Beruflich Dokumente
Kultur Dokumente
This document provides a sample exam for you to familiarise yourself with the structure and topic
areas of the current Data Protection Foundation examination. We strongly recommend you to test
your knowledge before taking the actual assessment. The results of this test do not count towards your
certification assessment.
Examination type
• Computer-based
• 40 Multiple choice: 2,5 points per question
• 60 minutes
Examination details
1
Information Security Foundation Sample Exam
Questions
Question 1
Question 2
Security organisations strive to be compliant with published requirements. For which type of model
can non-compliance lead to legal consequences?
Question 3
Question 4
The DIKW model is often used to talk about information management and knowledge management.
During which stage of this model do we ask ourselves 'What'?"
A. Data
B. Wisdom
C. Information
D. Knowledge
2
Information Security Foundation Sample Exam
Question 5
Question 6
Which of the following factors does NOT contribute to the value of data for an organisation?
Question 7
A hacker gains access to a web server and reads the credit card numbers stored on that server.
Which security principle is violated?
A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
Question 8
Often, people do not pick up their prints from a shared printer. How can this affect the
confidentiality of information?
Question 9
Which reliability aspect of information is compromised when a staff member denies having sent a
message?
A. Confidentiality
B. Integrity
C. Availability
D. Correctness
3
Information Security Foundation Sample Exam
Question 10
Which of the following is a possible event that can have a disruptive effect on the reliability of
information?
A. Threat
B. Risk
C. Vulnerability
D. Dependency
Question 11
Question 12
A. Use of a set of methods, principles, or rules for assessing risks based on the use of numbers
B. Use of a set of methods, principles, or rules for assessing risk based on categories or levels
C. A risk assessment process, together with a risk model, assessment approach, and analysis
approach
Question 13
Backup media is kept in the same secure area as the servers. What risk may the organisation be
exposed to?
A. Unauthorised persons will have access to both the servers and backups
B. Responsibility for the backups is not defined well
C. After a fire, the information systems cannot be restored
D. After a server crash, it will take extra time to bring it back up again
Question 14
4
Information Security Foundation Sample Exam
Question 15
Someone from a large tech company calls you on behalf of your company to check the health of your
PC, and therefore needs your user-id and password. What type of threat is this?
Question 16
A. Worm
B. Trojan
C. Spyware
D. Botnet
Question 17
Question 18
After carrying out risk analysis, you now want to determine your risk strategy. You decide to take
measures for the large risks but not for the small risks. What is this risk strategy called?
A. Risk neutral
B. Risk bearing
C. Risk hungry
D. Risk avoiding
5
Information Security Foundation Sample Exam
Question 19
A. An information security policy makes the security plan concrete by providing the necessary
details
B. An information security policy provides insight into threats and the possible consequences
C. An information security policy provides direction and support to the management regarding
information security
D. An information security policy documents the analysis of risks and the search for
countermeasures
Question 20
A security officer finds a virus-infected workstation. The infection was caused by a targeted phishing
mail. How can this type of threat best be avoided in the future?
Question 21
A manager discovers that staff regularly use the corporate email system to send personal messages.
How can this type of use best be regulated?
Question 22
After a devastating office fire, all staff are moved to other branches of the company. At what
moment in the incident management process is this measure effectuated?
6
Information Security Foundation Sample Exam
Question 23
A member of staff discovers that unauthorised changes were made to her work. She calls the
helpdesk, and is asked to provide the following information: date/time, description of the event,
consequences of the event.
What essential piece of information is still missing to help solve the incident?
Question 24
What type of measure involves the stopping of possible consequences of security incidents?
A. Corrective
B. Detective
C. Repressive
D. Preventive
Question 25
Question 26
A. Author
B. Manager
C. Owner
D. Administrator
Question 27
7
Information Security Foundation Sample Exam
Question 28
Question 29
A computer room is protected by a biometric identity system in which only system administrators are
registered. What type of security measure is this?
A. Organisational threat
B. Physical
C. Technical
D. Repressive
Question 30
In physical security, protection rings with dedicated measures (different levels, etc.) can be applied.
Within which ring are the working spaces situated?
A. Internal
B. Public
C. Object
D. Sensitive
Question 31
As a new member of the IT department you have noticed that confidential information has been
leaked several times. This may damage the reputation of the company. You have been asked to
propose an organisational measure to protect laptop computers.
What is the first step in a structured approach to come up with this measure?
Question 32
A. Encryption
B. Security policy
C. Safe storage of backups
D. User role profiles.
8
Information Security Foundation Sample Exam
Question 33
Question 34
In what part of the process to grant access to a system does the user present a token?
A. Authorisation
B. Verification
C. Authentication
D. Identification
Question 35
What is the security management term for establishing whether someone's identity is correct?
A. Identification
B. Authentication
C. Authorisation
D. Verification
Question 36
Why do we need to test a disaster recovery plan regularly, and keep it up to date?
A. Otherwise the measures taken and the incident procedures planned may not be adequate
B. Otherwise it is no longer up to date with the registration of daily occurring faults
C. Otherwise remotely stored backups may no longer be available to the security team
Question 37
What type of compliancy standard, regulation or legislation provides a code of practice for
information security?
A. ISO/IEC 27002
B. Personal data protection act
C. Computer criminality act
D. IT Service Management
9
Information Security Foundation Sample Exam
Question 38
On the basis of which type of legislation can someone request to inspect the data that has been
registered about them? *
Question 39
Question 40
10
Information Security Foundation Sample Exam
Answers
11
Information Security Foundation Sample Exam
12
Information Security Foundation Sample Exam
Digital badges
SECO-Institute and digital badge provider Acclaim have partnered to
provide certification holders with a digital badge of their SECO-
Institute certification. Digital badges can be used in email signatures
as well as on personal websites, social media sites such as LinkedIn
and Twitter, and electronic copies of resumes. Digital badges help
certification holders convey employers, potential employers and
interested parties the skills they have acquired to earn and maintain a
specialised certification.
https://www.seco-institute.org/claim-your-foundation-badge
13
Information Security Foundation Sample Exam
ISF-Sample Exam-EN-v1.0
14