EXIN ISFS - INFORMATION SECURITY FOUNDATION
CERTIFICATION
What is the relationship between data and information?
A. Data is structured information.
B. Information is the meaning and value assigned to a collection of data. - Answers-B.
Correct. Information is data that has a meaning in some context for its receiver.
(Chapter 3)
In order to take out a fire insurance policy, an administration office must determine the
value of the data that it manages.
Which factor is not important for determining the value of data for an organization?
A. The content of data.
B. The degree to which missing, incomplete or incorrect data can be recovered.
C. The indispensability of data for the business processes.
D. The importance of the business processes that make use of the data. - Answers-A.
Correct. The content of data does not determine its value. (Chapter 4)
A hacker gains access to a webserver and can view a file on the server containing credit
card numbers.
Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file
are violated?
A. Availability
B. Confidentiality
C. Integrity - Answers-B. Correct. The hacker was able to read the file (confidentiality).
(Chapter 3)
There is a network printer in the hallway of the company where you work. Many
employees don't pick up their printouts immediately and leave them on the printer.
What are the consequences of this to the reliability of the information?
A. The integrity of the information is no longer guaranteed.
B. The availability of the information is no longer guaranteed.
C. The confidentiality of the information is no longer guaranteed. - Answers-C. Correct.
The information can end up or be read by persons who should not have access to the
information. (Chapter 3)
A well-executed risk analysis provides a great deal of useful information. A risk analysis
has four main objectives.
What is not one of the four main objectives of a risk analysis?
A. Identifying assets and their value
B. Implementing counter measures
C. Establishing a balance between the costs of an incident and the costs of a security
measure
,D. Determining relevant vulnerabilities and threats - Answers-B. Correct. This is not an
objective of a risk analysis. Measures can be selected when in a risk analysis is
determined which risks require a security measure. (Chapter 3)
An administration office is going to determine the dangers to which it is exposed.
What do we call a possible event that can have a disruptive effect on the reliability of
information?
A. dependency
B. threat
C. vulnerability
D. risk - Answers-B. Correct. A threat is a possible event that can have a disruptive
effect on the reliability of information. (Chapter 3)
What is the purpose of risk management?
A. To determine the probability that a certain risk will occur.
B. To determine the damage caused by possible security incidents.
C. To outline the threats to which IT resources are exposed.
D. To implement measures to reduce risks to an acceptable level. - Answers-D. Correct.
The purpose of risk management is to reduce risks to an acceptable level. (Chapter 3)
A couple of years ago you started your company which has now grown from 1 to 20
employees. Your company's information is worth more and more and gone are the days
when you could keep control yourself. You are aware that you have to take measures,
but what should they be? You hire a consultant who advises you to start with a
qualitative risk analysis.
What is a qualitative risk analysis?
A. This analysis follows a precise statistical probability calculation in order to calculate
exact loss caused by damage.
B. This analysis is based on scenarios and situations and produces a subjective view of
the possible threats. - Answers-B. Correct. A qualitative risk analysis involves defining
the various threats, determining the extent of the vulnerabilities, and devising
countermeasures, should an attack occur. (Chapter 3)
There was a fire in a branch of the company Midwest Insurance. The fire department
quickly arrived at the scene and could extinguish the fire before it spread and burned
down the entire premises. The server, however, was destroyed in the fire. The backup
tapes kept in another room had melted and many other documents were lost for good.
What is an example of the indirect damage caused by this fire?
A. Melted backup tapes
B. Burned computer systems
C. Burned documents
D. Water damage due to the fire extinguishers - Answers-D. Correct. Water damage due
to the fire extinguishers is indirect damage caused by the fire. This is a side effect of
putting out the fire, which is aimed at minimizing the damage caused by the fire.
(Chapter 3)
, You are the owner of the courier company SpeeDelivery. You have carried out a risk
analysis and now want to determine your risk strategy. You decide to take measures for
the large risks but not for the small risks.
What is this risk strategy called?
A. Risk bearing
B. Risk avoidance
C. Risk neutral - Answers-A. Correct. This means certain risks are accepted. (Chapter
3)
C according to bouth answers
What is an example of a human threat?
A. A USB-stick passes on a virus to the network.
B. Too much dust in the server room.
C. A leak causes a failure of electricity supply. - Answers-A. Correct. A USB-stick is
always inserted by a person. Thus, if by doing so a virus enters the network, then it is a
human threat. (Chapter 3)
What is an example of a human threat?
A. a lightning strike
B. fire
C. phishing - Answers-C. Correct. Phishing (luring users to false websites) is one form
of a human threat. (Chapter 3)
You work in the office of a large company. You receive a call from a person claiming to
be from the Helpdesk. He asks you for your password.
What kind of threat is this?
A. Natural threat
B. Organizational threat
C. Social Engineering - Answers-C. Correct. Using the right expressions or names of
known people and their departments gives the impression of being a colleague trying to
obtain company and trade secrets. You should check whether you are actually talking to
the helpdesk. A helpdesk employee will never ask for your password. (Chapter 3)
A fire breaks out in a branch office of a health insurance company. The personnel are
transferred to neighboring branches to continue their work.
Where in the incident cycle is moving to a stand-by arrangements found?
A. between threat and incident
B. between recovery and threat
C. between damage and recovery
D. between incident and damage - Answers-D. Correct. A stand-by arrangement is a
corrective measure that is initiated in order to limit the damage. (Chapter 3)
Information has a number of reliability aspects. Reliability is constantly being
threatened. Examples of threats are: a cable becomes loose, someone alters
information by accident, data is used privately or is falsified.
Which of these examples is a threat to integrity?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.61. You're not tied to anything after your purchase.