Questionmark Perception
Feb 28 2021 |
Logged in as : candidate
Change font size

Introduction

考试说明

本试卷是EXIN Information Security Foundation based on ISO/IEC 27001 (ISFS.CH)模拟考试。 EXIN考试准则适用于该考试。

本试卷由40 道单项选择题组成。每道选择题有多个选项,但这些选项中只有一个是正确答案。

本试卷的总分是40分。每道题的分数是1分。您需要获得26分或以上通过考试。

考试时间为60分钟。

祝您好运!





Copyright © EXIN Holding B.V. 2021. All rights reserved.
EXIN® is a registered trademark.

Question

1  of 40
为了投保消防保险,组织必须确定所管理数据的价值。

对于确定组织的数据价值,哪个因素是重要的?

In order to take out a fire insurance, an organization must determine the value of the data that it manages.

Which factor is not important for determining the value of data for an organization?

Question

2  of 40
除了完整性和机密性,哪项是信息可靠性的第三个方面?

Besides integrity and confidentiality, what is the third reliability aspect of information?

Question

3  of 40
某单位在公司的楼道里放有一台网络打印机。很多员工没有立即拿走打印出来的文件,而是把文件留在打印机上。

这种行为对信息的可靠性有什么影响?

An organization has a network printer in the hallway of the company. Many employees do not pick up their printouts immediately and leave them on the printer.

What is the consequence of this to the reliability of the information?

Question

4  of 40
某数据库包含了一个电话公司的数百万笔交易。刚为某个客户生成并发送了一份发票。

对该客户而言,这份发票包含什么?

A database contains a few million transactions of a phone company. An invoice for a customer has been generated and sent.

What does this invoice contain for the customer?

Question

5  of 40
以下哪一项最贴切地描述了关于信息管理所关注的重点?

What is the best description of the focus of information management?

Question

6  of 40
某数据库系统因未打上最新的安全补丁,遭到了黑客入侵。黑客能够访问数据和删除数据。

哪个信息安全概念描述了缺失安全补丁程序的情况?

A database system has not had the latest security patches applied to it and was hacked. The hackers were able to access the data and delete it.

What information security concept describes the lack of security patching?

Question

7  of 40
某行政办公室正在确定所面临的危险。

可能对信息的可靠性产生破坏性影响的事件叫什么?

An administration office is determining the dangers to which it is exposed.

What is a possible event that can have a disruptive effect on the reliability of information called?

Question

8  of 40
风险管理的目的是什么?

What is a purpose of risk management?

Question

9  of 40
哪项是人为威胁?

Which is a human threat?

Question

10  of 40
执行到位的风险分析可以提供大量有用的信息。风险分析有四个主要目标。

哪项属于风险分析的四个主要目标?

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

Question

11  of 40
Midwest Insurance公司某分支机构发生火灾。消防部门迅速赶到现场,顺利在火势蔓延、烧毁整个场所前将大火扑灭。但是,服务器却被大火烧毁。保存在另一个房间的备份磁带已经熔化,还有许多文件也丢失了。

此次火灾造成了哪种间接损害?

There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost.

What indirect damage is caused by this fire?

Question

12  of 40
某办公室位于工业区。办公室旁边的公司从事易燃材料相关的工作。

火灾威胁与火灾风险之间有什么关系?

An office is situated in an industrial area. The company next to the office works with flammable materials.

What is the relationship between the threat of fire and the risk of fire?

Question

13  of 40
一家医疗保险公司的分公司发生了火灾。员工被转移到邻近的分支机构继续工作。

在事件周期的哪个阶段会转向备用安排?

A fire breaks out in a branch office of a health insurance company. The employees are transferred to neighboring branches to continue their work.

Where in the incident cycle is moving to a stand-by arrangement found?

Question

14  of 40
哪项描述符合信息安全方针的目的?

How is the purpose of information security policy best described?

Question

15  of 40
某保险公司的员工发现保单的到期日在他不知情的情况下被更改,而他是唯一有权更改的人。他将此安全事件报告给服务台。服务台工作人员记录了以下此事件相关信息:
-日期和时间
-事件说明
-事件的可能后果

以上缺少了事件的哪项重要信息?

An employee from an insurance company discovers that the expiration date of a policy has been changed without his knowledge. He is the only person authorized to do this. He reports this security incident to the helpdesk. The helpdesk worker records the following information regarding this incident:
- date and time
- description of the incident
- possible consequences of the incident

What important information about the incident is missing here?

Question

16  of 40
Juliana是一家快递公司老板。她雇用了几个人,他们在等待送货期间可以完成其他任务。但她注意到,他们利用这段时间收发私人邮件和上网。

在法律上,哪种方法可以有效地管控上网和收发邮件?

