合格させるEXIN ISFSにはJPNTest提供の試験問題集で2023年10月更新 [Q10-Q31]

Share

合格させるEXIN ISFSにはJPNTest提供の試験問題集で2023年10月更新

完全版最新のISFS問題集、100%カバー率問題と解答があなたをリアル試験で合格させる


この試験は40問から成り、合格スコアは65%以上が必要です。質問は、情報セキュリティの原則、ISO / IEC 27001標準とその実装、リスク管理、関連法規の遵守など、広範なトピックをカバーしています。EXIN ISFS認証は国際的に認められ、情報セキュリティの分野で働きたい人にとって貴重な資産です。

 

質問 # 10
What is the greatest risk for an organization if no information security policy has been defined?

  • A. It is not possible for an organization to implement information security in a consistent manner.
  • B. If everyone works with the same account, it is impossible to find out who worked on what.
  • C. Information security activities are carried out by only a few people.
  • D. Too many measures are implemented.

正解:A


質問 # 11
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

  • A. Information Security Management System
  • B. The use of tokens to gain access to information systems
  • C. Validation of input and output data in applications
  • D. Encryption of information

正解:A


質問 # 12
Which of the following measures is a corrective measure?

  • A. Making a backup of the data that has been created or altered that day
  • B. Incorporating an Intrusion Detection System (IDS) in the design of a computer centre
  • C. Installing a virus scanner in an information system
  • D. Restoring a backup of the correct database after a corrupt copy of the database was written over the original

正解:D


質問 # 13
What is the relationship between data and information?

  • A. Data is structured information.
  • B. Information is the meaning and value assigned to a collection of data.

正解:B

解説:
Explanation


質問 # 14
You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use this time to send and read their private mail and surf the Internet. In legal terms, in which way can the use of the Internet and e-mail facilities be best regulated?

  • A. Drafting a code of conduct for the use of the Internet and e-mail in which the rights and obligations of both the employer and staff are set down
  • B. Installing a virus scanner
  • C. Implementing privacy regulations
  • D. Installing an application that makes certain websites no longer accessible and that filters attachments in e-mails

正解:A


質問 # 15
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

  • A. The sender, Peter
  • B. The manager, Linda
  • C. The person who drafted the insurance terms and conditions
  • D. The recipient, Rachel

正解:D


質問 # 16
There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?

  • A. The confidentiality of the information is no longer guaranteed.
  • B. The availability of the information is no longer guaranteed.
  • C. The integrity of the information is no longer guaranteed.

正解:A


質問 # 17
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?

  • A. A risk analysis identifies threats from the known risks.
  • B. Risk analyses help to find a balance between threats and risks.
  • C. A risk analysis is used to remove the risk of a threat.
  • D. A risk analysis is used to clarify which threats are relevant and what risks they involve.

正解:D


質問 # 18
What is the most important reason for applying segregation of duties?

  • A. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • B. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • C. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
  • D. Segregation of duties makes it clear who is responsible for what.

正解:B


質問 # 19
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?

  • A. A risk analysis identifies threats from the known risks.
  • B. Risk analyses help to find a balance between threats and risks.
  • C. A risk analysis is used to remove the risk of a threat.
  • D. A risk analysis is used to clarify which threats are relevant and what risks they involve.

正解:D


質問 # 20
What is an example of a good physical security measure?

  • A. All employees and visitors carry an access pass.
  • B. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
  • C. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

正解:A


質問 # 21
What physical security measure is necessary to control access to company information?

  • A. Prohibiting the use of USB sticks
  • B. Air-conditioning
  • C. The use of break-resistant glass and doors with the right locks, frames and hinges
  • D. Username and password

正解:C


質問 # 22
Why is compliance important for the reliability of the information?

  • A. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
  • B. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.
  • C. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
  • D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.

正解:A


質問 # 23
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

  • A. Natural threat
  • B. Organizational threat
  • C. Social Engineering

正解:C


質問 # 24
Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?

  • A. Direct damage
  • B. Indirect damage

正解:B


質問 # 25
What is the definition of the Annual Loss Expectancy?

  • A. The Annual Loss Expectancy is the average damage calculated by insurance companies for businesses in a country.
  • B. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident during the year.
  • C. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.
  • D. The Annual Loss Expectancy is the minimum amount for which an organization must insure itself.

正解:B


質問 # 26
There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?

  • A. The confidentiality of the information is no longer guaranteed.
  • B. The availability of the information is no longer guaranteed.
  • C. The integrity of the information is no longer guaranteed.

正解:A

解説:
Explanation


質問 # 27
In the organization where you work, information of a very sensitive nature is processed.
Management is legally obliged to implement the highest-level security measures. What is this kind of risk strategy called?

  • A. Risk neutral
  • B. Risk bearing
  • C. Risk avoiding

正解:C


質問 # 28
Why is air-conditioning placed in the server room?

  • A. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted. The air in the room is also dehumidified and filtered.
  • B. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.
  • C. It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
  • D. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.

正解:A


質問 # 29
Three characteristics determine the reliability of information. Which characteristics are these?

  • A. Availability, Integrity and Confidentiality
  • B. Availability, Integrity and Correctness
  • C. Availability, Nonrepudiation and Confidentiality

正解:A


質問 # 30
What is the relationship between data and information?

  • A. Data is structured information.
  • B. Information is the meaning and value assigned to a collection of data.

正解:B


質問 # 31
......


この試験は、候補者がISO/IEC 27001規格とその組織における実装の理解をテストするために設計されています。情報セキュリティ管理の原則、リスク管理の重要性、セキュリティコントロールの実装など、さまざまなトピックをカバーしています。試験は40問から構成され、候補者は60分以内に受験を完了する必要があります。試験に合格するための合格点は65%であり、試験に合格した個人はEXIN ISFS認定を受けることができます。この認定は生涯有効であり、個人の情報セキュリティ管理における知識と専門知識を示すものです。

 

最新ISFS試験問題集有効で最新の問題集:https://www.jpntest.com/shiken/ISFS-mondaishu

検証済みISFS試験解答合格確定させる:https://drive.google.com/open?id=1RiBLmUlizG3TNY_TWUD4Bs6afl8Ua_BS

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