Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

EXIN Information Security Foundation Sample Questions

  1. Home
  3. EXIN Information Security Foundation Sample Questions
EXIN Information Security Foundation Sample Questions

The EXIN Information Security Foundation certification is made to help people gain the abilities they need to perform effectively in information security. In addition to describing the dangers and threats, it also discusses the value, concept, and necessity of information security. Your IT career will advance with this certification. The article provides a list of EXIN Information Security Foundation Sample Questions that cover core exam topics including –

  • Information and Security
  • Threats and Risks
  • Approach and Organization
  • Measures
  • Legislation and Regulation 

Q1)Owner of the delivery service SpeeDelivery, you are. A handful of the employees you employ can perform other duties while they wait to make a delivery. But you observe that they also utilise this time to browse the web and write and read private emails. What is the greatest approach to legally govern how people use email and the Internet?

  • A. Installing software that blocks access to particular websites and filters email attachments
  • B. Creating an Internet and email usage code of conduct that outlines the rights and obligations of both the employer and the employees
  • C. Putting privacy laws into effect
  • D. Setting up a virus scanner

Correct Answer: B

Q2)Why is the server room equipped with air conditioning?

  • A. The air in the server room needs to be cooled, and heat generated by the machinery needs to be removed. Additionally, the room’s air is filtered and dehumidified.
  • B. The server room is the finest location for a business to cool its offices. In this manner, no office space will need to be given up to accommodate such a massive piece of machinery.
  • C. Working in an overheated server room is uncomfortable for the maintenance team.
  • D. Backup tapes are constructed of flimsy plastic that melts at high temperatures. Therefore, they could be harmed if a server room becomes too hot.

Correct Answer: A

Q3)Who has the power to change a document’s classification in EXIN Information Security Foundation?

  • A. The author of the document
  • B. The administrator of the document
  • C. The owner of the document
  • D. The manager of the owner of the document

Correct Answer: C

Q4)Midwest Insurance has taken numerous precautions to safeguard its data. Staff members utilise tokens to access information systems, and the input and output of data in apps are validated. Confidential papers are also provided in encrypted form. Of these, which one is not a technical measure in EXIN Information Security Foundation?

  • A. Information Security Management System
  • B. The use of tokens to gain access to information systems
  • C. Validation of input and output data in applications
  • D. Encryption of information

Correct Answer: A

Q5)What sort of physical security measures are there?

  • A. A code of conduct that requires staff to adhere to the clear desk policy, ensuring that confidential information is not left visibly on the desk at the end of the work day
  • B. An access control policy with passes that have to be worn visibly
  • C. The encryption of confidential information
  • D. Special fire extinguishers with inert gas, such as Argon

Correct Answer: D

Q6)What kind of physical security precautions are required to regulate access to corporate data?

  • A. Air-conditioning
  • B. Username and password
  • C. The use of break-resistant glass and doors with the right locks, frames and hinges
  • D. Prohibiting the use of USB sticks

Correct Answer: C

Q7) Organizations have information security policies for several reasons. Why?

  • A. To illustrate how the Plan-Do-Check-Act cycle functions within an organisation.
  • B. To make sure that employees don’t infringe any laws.
  • C. To provide guidance for the organization’s internal setup of information security.
  • D. To guarantee that everyone is aware of who is in charge of carrying out the backup procedures.

Correct Answer: C

Q8)You are employed by a medium-sized company’s IT division. Numerous times, private information has fallen into the wrong hands. This has damaged the company’s reputation. To suggest organisational security measures for laptops at your company, you have been requested. What should you do as soon as possible?

  • A. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
  • B. Appoint security personnel
  • C. Encrypt the hard drives of laptops and USB sticks
  • D. Set up an access control policy

Correct Answer: A

Q9)You are employed by a major company. You become aware that, given your job, you shouldn’t have access to any confidential information. You notify the assistance desk about this security incident. It starts the incident cycle. What phases comprise the cycle of security incidents?

