更新された2023年10月テストエンジン練習ISFS問題集と練習試験合格させます
問題集お試しセットISFSテストエンジンで問題集トレーニングには80問あります
質問 # 46
What do employees need to know to report a security incident?
- A. Who is responsible for the incident and whether it was intentional.
- B. The measures that should have been taken to prevent the incident in the first place.
- C. Whether the incident has occurred before and what was the resulting damage.
- D. How to report an incident and to whom.
正解:D
質問 # 47
Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?
- A. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.
- B. Issue a ban on the provision of personal information.
- C. Make the employees responsible for submitting their personal data.
- D. Appoint a person responsible for supporting managers in adhering to the policy.
正解:A
質問 # 48
Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?
- A. Physical security measures
- B. Logical access security measures
- C. Measures required by laws and regulations
- D. Clear Desk Policy
正解:C
質問 # 49
You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security incident to the helpdesk. The incident cycle isinitiated. What are the stages of the security incident cycle?
- A. Threat, Incident, Damage, Recovery
- B. Threat, Recovery, Incident, Damage
- C. Threat, Damage, Incident, Recovery
- D. Threat, Damage, Recovery, Incident
正解:A
質問 # 50
Which type of malware builds a network of contaminated computers?
- A. Trojan
- B. Storm Worm or Botnet
- C. Virus
- D. Logic Bomb
正解:B
質問 # 51
A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?
- A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
- B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.
正解:A
解説:
Explanation
質問 # 52
What is a human threat to the reliability of the information on your company website?
- A. Because of a lack of maintenance, a fire hydrant springs a leak and floods the premises. Your employees cannot come into the office and therefore can not keep the information on the website up to date.
- B. One of your employees commits an error in the price of a product on your website.
- C. The computer hosting your website is overloaded and crashes. Your website is offline.
正解:B
質問 # 53
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?
- A. Discretionary Access Control (DAC)
- B. Mandatory Access Control (MAC)
- C. Public Key Infrastructure (PKI)
正解:B
質問 # 54
There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?
- A. The availability of the information is no longer guaranteed.
- B. The confidentiality of the information is no longer guaranteed.
- C. The integrity of the information is no longer guaranteed.
正解:B
質問 # 55
Susan sends an email to Paul. Who determines the meaning and the value of information in this email?
- A. Paul, the recipient of the information.
- B. Paul and Susan, the sender and the recipient of the information.
- C. Susan, the sender of the information.
正解:A
質問 # 56
You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?
- A. Intrusion alarm
- B. Sprinkler installation
- C. Backup tape
- D. Access restriction to special rooms
正解:A
質問 # 57
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization.
What occurs during the first step of this process: identification?
- A. The first step consists of granting access to the information to which the user is authorized.
- B. The first step consists of comparing the password with the registered password.
- C. The first step consists of checking if the user is using the correct certificate.
- D. The first step consists of checking if the user appears on the list of authorized users.
正解:D
質問 # 58
Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?
- A. Indirect damage
- B. Direct damage
正解:A
質問 # 59
Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?
- A. Obtain an extra office and connect all 10 new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff.
Inform the building security personnel that work will also be carried out in the evenings and at night. - B. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment.
- C. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations.
- D. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.
正解:A
質問 # 60
A Dutch company requests to be listed on the American Stock Exchange. Which legislation within the scope of information security is relevant in this case?
- A. Sarbanes-Oxley Act
- B. Security regulations for the Dutch government
- C. Public Records Act
- D. Dutch Tax Law
正解:A
質問 # 61
You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money. What is this kind of threat called?
- A. Human threat
- B. Natural threat
- C. Social Engineering
正解:A
質問 # 62
Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure.
What are some other measures?
- A. Partial, adaptive and corrective measures
- B. Repressive, adaptive and corrective measures
- C. Detective, repressive and corrective measures
正解:C
質問 # 63
What is the relationship between data and information?
- A. Data is structured information.
- B. Information is the meaning and value assigned to a collection of data.
正解:B
質問 # 64
You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use this time to send and read their private mail and surf the Internet. In legal terms, in which way can the use of the Internet and e-mail facilities be best regulated?
- A. Installing a virus scanner
- B. Installing an application that makes certain websites no longer accessible and that filters attachments in e-mails
- C. Drafting a code of conduct for the use of the Internet and e-mail in which the rights and obligations of both the employer and staff are set down
- D. Implementing privacy regulations
正解:C
質問 # 65
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
- A. ISO/IEC 27001:2005
- B. ISO/IEC 27002:2005
- C. Intellectual Property Rights
- D. Personal data protection legislation
正解:D
質問 # 66
......
EXIN ISFS問題集カバー率リアル試験問題:https://www.jpntest.com/shiken/ISFS-mondaishu