IBITGQ - ISO27001:2022 CERTIFIED ISMS LEAD IMPLEMENTER (CIS LI) PRACTICE EXAM
1. What does ISMS stand for?
A) Information Security Management System
B) International Security Management Standard
C) Information System Management Security
D) Integrated Security Management System
Answer: A
Explanation: ISMS stands for Information Security Management System, the framework for
managing information security.
2. Which ISO standard specifies requirements for an ISMS?
A) ISO 27002
B) ISO 27001
C) ISO 27005
D) ISO 31000
Answer: B
Explanation: ISO/IEC 27001 specifies the requirements for establishing, implementing,
maintaining, and continually improving an ISMS.
3. What is the primary purpose of ISO 27001?
A) Technical security controls
B) Risk management framework
C) Business continuity planning
D) Compliance certification
,Answer: B
Explanation: ISO 27001 provides a risk-based framework for managing information
security.
4. Which clause of ISO 27001:2022 covers leadership and commitment?
A) Clause 4
B) Clause 5
C) Clause 6
D) Clause 7
Answer: B
Explanation: Clause 5 covers leadership and management commitment.
5. How many clauses are in ISO 27001:2022?
A) 7
B) 8
C) 10
D) 12
Answer: C
Explanation: ISO 27001:2022 has 10 clauses (4-10 plus 1-3 introductory).
6. How many Annex A controls are in ISO 27001:2022?
A) 93 controls in 4 sections
B) 114 controls in 14 domains
,C) 93 controls in 4 themes
D) 114 controls in 14 categories
Answer: B
Explanation: Annex A contains 93 controls organized into 4 themes, but more specifically
114 controls when counting individually.
7. What is the PDCA cycle in ISO 27001?
A) Plan-Do-Check-Act
B) Prepare-Deploy-Control-Assess
C) Protect-Detect-Correct-Audit
D) Policy-Deployment-Compliance-Audit
Answer: A
Explanation: PDCA stands for Plan-Do-Check-Act, the continuous improvement model.
8. Which clause requires determining the scope of the ISMS?
A) Clause 4.1
B) Clause 4.3
C) Clause 6.1
D) Clause 7.5
Answer: B
Explanation: Clause 4.3 requires determining the scope of the ISMS.
9. What is the purpose of Clause 4.1?
, A) Understanding the organization and its context
B) Determining ISMS scope
C) Leadership commitment
D) Risk assessment
Answer: A
Explanation: Clause 4.1 requires understanding the organization and its context.
10. What does Clause 4.2 require organizations to determine?
A) Interested parties
B) Risk criteria
C) Control objectives
D) Security policies
Answer: A
Explanation: Clause 4.2 requires determining the needs and expectations of interested
parties.
11. What is required by Clause 5.1?
A) Top management must demonstrate leadership
B) Risk assessment must be performed
C) Security awareness training
D) Internal audits
Answer: A
Explanation: Clause 5.1 requires top management to demonstrate leadership and
commitment.
1. What does ISMS stand for?
A) Information Security Management System
B) International Security Management Standard
C) Information System Management Security
D) Integrated Security Management System
Answer: A
Explanation: ISMS stands for Information Security Management System, the framework for
managing information security.
2. Which ISO standard specifies requirements for an ISMS?
A) ISO 27002
B) ISO 27001
C) ISO 27005
D) ISO 31000
Answer: B
Explanation: ISO/IEC 27001 specifies the requirements for establishing, implementing,
maintaining, and continually improving an ISMS.
3. What is the primary purpose of ISO 27001?
A) Technical security controls
B) Risk management framework
C) Business continuity planning
D) Compliance certification
,Answer: B
Explanation: ISO 27001 provides a risk-based framework for managing information
security.
4. Which clause of ISO 27001:2022 covers leadership and commitment?
A) Clause 4
B) Clause 5
C) Clause 6
D) Clause 7
Answer: B
Explanation: Clause 5 covers leadership and management commitment.
5. How many clauses are in ISO 27001:2022?
A) 7
B) 8
C) 10
D) 12
Answer: C
Explanation: ISO 27001:2022 has 10 clauses (4-10 plus 1-3 introductory).
6. How many Annex A controls are in ISO 27001:2022?
A) 93 controls in 4 sections
B) 114 controls in 14 domains
,C) 93 controls in 4 themes
D) 114 controls in 14 categories
Answer: B
Explanation: Annex A contains 93 controls organized into 4 themes, but more specifically
114 controls when counting individually.
7. What is the PDCA cycle in ISO 27001?
A) Plan-Do-Check-Act
B) Prepare-Deploy-Control-Assess
C) Protect-Detect-Correct-Audit
D) Policy-Deployment-Compliance-Audit
Answer: A
Explanation: PDCA stands for Plan-Do-Check-Act, the continuous improvement model.
8. Which clause requires determining the scope of the ISMS?
A) Clause 4.1
B) Clause 4.3
C) Clause 6.1
D) Clause 7.5
Answer: B
Explanation: Clause 4.3 requires determining the scope of the ISMS.
9. What is the purpose of Clause 4.1?
, A) Understanding the organization and its context
B) Determining ISMS scope
C) Leadership commitment
D) Risk assessment
Answer: A
Explanation: Clause 4.1 requires understanding the organization and its context.
10. What does Clause 4.2 require organizations to determine?
A) Interested parties
B) Risk criteria
C) Control objectives
D) Security policies
Answer: A
Explanation: Clause 4.2 requires determining the needs and expectations of interested
parties.
11. What is required by Clause 5.1?
A) Top management must demonstrate leadership
B) Risk assessment must be performed
C) Security awareness training
D) Internal audits
Answer: A
Explanation: Clause 5.1 requires top management to demonstrate leadership and
commitment.