Juliana is the owner of a courier company. She employs a few people who, while waiting to make a delivery, can carry out other tasks. She notices, however, that they use this time to send and read their private e-mail and surf the internet.

In legal terms, in which way can the use of the internet and e-mail best be regulated?

Question

17  of 40
哪种体系能保证组织中信息安全的一致性?

Which system guarantees the coherence of information security in the organization?

Question

18  of 40
某服务台工作人员收到了一起关于网络服务器的安全事件报告。他的同事在网络服务器方面更有经验,所以他把这个案子转给了她。

最符合这种行为的是哪个术语?

A security incident regarding a webserver is reported to a help desk employee. His colleague has more experience with webservers, so he transfers the case to her.

Which term describes this transfer?

Question

19  of 40
谁负责将业务策略和目标转化为安全策略和目标?

Who is responsible for the translation of the business strategy and objectives to security strategy and objectives?

Question

20  of 40
哪项是发生火灾时的遏制措施?

What is a repressive measure in case of a fire?

Question

21  of 40
信息分级的目的是什么?

What is the goal of classification of information?

Question

22  of 40
缺少物理措施会引发哪种威胁?

Which threat can occur as a result of the absence of a physical measure?

Question

23  of 40
机房装有通行证读卡器。只有系统管理部门持有通行证。

以上属于什么类型的安全措施?

A computer room is protected by a pass reader. Only the system management department has a pass.

What type of security measure is this?

Question

24  of 40
中心服务器的备份与服务器保存在同一个上锁的房间里。

组织可能面临哪种风险?

The back-ups of the central server are kept in the same locked room as the server.

What risk does the organization most likely face?

Question

25  of 40
“确定某人的身份是否正确”是指什么?

What is 'establishing whether someone’s identity is correct' called?

Question

26  of 40
公钥基础设施(PKI)能提供何种安全?

What sort of security does a public key infrastructure (PKI) offer?

Question

27  of 40
在一家中型公司的IT部门,机密信息曾多次落入本不应该访问的人之手。这件事损害了该公司的形象。因此,该公司正在研究保护公司笔记本电脑的组织安全措施。

首先应做什么?

In the IT department of a medium-sized company, confidential information has come into the wrong hands several times. This has hurt the image of the company. Therefore, the company is looking into organizational security measures to protect laptops at the company.

What is the first step that should be taken?

Question

28  of 40
实行职责分离的重要原因是什么?

What is the most important reason for applying segregation of duties?

Question

29  of 40
哪一项措施属于预防措施?

Which measure is a preventive measure?

Question

30  of 40
哪种类型的恶意软件会建立一个受污染的计算机网络?

Which type of malware builds a network of contaminated computers?

Question

31  of 40
某组织的安全官发现一名员工的工作站感染了恶意软件。该恶意软件是因针对性网络钓鱼攻击而安装上的。

哪一项举措有利于防止今后发生类似事件?

Within an organization the security officer detects that a workstation of an employee is infected with malicious software. The malicious software was installed due to a targeted phishing attack.

Which action is the most beneficial to prevent such incidents in the future?

Question

32  of 40
灾难恢复计划(DRP)的目的是什么?

What is the purpose of a disaster recovery plan (DRP)?

Question

33  of 40
在物理安全中,可以应用多个保护环,并采取不同的措施。

哪一项属于保护环?

In physical security, multiple protection rings can be applied in which different measures can be taken.

What is not a protection ring?

Question

34  of 40
为保护信息系统不受攻击而采取的措施。

以上是对哪个概念的定义?

Measures taken to safeguard an information system from attacks.

Of which concept is this the definition?

Question

35  of 40
哪项是安全措施的特征?

What is a characteristic of a security measure?

Question

36  of 40
某数据中心使用不间断电源(UPS),但未配备发电机。

这种配置对数据中心的可用性有什么相关的风险?

A data center uses an uninterruptible power supply (UPS) but has no power generator.

What is the risk associated with this setup for the availability of the data center?

Question

37  of 40
在什么情况下,雇主可以检查工作场所的网络和电子邮件服务是否被用于私事?

Under which condition is an employer permitted to check if internet and e-mail services in the workplace are being used for private purposes?

Question

38  of 40
哪项标准或法规又被称为“信息安全控制实践指南”?

Which standard or regulation is also known as the ’code of practice for information security controls’?

Question

39  of 40
法律规章对于组织内部使用的信息的可靠性非常重要。

组织要合规必须做什么?

Legislation and regulations are important for the reliability of the information used within the organization.

What is the first step that an organization must take to become compliant?

Question

40  of 40
哪项法律可能会对所有与欧盟(EU)居民打交道的公司的信息安全要求产生影响?

Which legislation may have an impact on information security requirements for all companies dealing with European Union (EU) residents?