Who is required to perform the review of the ISMS to ensure its suitability, adequacy and effectiveness?

The external company performing the certification audit.

Identify the missing words in the following sentence. The organization shall establish, ........................……. security management system.

Implement, maintain.and continually improve an information

What should be taken into account in determining the scope of the information security management system?

The results of the gap analysis.

Legal, regulatory, contractual requirements.

The objectives of the organization.

What aspects should be considered to determine the scope of the ISMS?

Risks and opportunities. Threats and

In ISO/EC 27001, what does the information security risk assessment process refer to?

Establish and maintain information security risk criteria.

Which of the following benefits are not fully maximized by implementing an ISMS?

Eliminate all information security vulnerabilities in the organization.

Provide consistent management and operation of information security throughout the organization.

Increasing the confidence of interested parties in the organization.

Reducing the probability of information security incidents.

Which of the following should be included in the ISMS policy?

A commitment to continual improvement of the ISMS.

The deadline for the implementation of the ISMS.

The certificate of previous audits.

What does ISO 27001 require for information security risk assessment?

A. Implement an information security risk assessment process that establishes and maintains information security risk criteria.

To acquire a set of information security tools that allow the assessment to be done automatically using artificial intelligence.

A manager appointed by top management.

A consultancy to perform information security risk assessment in a professional manner.

What details should be contained in a Statement of Applicability?

A. Justification for exclusion of controls.

B. Justification for inclusion of controls.

What does the ISO 27001 standard require for the treatment of information security risks?

Perform an information security risk treatment process to select appropriate information security risk treatment options taking into account the results of the risk assessment.

A consultancy to carry out precisely the treatment of information security risks.

A manager appointed by the top management to carry out the information security risk treatment under his expertise.

To acquire a set of information security tools to automate the treatment of risks.

Which statement describes the critical success factors of an information security management system (ISMS)?

Implementing a measurement system used to evaluate information security management performance that can provide suggestions for improvement.

Hire an information security coordinator.

Appoint at least two internal auditors for the information security system.

What does ISO 27001 require for the control of documented information?

Adequate protection, e.g., against loss of confidentiality, misuse, or loss of integrity.

A responsible person designated by the top management to carry out the control of documented information under his expertise.

Acquire a set of information security tools to control documented information effectively.

A consultancy to accurately perform the control of documented information.

According to ISO/EC 27001 it is necessary to ensure that the information security management system can achieve its intended results.

It is a requirement to be fulfilled.

It is only an observation to take into account when auditing the management system.

It is a recommendation, but not a requirement.

What does ISO 27001 require to assess information security performance and the effectiveness of the information security management system?

Determination by the organization of what needs to be monitored and what needs to be measured, including information security processes and controls.

A consultancy to accurately perform the information security performance assessment and validate the effectiveness of the management system.

Information security tools to assess information security performance and system effectiveness.

A manager appointed by top management to perform the evaluation of the information security performance and the effectiveness of the management system.

How should top management provide evidence of its commitment to the ISMS?

Communicating the importance of complying with the ISMS requirements.

By defining a risk assessment approach.

Conducting an annual internal audit of the information security management system.

By approving the information security management system once it has been established.

The activity within the ISMS of ensuring that the information security policy and objectives are established and are consistent with the strategic direction of the organization is the responsibility of:

The ISMS implementation consultant.

Which relevant factor should be considered in internal audit programs?

Audit programs should take into account the importance of the processes involved and the results of previous audits.

Number of third-party suppliers involved in the area to be audited.

Ensure that audits are conducted at least twice during the first year of implementation of the information security management system.

Availability of the certification body's auditors.

Which statement describes the difference between ISO/IEC 27001 and ISO/IEC 27002?

C. ISO/EC 27001 contains mandatory requirements, while ISO/IEC 27002 provides guidance on information security controls.

A. ISO/IEC 27002 provides guidance on measurement and ISO/IEC 27001 provides guidance on information security controls.

B. ISO/EC 27002 contains mandatory requirements, while ISO/IEC 27001 provides guidance on information security controls.

D. ISO/EC 27002 provides mandatory requirements for a risk management approach, ISO/IEC 27001 contains mandatory requirements for an ISMS.

Annex A of the ISO/IEC 27001:2022 consists of:

B. A comprehensive list of controls grouped into domains.

• A. Elements necessary for good ISMS design and implementation.

• C. Guidelines for risk management.

Which of the following should be included in the ISMS policy?

B. The information security objectives.

A. The name of the intrusion detection system.

C. The results of previous audits.

D. The history of the company with the motivation for implementing the ISMS.

What does ISO 27001 require about the information security policy?

The information security policy must be available as documented information.

It must be available to interested parties.

Be appropriate and communicated within the organization.

Which of the following benefits are not fully maximized by implementing an ISMS?

To prevent information security incidents altogether.

Satisfy social needs and expectations.

Increasing confidence in the organization by interested parties.

Promoting good information security practices.

During the operation of the ISMS, what is the requirement for information security objectives?

D. Establish objectives for relevant functions and levels.

• A. Maintain documented information on objectives.

B. Ensure that the objectives are consistent with the information security policy.

• C. Develop improvement plans using ISO 27002 that enable information security objectives to be met.

