EX0-105

In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system. In the second step, you make your identity known, which means you are given access to the system. The authentication step checks the username against a list of users who have access to the system. The system determines whether access may be granted by determining whether the token used is authentic.

To which category of security measures does a smoke alarm belong?. Corrective. Preventive. Repressive. Detective.

What is the relationship between data and information?. Information is the meaning and value assigned to a collection of data. Data is structured information.

Some security measures are optional. Other security measures must always be implemented. Which measure(s) must always be implemented?. Clear Desk Policy. Physical security measures. Measures required by laws and regulations. Logical access security measures.

You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money. What is this kind of threat called?. Human threat. Social Engineering. Natural threat.

Which legislation regulates the storage and destruction of archive documents?. The Personal Data Protection legislation. The Government Information (Public Access) legislation. The Public Records legislation. The Computer Criminality legislation.

Which approach does/did the United States take with regard to privacy legislation?. Create legislation as it is needed. Proactively create legislation on upcoming technologies. Translate the convention on human rights into privacy laws. Rely purely on self-regulation.

What is a human threat to the reliability of the information on your company website?. One of your employees commits an error in the price of a product on your website. The computer hosting your website is overloaded and crashes. Your website is offline. Because of a lack of maintenance, a fire hydrant springs a leak and floods the premises. Your employees cannot come into the office and therefore can not keep the information on the website up to date.

Which type of malware is a program that collects information of the computer user and sends it to another party?. Spyware. Logic Bomb. Storm Worm. Trojan.

What is not a category for security measures?. Reductive measures. Corrective measures. Investigative measures. Preventive measures.

Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?. The employer is permitted to check this if the employee is informed after each instance of checking. The employer is in no way permitted to check the use of IT services by employees. The employer is permitted to check this if the employees are aware that this could happen. The employer is permitted to check this if a firewall is also installed.

What is the best description of a risk analysis?. A risk analysis is a method of mapping risks without looking at company processes. A risk analysis calculates the exact financial consequences of damages. A risk analysis helps to estimate the risks and develop the appropriate security measures.

There are three types of human threats: Intentional human threats, Unintentional human threats and a third human threat. What is the third type of human threat?. Technical human threats. Acts of stupidity. Social engineering.

Someone sends an e-mail. The sender wants the recipient to be able to verify who wrote and sent the email. What does the sender attach to the email?. Her private key. Her public key. A digital signature. A PKI certificate.

At Midwest Insurance, all information is classified. What is the goal of this classification of information?. To create a manual about how to handle mobile devices. Structuring information according to its sensitivity. Applying labels making the information easier to recognize.

What is an example of a security incident?. A member of staff loses a laptop. A file is saved under an incorrect name. The lighting in the department no longer works. You cannot set the correct fonts in your word processing software.

You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security incident to the helpdesk. The incident cycle is initiated. Which stage of the incident cycle follows the incident stage?. Threat. Damage. Recovery.

Physical security must protect a company for anyone to easily access the company assets. This is illustrated by thinking in terms of series of protection rings. Which protection ring deals with the asset that is to be protected?. Building. Outer ring. Working space. Object.

You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?. The information security policy supplies instructions for the daily practice of information security. The information security policy gives direction to the information security efforts. The information security policy establishes which devices will be protected. The information security policy establishes who is responsible for which area of information security.

You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?. Access restriction to special rooms. Intrusion alarm. Backup tape. Sprinkler installation.

What do employees need to know to report a security incident?. Whether the incident has occurred before and what was the resulting damage. How to report an incident and to whom. The measures that should have been taken to prevent the incident in the first place. Who is responsible for the incident and whether it was intentional.

Midwest Insurance controls access to its offices with a passkey system. What kind of security measure is this?. Repressive. Detective. Preventive. Corrective.

Within a company several employees work mostly outside the perimeter of the company. These employees have laptops on which the necessary (confidential) information is stored. Which technical security measure protects the information from unwanted disclosure in case the employee loses the laptop?. Awareness presentations for employees. Classification of information. Disk encryption. Anti-theft cable chain.

My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?. Mandatory Access Control (MAC). Public Key Infrastructure (PKI). Discretionary Access Control (DAC).

What is the purpose of a Disaster Recovery Plan (DRP)?. to limit the consequences in case a disaster occurs C to reduce the possibility of a disaster to occur. to identify the vulnerability underlying a disaster. to restore the situation back to how this was before the disaster.

We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?. Timeliness, Accuracy and Completeness. Availability, Integrity and Confidentiality. Availability, Integrity and Completeness. Availability, Information Value and Confidentiality.

You are a consultant and are regularly hired by the Ministry of Defense to perform analyses. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?. Availability. Integrity. Confidentiality.

Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?. Loss of a USB stick. Flood. Arson. Lightning strike.

