EX0-105無料問題集「EXIN Information Security Foundation based on ISO/IEC 27002」

質問 1

A marketing employee accidentally e-mails a spreadsheet with all the company is clients, their personal and commercial data, to the wrong email address.
Who determines the value of the information in the spreadsheet?

（A）Privacy legislation determines the penalty and thus the value

（B）Each party determines the value of the information independently

（C）The recipient, who can use it for identity theft

（D）The sender, who uses it for accounting purposes

正解：B 解答を投票する

質問 2

What is the definition of the Annual Loss Expectancy?

（A）The Annual Loss Expectancy is the average damage calculated by insurance companies for businesses in a country.

（B）The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident during the year.

（C）The Annual Loss Expectancy is the minimum amount for which an organization must insure itself.

（D）The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.

正解：B 解答を投票する

質問 3

Your company is concerned about the effect of global warming on sea levels and asks you to make preparations that prevents downtime of the billing process.
What will you create?

（A）Business Continuity Plan

（B）Disaster Recovery Plan

正解：A 解答を投票する

質問 4

Which threat can materialize as a result of the absence of physical security?

（A）A USB stick with confidential information is lost by an employee.

（B）A worm infects several servers due to insufficient port filtering.

（C）Software stops working because the license has expired.

（D）Systems malfunction due to spikes in the power supply.

正解：D 解答を投票する

質問 5

Why is sensitive information graded?

（A）To improve awareness of employees

（B）To determine how the information should be processed

（C）To permit the recipient to archive received information

（D）To determine the applicable back-up scheme

正解：B 解答を投票する

質問 6

What is the best way to comply with legislation and regulations for personal data protection?

（A）Performing a vulnerability analysis

（B）Maintaining an incident register

（C）Performing a threat analysis

（D）Appointing the responsibility to someone

正解：D 解答を投票する

質問 7

An Incident Management process has several purposes.
Which is not a purpose of the Incident Management process?

（A）Make sure that all employees and staff know the procedure for reporting incidents.

（B）Learn from weaknesses so they can be fixed and future incidents are prevented.

（C）Reprimand the person who is responsible for causing the incident.

（D）Solve the incident appropriately and as quickly as possible.

正解：C 解答を投票する

質問 8

A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your company's information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

（A）This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

（B）This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

正解：B 解答を投票する

質問 9

What is an example of a non-human threat to the physical environment?

（A）Storm

（B）Corrupted file

（C）Virus

（D）Fraudulent transaction

正解：A 解答を投票する

質問 10

What is a risk analysis used for?

（A）to ensure that security measures are deployed in a cost-effective and timely fashion

（B）to clarify to management their responsibilities

（C）to make everyone in the organization aware of all risks

（D）to express the value of information for an organization in monetary terms

正解：A 解答を投票する

EX0-105 無料問題集「EXIN Information Security Foundation based on ISO/IEC 27002」

弊社を連絡する

関連リンク

トップ試験