Q4. A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the companys staff. Which kind of security measure could have prevented this?

A. A physical security measure

B. An organizational security measure

C. A technical security measure

View Answer

Q5. You work in the IT department of a medium-sized company. Confidential information has got into

the wrong hands several times. This has hurt the image of the company. You have been asked to

propose organizational security measures for laptops at your company. What is the first step that

you should take?

A. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)

B. Appoint security personnel

C. Encrypt the hard drives of laptops and USB sticks

D. Set up an access control policy

View Answer

Q6. In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?

A. In the second step, you make your identity known, which means you are given access to the system.

B. The authentication step checks the username against a list of users who have access to the system.

C. The system determines whether access may be granted by determining whether the token used is authentic.

D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.

View Answer

Q7. You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?

A. The risk that hackers can do as they wish on the network without detection

B. The risk that fire may break out in the server room

C. The risk of a virus outbreak

D. The risk of undesired e-mails

View Answer

Q8. What is the most important reason for applying segregation of duties?

A. Segregation of duties makes it clear who is responsible for what.

B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he

or she has been committing fraud.

C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

D. Segregation of duties makes it easier for a person who is ready with his or her part of the work

to take time off or to take over the work of another person.

View Answer

Q9. What is an example of a good physical security measure?

A. All employees and visitors carry an access pass.

B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

View Answer

Q10. Logging in to a computer system is an access-granting process consisting of three steps:

identification, authentication and authorization. What occurs during the first step of this process: identification?

A. The first step consists of checking if the user is using the correct certificate.

B. The first step consists of checking if the user appears on the list of authorized users.

C. The first step consists of comparing the password with the registered password.

D. The first step consists of granting access to the information to which the user is authorized.

View Answer

Q11. Why is compliance important for the reliability of the information?

A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it

means that the information is managed properly.

B. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.

C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.

D. When an organization is compliant, it meets the requirements of privacy legislation and, in

doing so, protects the reliability of its information.

View Answer

Q12. Some security measures are optional. Other security measures must always be implemented.

Which measure(s) must always be implemented?

A. Clear Desk Policy

B. Physical security measures

C. Logical access security measures

D. Measures required by laws and regulations

View Answer

Q13. The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

A. Information Security Management System

B. The use of tokens to gain access to information systems

C. Validation of input and output data in applications

D. Encryption of information

View Answer