A Dutch company is processing information from Dutch civilians; this implies applicability of some Dutch regulations regarding the privacy of these civilians. The company is mandated to implement security measures.
Which measure helps the company best in proving compliance with applicable regulations?
A. The execution of a penetration test on the server processing the sensitive information.
B. Handing over the results of a security audit.
C. Installing a firewall to limit the access to the server.
D. Handing over the Non disclosure agreements (NDAs) that are signed by all employees.
正解:B
質問 2:
After a thorough risk analysis and the identification of appropriate security controls, the management team decides that for one specific threat the impact should be covered by insurance.
Which kind of risk treatment control is described here?
A. Reduce
B. Avoid
C. Accept
D. Transfer
正解:D
質問 3:
What is the main reliability aspect of information besides Confidentiality and Integrity?
A. Authorization
B. Accounting
C. Availability
D. Authenticity
正解:C
質問 4:
There is a network printer in the hallway of the company where you work. Many employees don't pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?
A. The availability of the information is no longer guaranteed.
B. The integrity of the information is no longer guaranteed.
C. The confidentiality of the information is no longer guaranteed.
正解:C
質問 5:
Which security measure is not an organizational level security measure?
A. Implementing Role Based Access Control
B. Setting up an information security policy document
C. Setting up a security awareness program
D. Carrying out background investigations on new personnel
正解:A
質問 6:
You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?
A. Sprinkler installation
B. Intrusion alarm
C. Backup tape
D. Access restriction to special rooms
正解:B
質問 7:
During a risk analysis a system administrator mentions that due to the lack of communication between Human recourses management (HRM) and system administrators, employees can still access the company server from home even if they are no longer employed by the company.
Which characteristic of a risk is missing here?
A. Security control
B. Threat agent
C. Vulnerability
D. Business impact
正解:D
質問 8:
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential.
What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?
A. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label.
B. Reports can be developed more easily and with fewer errors.
C. A determination can be made as to which report should be printed first and which one can wait a little longer.
D. The costs for automating are easier to charge to the responsible departments.
正解:A
質問 9:
What is an example of a non-human threat to the physical environment?
A. Corrupted file
B. Virus
C. Storm
D. Fraudulent transaction
正解:C
Sakai -
EX0-105電子版をダウンロードできて、取得するのに短時間で十分でした。試験にももちろん受かりました。