最近更新された2024年01月テストエンジン練習テストはISFS試験問題解答! [Q24-Q43]

Share

最近更新された2024年01月テストエンジン練習テストはISFS試験問題解答!

Information Security Foundation based on ISO/IEC 27001認定サンプル問題と練習試験合格させます


グローバルに認知された資格であるEXIN ISFS試験は、情報セキュリティの基本原則に強い理解を持つ候補者を提供することを目的としています。試験シラバスは、情報セキュリティの基本的な概念、セキュリティ管理、ISO/IEC 27001フレームワークおよびその実装、リスク管理の原則と実践、ビジネスとITの調整、情報セキュリティのインシデント管理をカバーするように設計されています。

 

質問 # 24
Which of the following measures is a corrective measure?

  • A. Incorporating an Intrusion Detection System (IDS) in the design of a computer centre
  • B. Installing a virus scanner in an information system
  • C. Restoring a backup of the correct database after a corrupt copy of the database was written over the original
  • D. Making a backup of the data that has been created or altered that day

正解:C


質問 # 25
Which one of the threats listed below can occur as a result of the absence of a physical measure?

  • A. A user can view the files belonging to another user.
  • B. Hackers can freely enter the computer network.
  • C. A confidential document is left in the printer.
  • D. A server shuts off because of overheating.

正解:D


質問 # 26
When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files.
What is the correct definition of availability?

  • A. The degree to which the continuity of an organization is guaranteed
  • B. The degree to which the system capacity is enough to allow all users to work with it
  • C. The degree to which an information system is available for the users
  • D. The total amount of time that an information system is accessible to the users

正解:C

解説:
Explanation/Reference:


質問 # 27
You own a small company in a remote industrial areA. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to be a false alarm every time. You decide to set up a hidden camerA. What is such a measure called?

  • A. Preventive measure
  • B. Repressive measure
  • C. Detective measure

正解:C

解説:
Explanation/Reference:


質問 # 28
Why is air-conditioning placed in the server room?

  • A. When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.
  • B. It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
  • C. Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.
  • D. In the server room the air has to be cooled and the heat produced by the equipment has to be extracted.
    The air in the room is also dehumidified and filtered.

正解:D


質問 # 29
You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money. What is this kind of threat called?

  • A. Human threat
  • B. Natural threat
  • C. Social Engineering

正解:A


質問 # 30
At Midwest Insurance, all information is classified. What is the goal of this classification of information?

  • A. To create a manual about how to handle mobile devices
  • B. Structuring information according to its sensitivity
  • C. Applying labels making the information easier to recognize

正解:B


質問 # 31
Which of the following measures is a preventive measure?

  • A. Putting sensitive information in a safe
  • B. Shutting down all internet traffic after a hacker has gained access to the company systems
  • C. Installing a logging system that enables changes in a system to be recognized
  • D. Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk

正解:A


質問 # 32
You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?

  • A. You should first investigate this incident yourself and try to limit the damage.
  • B. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.
  • C. This incident should be reported immediately.

正解:C


質問 # 33
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the companys staff. Which kind of security measure could have prevented this?

  • A. A physical security measure
  • B. An organizational security measure
  • C. A technical security measure

正解:A


質問 # 34
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

  • A. Establishing a balance between the costs of an incident and the costs of a security measure
  • B. Determining the costs of threats
  • C. Identifying assets and their value
  • D. Determining relevant vulnerabilities and threats

正解:B


質問 # 35
You own a small company in a remote industrial areA. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to be a false alarm every time. You decide to set up a hidden camerA. What is such a measure called?

  • A. Preventive measure
  • B. Repressive measure
  • C. Detective measure

正解:C


質問 # 36
In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

  • A. In the second step, you make your identity known, which means you are given access to the system.
  • B. The system determines whether access may be granted by determining whether the token used is authentic.
  • C. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.
  • D. The authentication step checks the username against a list of users who have access to the system.

正解:B


質問 # 37
What action is an unintentional human threat?

  • A. Arson
  • B. Theft of a laptop
  • C. Social engineering
  • D. Incorrect use of fire extinguishing equipment

正解:D

解説:
Explanation/Reference:


質問 # 38
Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

  • A. Susan, the sender of the information.
  • B. Paul and Susan, the sender and the recipient of the information.
  • C. Paul, the recipient of the information.

正解:C


質問 # 39
An airline company employee notices that she has access to one of the company's applications that she has not used before. Is this an information security incident?

  • A. No
  • B. Yes

正解:A

解説:
Explanation


質問 # 40
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

  • A. Personal data protection legislation
  • B. Intellectual Property Rights
  • C. ISO/IEC 27002:2005
  • D. ISO/IEC 27001:2005

正解:A


質問 # 41
The consultants at Smith Consultants Inc. work on laptops that are protected by asymmetrical cryptography. To keep the management of the keys cheap, all consultants use the same key pair. What is the companys risk if they operate in this manner?

  • A. If the Public Key Infrastructure (PKI) becomes known all laptops must be supplied with new keys.
  • B. If the public key becomes known all laptops must be supplied with new keys.
  • C. If the private key becomes known all laptops must be supplied with new keys.

正解:C


質問 # 42
What is the greatest risk for an organization if no information security policy has been defined?

  • A. It is not possible for an organization to implement information security in a consistent manner.
  • B. If everyone works with the same account, it is impossible to find out who worked on what.
  • C. Too many measures are implemented.
  • D. Information security activities are carried out by only a few people.

正解:A


質問 # 43
......


Exin ISFS(ISO/IEC 27001に基づく情報セキュリティ財団)認証試験は、情報セキュリティ管理における個人の知識とスキルを評価する世界的に認められた認定です。 ISO/IEC 27001標準に基づいて、候補者が情報セキュリティ管理の概念とベストプラクティスの基本的な理解を持っているかどうかを評価します。


ISO/IEC 27001(ISFS)に基づくExin Information Security Foundationは、情報セキュリティに関する専門家の知識を検証するグローバルに認められた認定です。情報資産を保護するための情報セキュリティ管理、リスク管理、およびベストプラクティスの原則の基本的な理解を個人に提供するように設計されています。この認定は、ITまたは情報セキュリティの役割で働いている個人、または情報セキュリティの基礎を理解しようとしている個人に最適です。

 

認定問題集でExin Certification ISFSガイドで100%有効な:https://www.jpntest.com/shiken/ISFS-mondaishu

100%必ず合格させるISFS一発合格はこれ:https://drive.google.com/open?id=1RiBLmUlizG3TNY_TWUD4Bs6afl8Ua_BS

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