Have an account?
Skip to Content
Build your own quiz
Suggestions for you
14 questions
Show Answers
See Preview
- 1. Multiple Choice
ISO/IEC 27002:2013 does not specify technology
TRUE
FALSE
- 2. Multiple Choice
One of the best methods for reducing risks to the data of an organization is to implement a program that establishes an information security governance framework.
TRUE
FALSE
- 3. Multiple Choice
ISO/IEC 27001:2013 is a methodology that includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
TRUE
FALSE
- 4. Multiple Choice
According to ISO/IEC 27001:2013, the four main steps in an ISMS implementation are: 1- Understanding organization’s needs, 2- implementing and operating controls and measures, 3- monitoring and reviewing performance of the ISMS, 4- continuously improving the ISMS
TRUE
FALSE
- 5. Multiple Choice
What is an information security policy?
A. A document presenting results to be achieved in information security
B. Intentions and direction of an organization about information security, as formally expressed by its top management
C. A high level document that affects the whole organization and defines security roles and responsibilities
D. A set of information security procedures that work together to address risks
- 6. Multiple Choice
Risk assessment consists of the following activities:
A. Identification, Evaluation, Analysis, Treatment
B. Identification, Analysis, Evaluation
C. Identification, Response, Evaluation
D. Identification, Analysis, Evaluation, Treatment
- 7. Multiple Choice
What do you need to get strongly authenticated on a logical access control system?
A. A strong password compliant with NIST’s recommendations
B. A passphrase in more than 22 characters
C. Something biometric, no matter what
D. A password and your finger, for instance
- 8. Multiple Choice
When is it better to put several physical barriers around the organization’s premises?
A. Always
B. When the related area contains either sensitive or critical information and information processing facilities
C. When the related area contains sensitive information and information processing facilities
D. When the related area contains critical information and information processing facilities
- 9. Multiple Choice
What layer that improve security of operations does FIRSTLY address the fact of preventing threat from arising by addressing its underlying causes?
A. Security through environmental design
B. Security through behavior
C. Security through controls
D. Security through prevention, protection and resilience
- 10. Multiple Choice
FIRST OF ALL, persons doing work under the organization’s control shall be aware of:
A. The information security policy
B. Their role during an information security incident impacting their own availability
C. Their roles and responsibilities
D. The nature and importance of the risk assessment result
- 11. Multiple Choice
What is NOT a good characteristic of an information security objective?
A. It shall be changed by management after a management review
B. It can be monitored and updated as appropriate
C. It is measurable
D. It is consistent with the information security policy
- 12. Multiple Choice
ISMS stands for what
information security management system
information security management service
it stands for no one
It stands for everyone
- 13. Multiple Choice
ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system."
TRUE
FALSE
- 14. Multiple Choice
The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice, ISO/IEC 27002:2005.
TRUE
FALSE
- Answer choicesTagsAnswer choicesTags