ISFS Online Practice Questions and Answers

Who is authorized to change the classification of a document?

A. The author of the document

B. The administrator of the document

C. The owner of the document

D. The manager of the owner of the document

We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

A. Availability, Information Value and Confidentiality

B. Availability, Integrity and Confidentiality

C. Availability, Integrity and Completeness

D. Timeliness, Accuracy and Completeness

There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?

A. Melted backup tapes

B. Burned computer systems

C. Burned documents

D. Water damage due to the fire extinguishers

What is a human threat to the reliability of the information on your company website?

A. One of your employees commits an error in the price of a product on your website.

B. The computer hosting your website is overloaded and crashes. Your website is offline.

C. Because of a lack of maintenance, a fire hydrant springs a leak and floods the premises. Your employees cannot come into the office and therefore can not keep the information on the website up to date.

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?

A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money. What is this kind of threat called?

A. Human threat

B. Natural threat

C. Social Engineering

Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

A. ISO/IEC 27001:2005

B. Intellectual Property Rights

C. ISO/IEC 27002:2005

D. Personal data protection legislation

You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?

A. This incident should be reported immediately.

B. You should first investigate this incident yourself and try to limit the damage.

C. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.

A Dutch company requests to be listed on the American Stock Exchange. Which legislation within the scope of information security is relevant in this case?

A. Public Records Act

B. Dutch Tax Law

C. Sarbanes-Oxley Act

D. Security regulations for the Dutch government

What action is an unintentional human threat?

A. Arson

B. Theft of a laptop

C. Social engineering

D. Incorrect use of fire extinguishing equipment