Information Security Foundation based on ISO/IEC 27002 Exam (ISFS) - Exin Actual Exam Questions
Last updated on April 25, 2026
You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?
Natural threat
Organizational threat
Social Engineering
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which measure assures that valuable information is not left out available for the taking?
Clear desk policy
Infra-red detection
Access passes
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
My user profile specifies which network drives I can read and write to. What is the name of the type of logical access management wherein my access and rights are determined centrally?
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Public Key Infrastructure (PKI)
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use this time to send and read their private mail and surf the Internet. In legal terms, in which way can the use of the Internet and e-mail facilities be best regulated?
Installing an application that makes certain websites no longer accessible and that filters attachments in e-mails
Drafting a code of conduct for the use of the Internet and e-mail in which the rights and obligations of both the employer and staff are set down
Implementing privacy regulations
Installing a virus scanner
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Why do organizations have an information security policy?
In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
In order to ensure that staff do not break any laws.
In order to give direction to how information security is set up within an organization.
In order to ensure that everyone knows who is responsible for carrying out the backup procedures.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Finish Practice?
Are you sure you want to finish? This will end your practice session.