Free Access EXIN.ISFS.v2022-06-21.q36 Practice Test (Page 4)

Question 11

The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
-The security requirements for the network are specified.
-A test environment is set up for the purpose of testing reports coming from the database.
-The various employee functions are assigned corresponding access rights.
-
RFID access passes are introduced for the building. Which one of these measures is not a technical measure?

A.Setting up a test environment

B.The specification of requirements for the network

C.Introducing a logical access policy

D.Introducing RFID access passes

Question 12

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

A.Natural threat

B.Organizational threat

C.Social Engineering

Question 13

What is the best way to comply with legislation and regulations for personal data protection?

A.Performing a threat analysis

B.Appointing the responsibility to someone

C.Maintaining an incident register

D.Performing a vulnerability analysis

Question 14

Your company has to ensure that it meets the requirements set down in personal data protection legislation.
What is the first thing you should do?

A.Issue a ban on the provision of personal information.

B.Appoint a person responsible for supporting managers in adhering to the policy.

C.Translate the personal data protection legislation into a privacy policy that is geared to the company and the contracts with the customers.

D.Make the employees responsible for submitting their personal data.

Question 15

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk.
He asks you for your password. What kind of threat is this?

A.Social Engineering