ISFS Online Practice Questions and Answers

Who is authorized to change the classification of a document?

A. The author of the document

B. The administrator of the document

C. The owner of the document

D. The manager of the owner of the document

What is the objective of classifying information?

A. Authorizing the use of an information system

B. Creating a label that indicates how confidential the information is

C. Defining different levels of sensitivity into which information may be arranged

D. Displaying on the document who is permitted access

When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files. What is the correct definition of availability?

A. The degree to which the system capacity is enough to allow all users to work with it

B. The degree to which the continuity of an organization is guaranteed

C. The degree to which an information system is available for the users

D. The total amount of time that an information system is accessible to the users

Which of these is not malicious software?

A. Phishing

B. Spyware

C. Virus

D. Worm

Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

A. Lightning strike

B. Arson

C. Flood

D. Loss of a USB stick

What is the most important reason for applying segregation of duties?

A. Segregation of duties makes it clear who is responsible for what.

B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

D. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.

What is the relationship between data and information?

A. Data is structured information.

B. Information is the meaning and value assigned to a collection of data.

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

A. Natural threat

B. Organizational threat

C. Social Engineering

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?

A. Availability

B. Integrity

C. Confidentiality

What is the relationship between data and information?

A. Data is structured information.

B. Information is the meaning and value assigned to a collection of data.

The act of taking organizational security measures is inextricably linked with all other measures that have to be taken. What is the name of the system that guarantees the coherence of information security in the organization?

A. Information Security Management System (ISMS)

B. Rootkit

C. Security regulations for special information for the government

My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?

A. Discretionary Access Control (DAC)

B. Mandatory Access Control (MAC)

C. Public Key Infrastructure (PKI)

You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

A. The risk that hackers can do as they wish on the network without detection

B. The risk that fire may break out in the server room

C. The risk of a virus outbreak

D. The risk of undesired e-mails

What is an example of a good physical security measure?

A. All employees and visitors carry an access pass.

B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

What is the best description of a risk analysis?

A. A risk analysis is a method of mapping risks without looking at company processes.

B. A risk analysis helps to estimate the risks and develop the appropriate security measures.

C. A risk analysis calculates the exact financial consequences of damages.