What does ISO 27001 require to establish the information security policy?

C. Include a commitment by top management to continually improve the information security management system.

A. To acquire software containing policies that fit the management system to be implemented.

B. A consultancy to determine the best way.

D. An initial audit to know the current status of the quality management system.

The management review shall include consideration of:

A. Changes in external and internal issues that are relevant to the ISMS.

B. The status of actions since previous management reviews.

C. Opportunities for continual improvement.

What are the three main aspects of information security?

Confidentiality, integrity, availability.

Durability, auditability, confidentiality.

B. Confidentiality, recoverability, integrity.

Non-repudiation, Authenticity, Accountability.

According to the terms and definitions associated with ISO 27001, Effectiveness is defined as:

Extent to which planned activities are carried out and planned results are achieved

A. Property relating to consistency in behavior and desired results.

C. Ability to corroborate that the claim that a certain event occurred or a certain action was performed by the originating entities is true.

Focusing on clause 4.3 (Determination of the scope of the Information Security Management System), what should the organization consider when determining the scope of the ISMS?

A. The external and internal issues referred to in clause 4.1.

B. The requirements referred to in section 4.2.

C. The interfaces and dependencies between the activities performed by the organization and those performed by other organizations.

What does ISO 27001 require for scoping the information security management system?

B. Consider organizational boundaries, information systems boundaries and physical

A. Acquire a set of security tools.

C. Processes, Technology, People.

Certiprof ISO 27001 Foundation - Simulation

Authored by sudiyuwono wowo

Professional Development

1st Grade

Used 4+ times

Certiprof ISO 27001 Foundation - Simulation

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

40 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Clause 6.1 (Actions to Address Risks and Opportunities) has some common strategies among the risk treatment options, which one(s) of the following are valid:

A. Transfer.

B. Mitigate.

C. Assume.

D. All of the above.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The activity within the ISMS of approving and securing the necessary resources for the ISMS is a responsibility of:

A. The IT Security Manager.

B. The IT Manager.

C. The person responsible for the QMS.

D. The top management.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The activity within the ISMS of ensuring the integration of information security management system requirements into the organization's processes is the responsibility of:

A. The top management.

B. The IT Security Manager.

C. The person responsible for the QMS.

D. The Operations Manager.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What control is required for documented information?

Each document is classified as an asset.

Records must be retained for three years.

Documents are protected from loss of integrity.

Only the owner of the document can update the document.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following activities correspond to top management responsibilities?

Ensure compliance with the information security policy.

Allocate resources necessary to maintain the system.

Supporting the drive for continuous improvement.

All of the above.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The information security policy must be known by:

IT Security Manager.

Everyone.

QMS manager.

IT Manager.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The activity within the ISMS of communicating the importance of effective information security management and compliance with ISMS requirements is a responsibility of:

The top management.

The IT Security Manager.

The person responsible for the QMS.

The IT Manager.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

42 questions

QA 1 2023

Quiz

•

1st Grade

36 questions

wwe

Quiz

•

KG - Professional Dev...

40 questions

CERTIPROF_ISO 20000 FOUNDATION

Quiz

•

1st Grade - University

40 questions

Certiprof ISO27001 Foundation - Exercise

Quiz

•

1st Grade

45 questions

Front Office Midterm Quiz

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

10 questions

Probability Practice

Quiz

•

4th Grade

15 questions

Probability on Number LIne

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

6 questions

Appropriate Chromebook Usage

Lesson

•

7th Grade

10 questions

Greek Bases tele and phon

Quiz

•

6th - 8th Grade

Discover more resources for Professional Development

12 questions

Presidents' Day

Quiz

•

KG - 5th Grade

20 questions

Telling Time to the Hour and Half hour

Quiz

•

1st Grade

10 questions

Exploring Rosa Parks and Black History Month

Interactive video

•

1st - 5th Grade

16 questions

Morning Math Review

Lesson

•

1st - 5th Grade

17 questions

Reading Comprehension

Quiz

•

1st - 4th Grade

16 questions

3D shapes (1st grade)

Quiz

•

1st Grade

20 questions

Place Value

Quiz

•

KG - 3rd Grade

6 questions

President's Day

Lesson

•

1st Grade

Certiprof ISO 27001 Foundation - Simulation

Clause 6.1 (Actions to Address Risks and Opportunities) has some common strategies among the risk treatment options, which one(s) of the following are valid:

The activity within the ISMS of approving and securing the necessary resources for the ISMS is a responsibility of:

The activity within the ISMS of ensuring the integration of information security management system requirements into the organization's processes is the responsibility of:

What control is required for documented information?

Which of the following activities correspond to top management responsibilities?

The information security policy must be known by:

The activity within the ISMS of communicating the importance of effective information security management and compliance with ISMS requirements is a responsibility of:

Who is required to perform the review of the ISMS to ensure its suitability, adequacy and effectiveness?

Identify the missing words in the following sentence.The organization shall establish, ........................……. security management system.

What should be taken into account in determining the scope of the information security management system?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Identify the missing words in the following sentence.
The organization shall establish, ........................……. security management system.