Exam Code: ISFS (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Information Security Foundation based on ISO/IEC 27002
Certification Provider: EXIN,Inc
Free Today! Guaranteed Training- Pass ISFS Exam.


2026 New ISFS Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/ISFS/

New EXIN,Inc ISFS Exam Dumps Collection (Question 1 - Question 10)

Q1. Logging in to a computer system is an access-granting process consisting of three steps:

identification, authentication and authorization. What occurs during the first step of this process: identification?

A. The first step consists of checking if the user is using the correct certificate.

B. The first step consists of checking if the user appears on the list of authorized users.

C. The first step consists of comparing the password with the registered password.

D. The first step consists of granting access to the information to which the user is authorized.

Answer: B


Q2. Your company has to ensure that it meets the requirements set down in personal data protection legislation. What is the first thing you should do?

A. Make the employees responsible for submitting their personal data.

B. Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.

C. Appoint a person responsible for supporting managers in adhering to the policy.

D. Issue a ban on the provision of personal information.

Answer: B


Q3. You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

A. Natural threat

B. Organizational threat

C. Social Engineering

Answer: C


Q4. Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

A. The recipient, Rachel

B. The person who drafted the insurance terms and conditions

C. The manager, Linda

D. The sender, Peter

Answer: A


Q5. In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

A. In the second step, you make your identity known, which means you are given access to the system.

B. The authentication step checks the username against a list of users who have access to the system.

C. The system determines whether access may be granted by determining whether the token used is authentic.

D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.

Answer: C


Q6. What is the objective of classifying information?

A. Authorizing the use of an information system

B. Creating a label that indicates how confidential the information is

C. Defining different levels of sensitivity into which information may be arranged

D. Displaying on the document who is permitted access

Answer: C


Q7. You work for a flexible employer who doesnt mind if you work from home or on the road.

You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?

A. The integrity of the data on the USB memory stick is no longer guaranteed.

B. The availability of the data on the USB memory stick is no longer guaranteed.

C. The confidentiality of the data on the USB memory stick is no longer guaranteed.

Answer: C


Q8. You have an office that designs corporate logos. You have been working on a draft for a large

client. Just as you are going to press the <save> button, the screen goes blank. The hard disk is

damaged and cannot be repaired. You find an early version of the design in your mail folder and

you reproduce the draft for the customer. What is such a measure called?

A. Corrective measure

B. Preventive measure

C. Reductive measure

Answer: A


Q9. You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you

have decided to take a number of measures. You have daily backups made of the server, keep

the server room locked and install an intrusion alarm system and a sprinkler system. Which of

these measures is a detective measure?

A. Backup tape

B. Intrusion alarm

C. Sprinkler installation

D. Access restriction to special rooms

Answer: B


Q10. What is the definition of the Annual Loss Expectancy?

A. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident

during the year.

B. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.

C. The Annual Loss Expectancy is the average damage calculated by insurance companies for

businesses in a country.

D. The Annual Loss Expectancy is the minimum amount for which an organization must insure

itself.

Answer: A


Recommend!! Get the Guaranteed ISFS dumps in VCE and PDF From Certleader, Welcome to download: https://www.certleader.com/ISFS-dumps.html (New Q&As Version)