 24 hours per day. Five workstations must always be available. What
physical security measures must be taken in order to ensure this?
A. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.
B. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.
C. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.
D. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
Answer: C
