Leading ISFS free practice questions Guide

Question No: 1

What is an example of a physical security measure?

A. A code of conduct that requires staff to adhere to the clear desk policy, ensuring that confidential information is not left visibly on the desk at the end of the work day

B. An access control policy with passes that have to be worn visibly

C. The encryption of confidential information

D. Special fire extinguishers with inert gas, such as Argon

Question No: 2

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

A. Information Security Management System

B. The use of tokens to gain access to information systems

C. Validation of input and output data in applications

D. Encryption of information

Question No: 3

What action is an unintentional human threat?

A. Arson

B. Theft of a laptop

C. Social engineering

D. Incorrect use of fire extinguishing equipment

Question No: 4

A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the companys staff. Which kind of security measure could have prevented this?

A. A physical security measure

B. An organizational security measure

C. A technical security measure

Question No: 5

You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

A. A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.

B. A code of conduct is a standard part of a labor contract.

C. A code of conduct differs from company to company and specifies, among other things, the

rules of behavior with regard to the usage of information systems.

Question No: 6

The consultants at Smith Consultants Inc. work on laptops that are protected by asymmetrical cryptography. To keep the management of the keys cheap, all consultants use the same key pair.

What is the companys risk if they operate in this manner?

A. If the private key becomes known all laptops must be supplied with new keys.

B. If the Public Key Infrastructure (PKI) becomes known all laptops must be supplied with new keys.

C. If the public key becomes known all laptops must be supplied with new keys.

Question No: 7

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

A. If the risk analysis has not been carried out.

B. When computer systems are kept in a cellar below ground level.

C. When the computer systems are not insured.

D. When the organization is located near a river.

Question No: 8

A Dutch company requests to be listed on the American Stock Exchange. Which legislation within

the scope of information security is relevant in this case?

A. Public Records Act

B. Dutch Tax Law

C. Sarbanes-Oxley Act

D. Security regulations for the Dutch government

Question No: 9

What is an example of a non-human threat to the physical environment?

A. Fraudulent transaction

B. Corrupted file

C. Storm

D. Virus

Question No: 10

What is the goal of an organization's security policy?

A. To provide direction and support to information security

B. To define all threats to and measures for ensuring information security

C. To document all incidents that threaten the reliability of information

D. To document all procedures required to maintain information security