Questionmark Perception
Dec 04 2021 |
Logged in as : candidate
Change font size

Introduction

Introduction

This is the EXIN Information Security Foundation based on ISO/IEC 27001 (ISFS.EN) sample exam. The Rules and Regulations for EXIN’s examinations apply to this exam.

This exam consists of 40 multiple-choice questions. Each multiple-choice question has a number of possible answers, of which only one is correct.

The maximum number of points that can be obtained for this exam is 40. Each correct answer is worth 1 point. You need 26 points or more to pass the exam.

The time allowed for this exam is 60 minutes.

Good luck!





Copyright © EXIN Holding B.V. 2021. All rights reserved.
EXIN® is a registered trademark.

Question

1  of 40
In order to take out a fire insurance, an organization must determine the value of the data that it manages.

Which factor is not important for determining the value of data for an organization?

Question

2  of 40
Besides integrity and confidentiality, what is the third reliability aspect of information?

Question

3  of 40
An organization has a network printer in the hallway of the company. Many employees do not pick up their printouts immediately and leave them on the printer.

What is the consequence of this to the reliability of the information?

Question

4  of 40
A database contains a few million transactions of a phone company. An invoice for a customer has been generated and sent.

What does this invoice contain for the customer?

Question

5  of 40
What is the best description of the focus of information management?

Question

6  of 40
A database system has not had the latest security patches applied to it and was hacked. The hackers were able to access the data and delete it.

What information security concept describes the lack of security patching?

Question

7  of 40
An administration office is determining the dangers to which it is exposed.

What is a possible event that can have a disruptive effect on the reliability of information called?

Question

8  of 40
What is a purpose of risk management?

Question

9  of 40
Which is a human threat?

Question

10  of 40
A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

Question

11  of 40
There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost.

What indirect damage is caused by this fire?

Question

12  of 40
An office is situated in an industrial area. The company next to the office works with flammable materials.

What is the relationship between the threat of fire and the risk of fire?

Question

13  of 40
A fire breaks out in a branch office of a health insurance company. The employees are transferred to neighboring branches to continue their work.

Where in the incident cycle is moving to a stand-by arrangement found?

Question

14  of 40
How is the purpose of information security policy best described?

Question

15  of 40
An employee from an insurance company discovers that the expiration date of a policy has been changed without his knowledge. He is the only person authorized to do this. He reports this security incident to the helpdesk. The helpdesk worker records the following information regarding this incident:
- date and time
- description of the incident
- possible consequences of the incident

What important information about the incident is missing here?

Question

16  of 40
Juliana is the owner of a courier company. She employs a few people who, while waiting to make a delivery, can carry out other tasks. She notices, however, that they use this time to send and read their private e-mail and surf the internet.

In legal terms, in which way can the use of the internet and e-mail best be regulated?

Question

17  of 40
Which system guarantees the coherence of information security in the organization?

Question

18  of 40
A security incident regarding a webserver is reported to a help desk employee. His colleague has more experience with webservers, so he transfers the case to her.

Which term describes this transfer?

Question

19  of 40
Who is responsible for the translation of the business strategy and objectives to security strategy and objectives?

Question

20  of 40
What is a repressive measure in case of a fire?

Question

21  of 40
What is the goal of classification of information?

Question

22  of 40
Which threat can occur as a result of the absence of a physical measure?

Question

23  of 40
A computer room is protected by a pass reader. Only the system management department has a pass.

What type of security measure is this?

Question

24  of 40
The back-ups of the central server are kept in the same locked room as the server.

What risk does the organization most likely face?

Question

25  of 40
What is 'establishing whether someone’s identity is correct' called?

Question

26  of 40
What sort of security does a public key infrastructure (PKI) offer?

Question

27  of 40
In the IT department of a medium-sized company, confidential information has come into the wrong hands several times. This has hurt the image of the company. Therefore, the company is looking into organizational security measures to protect laptops at the company.

What is the first step that should be taken?

Question

28  of 40
What is the most important reason for applying segregation of duties?

Question

29  of 40
Which measure is a preventive measure?

Question

30  of 40
Which type of malware builds a network of contaminated computers?

Question

31  of 40
Within an organization the security officer detects that a workstation of an employee is infected with malicious software. The malicious software was installed due to a targeted phishing attack.

Which action is the most beneficial to prevent such incidents in the future?

Question

32  of 40
What is the purpose of a disaster recovery plan (DRP)?

Question

33  of 40
In physical security, multiple protection rings can be applied in which different measures can be taken.

What is not a protection ring?

Question

34  of 40
Measures taken to safeguard an information system from attacks.

Of which concept is this the definition?

Question

35  of 40
What is a characteristic of a security measure?

Question

36  of 40
A data center uses an uninterruptible power supply (UPS) but has no power generator.

What is the risk associated with this setup for the availability of the data center?

Question

37  of 40
Under which condition is an employer permitted to check if internet and e-mail services in the workplace are being used for private purposes?

Question

38  of 40
Which standard or regulation is also known as the ’code of practice for information security controls’?

Question

39  of 40
Legislation and regulations are important for the reliability of the information used within the organization.

What is the first step that an organization must take to become compliant?

Question

40  of 40
Which legislation may have an impact on information security requirements for all companies dealing with European Union (EU) residents?