• Home
  • Blogs
  • [Sep-2021] ISFS Pre-Exam Practice Tests Exam Questions and Answers for Exin Certification Study Guide [Q17-Q32]

[Sep-2021] ISFS Pre-Exam Practice Tests Exam Questions and Answers for Exin Certification Study Guide [Q17-Q32]

Share

[Sep-2021] ISFS Pre-Exam Practice Tests | Exam Questions and Answers for Exin Certification Study Guide

Information Security Foundation based on ISO/IEC 27001 Certification Sample Questions

NEW QUESTION 17
A couple of years ago you started your company which has now grown from 1 to 20 employees. Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
  • B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

Answer: A

 

NEW QUESTION 18
A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

  • A. Identifying assets and their value
  • B. Determining relevant vulnerabilities and threats
  • C. Determining the costs of threats
  • D. Establishing a balance between the costs of an incident and the costs of a security measure

Answer: C

 

NEW QUESTION 19
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

  • A. Integrity measure
  • B. Availability measure
  • C. Technical measure
  • D. Organizational measure

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 20
What is the definition of the Annual Loss Expectancy?

  • A. The Annual Loss Expectancy is the average damage calculated by insurance companies for businesses in a country.
  • B. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.
  • C. The Annual Loss Expectancy is the minimum amount for which an organization must insure itself.
  • D. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident during the year.

Answer: D

 

NEW QUESTION 21
You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arson is not entirely out of the question. What is the relationship between the threat of fire and the risk of fire?

  • A. The risk of fire is the threat of fire multiplied by the chance that the fire may occur and the consequences thereof.
  • B. The threat of fire is the risk of fire multiplied by the chance that the fire may occur and the consequences thereof.

Answer: A

 

NEW QUESTION 22
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

  • A. ISO/IEC 27001:2005
  • B. ISO/IEC 27002:2005
  • C. Personal data protection legislation
  • D. Intellectual Property Rights

Answer: C

 

NEW QUESTION 23
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk.
He asks you for your password. What kind of threat is this?

  • A. Organizational threat
  • B. Social Engineering
  • C. Natural threat

Answer: B

 

NEW QUESTION 24
Why do organizations have an information security policy?

  • A. In order to give direction to how information security is set up within an organization.
  • B. In order to ensure that staff do not break any laws.
  • C. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
  • D. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.

Answer: A

 

NEW QUESTION 25
You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?

  • A. Set up an access control policy
  • B. Appoint security personnel
  • C. Encrypt the hard drives of laptops and USB sticks
  • D. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)

Answer: D

 

NEW QUESTION 26
You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?

  • A. The information security policy establishes who is responsible for which area of information security.
  • B. The information security policy gives direction to the information security efforts.
  • C. The information security policy establishes which devices will be protected.
  • D. The information security policy supplies instructions for the daily practice of information security.

Answer: B

 

NEW QUESTION 27
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

  • A. Integrity
  • B. Availability
  • C. Confidentiality

Answer: C

 

NEW QUESTION 28
What action is an unintentional human threat?

  • A. Incorrect use of fire extinguishing equipment
  • B. Theft of a laptop
  • C. Arson
  • D. Social engineering

Answer: A

 

NEW QUESTION 29
A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be?
You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

  • A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
  • B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

Answer: A

Explanation:
Explanation

 

NEW QUESTION 30
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis.
Since the assignments are irregular, you outsource the administration of your business to temporary workers.
You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

  • A. Integrity
  • B. Availability
  • C. Confidentiality

Answer: C

 

NEW QUESTION 31
Your company has to ensure that it meets the requirements set down in personal data protection legislation.
What is the first thing you should do?

  • A. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.
  • B. Make the employees responsible for submitting their personal data.
  • C. Issue a ban on the provision of personal information.
  • D. Appoint a person responsible for supporting managers in adhering to the policy.

Answer: A

 

NEW QUESTION 32
......

EXIN Exam Practice Test To Gain Brilliante Result: https://www.test4sure.com/ISFS-pass4sure-vce.html

Tested Material Used To ISFS: https://drive.google.com/open?id=1AsGYeA1h_29HDLukyEYf7Eph5q6yiPZ3

Related Blogs

more
EXIN ISFS Certification Practice Exam

Copyright © 2026 TEST4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.