Top Approved ISFS tutorials Tips!
Your success in EXIN,Inc ISFS is our sole target and we develop all our ISFS braindumps in a way that facilitates the attainment of this target. Not only is our ISFS study material the best you can find, it is also the most detailed and the most updated. ISFS Practice Exams for EXIN,Inc ISFS are written to the highest standards of technical accuracy.
New EXIN,Inc ISFS Exam Dumps Collection (Question 5 - Question 14)
Question No: 5
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
A. Information Security Management System
B. The use of tokens to gain access to information systems
C. Validation of input and output data in applications
D. Encryption of information
Question No: 6
What physical security measure is necessary to control access to company information?
B. Username and password
C. The use of break-resistant glass and doors with the right locks, frames and hinges
D. Prohibiting the use of USB sticks
Question No: 7
My user profile specifies which network drives I can read and write to. What is the name of the
type of logical access management wherein my access and rights are determined centrally?
A. Discretionary Access Control (DAC)
B. Mandatory Access Control (MAC)
C. Public Key Infrastructure (PKI)
Question No: 8
What is the definition of the Annual Loss Expectancy?
A. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident
during the year.
B. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.
C. The Annual Loss Expectancy is the average damage calculated by insurance companies for
businesses in a country.
D. The Annual Loss Expectancy is the minimum amount for which an organization must insure
Question No: 9
In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?
A. In the second step, you make your identity known, which means you are given access to the system.
B. The authentication step checks the username against a list of users who have access to the system.
C. The system determines whether access may be granted by determining whether the token used is authentic.
D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.
Question No: 10
Your organization has an office with space for 25 workstations. These workstations are all fully
equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are
used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?
A. Obtain an extra office and set up 10 workstations. You would therefore have spare equipment
that can be used to replace any non-functioning equipment.
B. Obtain an extra office and set up 10 workstations. Ensure that there are security personnel
both in the evenings and at night, so that staff can work there safely and securely.
C. Obtain an extra office and connect all 10 new workstations to an emergency power supply and
UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of
the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night.
D. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most
Question No: 11
The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
- The security requirements for the network are specified.
- A test environment is set up for the purpose of testing reports coming from the database.
- The various employee functions are assigned corresponding access rights.
- RFID access passes are introduced for the building. Which one of these measures is not a technical measure?
A. The specification of requirements for the network
B. Setting up a test environment
C. Introducing a logical access policy
D. Introducing RFID access passes
Question No: 12
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?
A. Identifying assets and their value
B. Determining the costs of threats
C. Establishing a balance between the costs of an incident and the costs of a security measure
D. Determining relevant vulnerabilities and threats
Question No: 13
You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money.
What is this kind of threat called?
A. Human threat
B. Natural threat
C. Social Engineering
Question No: 14
Your company is in the news as a result of an unfortunate action by one of your employees. The
phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?
A. Direct damage
B. Indirect damage
see more free ISFS exam dumps
Recommend!! Get the Real ISFS dumps in VCE and PDF From Dumpscollection, Welcome to download: http://www.dumpscollection.net/dumps/ISFS/ (New Q&As Version)