A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?. Establishing a balance between the costs of an incident and the costs of a security measure. Determining relevant vulnerabilities and threats. Determining the costs of threats. Identifying assets and their value.

Which one of the threats listed below can occur as a result of the absence of a physical measure?. Hackers can freely enter the computer network. A server shuts off because of overheating. A confidential document is left in the printer. A user can view the files belonging to another user.

What is 'a potential cause of an unwanted incident, which may result in harm to a system or organization' called?. Exposure. Risk. Threat. Vulnerability.

The incident cycle has four stages. Which stage follows the Threat stage?. Incident. Damage. Recovery.

A Dutch company is processing information from Dutch civilians; this implies applicability of some Dutch regulations regarding the privacy of these civilians. The company is mandated to implement security measures. Which measure helps the company best in proving compliance with applicable regulations?. Handing over the results of a security audit. The execution of a penetration test on the server processing the sensitive information. Installing a firewall to limit the access to the server. Handing over the Non disclosure agreements (NDAs) that are signed by all employees.

What is an example of a non-human threat to the physical environment?. Virus. Fraudulent transaction. Corrupted file. Storm.

You work for a flexible employer who doesn't mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?. The availability of the data on the USB memory stick is no longer guaranteed. The integrity of the data on the USB memory stick is no longer guaranteed. The confidentiality of the data on the USB memory stick is no longer guaranteed.

You have just started working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?. A code of conduct prevents a virus outbreak. A code of conduct is a legal obligation that organizations have to meet. A code of conduct helps to prevent the misuse of IT facilities. A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.

You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing. You should first investigate this incident yourself and try to limit the damage. This incident should be reported immediately.

What sort of security does a Public Key Infrastructure (PKI) offer?. By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key. It provides digital certificates which can be used to digitally sign documents. Such signatures irrefutably determine from whom a document was sent. A PKI ensures that backups of company data are made on a regular basis. Having a PKI shows customers that a web-based business is secure.

Who is authorized to change the classification of a document?. The author of the document. The manager of the owner of the document. The owner of the document. The administrator of the document.

An airline company employee notices that she has access to one of the company's applications that she has not used before. Is this an information security incident?. No. Yes.

What physical security measure is necessary to control access to company information?. The use of break-resistant glass and doors with the right locks, frames and hinges. Username and password. Prohibiting the use of USB sticks. Air-conditioning.

Which regulation is only applicable for United States public companies (e.g. listed on the New York Stock Exchange)?. Sarbanes-Oxley act. BS ISO 22301:2012. Payment Card Industry compliance. ISO/IEC 27001.

You own a store, and money keeps disappearing from the cash register. You want to put an end to this by means of a detective measure. What is an example of a detective measure?. Close the store and hire a detective. Set up a hidden camera. Post a warning sign on the register.

An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?. Availability measure. Integrity measure. Technical measure. Organizational measure.

Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?. The sender, Peter. The manager, Linda. The person who drafted the insurance terms and conditions. The recipient, Rachel.

You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security incident to the helpdesk. The incident cycle is initiated. What are the stages of the security incident cycle?. Threat, Incident, Damage, Recovery. Threat, Damage, Incident, Recovery. Threat, Damage, Recovery, Incident. Threat, Recovery, Incident, Damage.

The act of taking organizational security measures is inextricably linked with all other measures that have to be taken. What is the name of the system that guarantees the coherence of information security in the organization?. Security regulations for special information for the government. Information Security Management System (ISMS). Rootkit.

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?. The costs for automating are easier to charge to the responsible departments. A determination can be made as to which report should be printed first and which one can wait a little longer. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label. Reports can be developed more easily and with fewer errors.

Your organization has an office with space for twenty five (25) workstations. These workstations are all fully equipped and in use. Due to a reorganization ten (10) extra workstations are added, five (5) of which are used for a call center 24 hours per day. Five (5) workstations must always be available. What physical security measures must be taken in order to ensure this?. Obtain an extra office and connect all ten (10) new workstations to an emergency power supply and UPS (Uninterruptible Power Supply). Adjust the access control system to the working hours of the new staff. Inform the building security personnel that work will also be carried out in the evenings and at night. Obtain an extra office and provide a UPS (Uninterruptible Power Supply) for the five most important workstations. Obtain an extra office and set up ten (10) workstations. You would therefore have spare equipment that can be used to replace any non-functioning equipment. Obtain an extra office and set up ten (10) workstations. Ensure that there are security personnel both in the evenings and at night, so that staff can work there safely and securely.

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?. Risk neutral. Risk bearing. Risk avoiding.

What is the purpose of authentication?. To make your identity known, which means you are given access to the system. To check the username against a list of users who have access to the system. To determine whether access may be granted by determining whether the token used is authentic. To give you the rights that you need, such as being able to read the data in the system.