Information Security Foundation based on ISO/IEC 27002: EX0-105 Exam
- EX0-105 Questions & Answers
- Exam Code: EX0-105
- Exam Name: Information Security Foundation based on ISO/IEC 27002
- Updated: February 2, 2012
- Q & A: 92 Q&As
1: You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use this time to send and read their private mail and surf the Internet. In legal terms, in which way can the use of the Internet and e-mail facilities be best regulated?
A.Installing an application that makes certain websites no longer accessible and that filters attachments in e-mails
B.Drafting a code of conduct for the use of the Internet and e-mail in which the rights and obligations of both the employer and staff are set down
C.Implementing privacy regulations
D.Installing a virus scanner
Correct Answers: B
2: What is a risk analysis used for?
A.A risk analysis is used to express the value of information for an organization in monetary terms.
B.A risk analysis is used to clarify to management their responsibilities.
C.A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
D.A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.
Correct Answers: D
3: You have just started working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?
A.A code of conduct helps to prevent the misuse of IT facilities.
B.A code of conduct is a legal obligation that organizations have to meet.
C.A code of conduct prevents a virus outbreak.
D.A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.
Correct Answers: A
4: You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?
A.Backup tape
B.Intrusion alarm
C.Sprinkler installation
D.Access restriction to special rooms
Correct Answers: B
5: There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?
A.Melted backup tapes
B.Burned computer systems
C.Burned documents
D.Water damage due to the fire extinguishers
Correct Answers: D
6: You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?
A.A risk analysis identifies threats from the known risks.
B.A risk analysis is used to clarify which threats are relevant and what risks they involve.
C.A risk analysis is used to remove the risk of a threat.
D.Risk analyses help to find a balance between threats and risks.
Correct Answers: B
7: Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
A.ISO/IEC 27001:2005
B.Intellectual Property Rights
C.ISO/IEC 27002:2005
D.Personal data protection legislation
Correct Answers: D
8: You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?
A.Risk bearing
B.Risk avoiding
C.Risk neutral
Correct Answers: C
9: What action is an unintentional human threat?
A.Arson
B.Theft of a laptop
C.Social engineering
D.Incorrect use of fire extinguishing equipment
Correct Answers: D
10: Why is air-conditioning placed in the server room?
A.In the server room the air has to be cooled and the heat produced by the equipment has to be extracted. The air in the room is also dehumidified and filtered.
B.When a company wishes to cool its offices, the server room is the best place. This way, no office space needs to be sacrificed for such a large piece of equipment.
C.It is not pleasant for the maintenance staff to have to work in a server room that is too warm.
D.Backup tapes are made from thin plastic which cannot withstand high temperatures. Therefore, if it gets too hot in a server room, they may get damaged.
Correct Answers: A
11: Who is authorized to change the classification of a document?
A.The author of the document
B.The administrator of the document
C.The owner of the document
D.The manager of the owner of the document
Correct Answers: C
12: The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
A.Information Security Management System
B.The use of tokens to gain access to information systems
C.Validation of input and output data in applications
D.Encryption of information
Correct Answers: A
13: What is an example of a physical security measure?
A.A code of conduct that requires staff to adhere to the clear desk policy, ensuring that confidential information is not left visibly on the desk at the end of the work day
B.An access control policy with passes that have to be worn visibly
C.The encryption of confidential information
D.Special fire extinguishers with inert gas, such as Argon
Correct Answers: D
14: What physical security measure is necessary to control access to company information?
A.Air-conditioning
B.Username and password
C.The use of break-resistant glass and doors with the right locks, frames and hinges
D.Prohibiting the use of USB sticks
Correct Answers: C
15: Why do organizations have an information security policy?
A.In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
B.In order to ensure that staff do not break any laws.
C.In order to give direction to how information security is set up within an organization.
D.In order to ensure that everyone knows who is responsible for carrying out the backup procedures.
Correct Answers: C
Pass4sure EX0-105 Dumps and PDF FREE DOWNLOAD
http://www.4shared.com/office/u5aYdlfG/ex0-105.html