  • A. Threat, Damage, Incident, Recovery
  • B. Threat, Damage, Recovery, Incident
  • C. Threat, Incident, Damage, Recovery
  • D. Threat, Recovery, Incident, Damage

Correct Answer: C

Q10)Which of the subsequent actions is a preventative action?

  • A. Installing a logging system that makes it possible to identify system modifications
  • A. Installing a logging system that makes it possible to identify system modifications
  • C. Storing private data in a secure location
  • D. Deciding a risk is acceptable because fixing it would cost more than the information at risk is worth.

Correct Answer: C

Q11)What is the purpose of a risk analysis?

  • A. A risk analysis is used to quantify the financial worth of information to an organisation.
  • B. Management’s obligations are made clear to them through a risk analysis.
  • C. To bring risks down to a manageable level, security measures are used in conjunction with a risk analysis.
  • D. Security measures are implemented in a timely and cost-effective manner by using a risk analysis.

Correct Answer: D

Q12)A thorough risk analysis yields a wealth of insightful data. There are four basic goals for risk analysis. Which of the four primary goals of a risk analysis is not one?

  • A. Determining the value of assets.
  • B. Calculating the price of threats
  • C. Finding a balance between the price of a security measure and the price of an incident
  • D. Identifying pertinent threats and weaknesses

Correct Answer: B

Q13)What is a security incident, specifically?

  • A. The department’s lighting is no longer functional.
  • B. A staff member misplaces a laptop.
  • C. You can’t change the typefaces in your word processing programme to the appropriate ones.
  • D. A file is save with the wrong name.

Correct Answer: B

Q14)Which of the subsequent actions is a remedial action?

  • A. Designing a computer centre with an intrusion detection system (IDS)
  • B. Setting up a virus scanner in a computer system
  • C. creating a backup of any newly created or modified data
  • D. restoring a correct database backup after a corrupt copy of the database was overwritten with the original.

Correct Answer: D

Q15)Information can be obtained and provided in a number of ways. Whether the information is trustworthy determines how valuable it is. What informational features are reliable?

  • A. Availability, Information Value and Confidentiality
  • B. Availability, Integrity and Confidentiality
  • C. Availability, Integrity and Completeness
  • D. Timeliness, Accuracy and Completeness

Correct Answer: B

Q16)Your business must make sure that it complies with the regulations outlined in the personal data protection Act. What should you do first, then?

  • A. Charge employees with providing their personal information.
  • B. Convert the personal data protection laws into a privacy statement that is tailored to the business and the agreements with the clients.
  • C. Designate a person to assist managers in abiding by the policy.
  • D. Put a stop to the sharing of personal data.

Correct Answer: B

Q17)What kind of security may be found in a PKI (public key infrastructure)?

  • A. It offers digital certificates that can be use to sign papers electronically. Such signatures conclusively establish the sender of a document.
  • B. A PKI demonstrates to clients the security of a web-based firm.
  • C. A PKI specifies which person or system belongs to which unique public key by offering agreements, protocols, and an organisational structure.
  • D. A PKI makes sure that regular data backups are perform.

Correct Answer: C

Q18)An employee of Smiths Consultants Inc.’s administrative division learns that a contract’s expiration date with one of the clients is earlier than its start date. What kind of action would stop this mistake?

  • A. Availability measure
  • B. Integrity measure
  • C. Organizational measure
  • D. Technical measure

Correct Answer: D

Q19)What is the classification of information’s goal?

  • A. Authorizing the use of an information system
  • B. Creating a label that indicates how confidential the information is
  • C. Defining different levels of sensitivity into which information may be arrange.
  • D. Displaying on the document who is permitted access

Correct Answer: C

Q20)What kind of threat does a non-human being pose to the natural world?

  • A. Fraudulent transaction
  • B. Corrupted file
  • C. Storm
  • D. Virus

Correct Answer: C

EXIN Information Security Foundation Free practice test
Menu