ISO 27001 Annex A controls UPDATED
ACTUAL Exam Questions and CORRECT
Answers
5 Organizational controls - CORRECT ANSWER - Policies for information security
Information security policy and topic-specific policies shall be defined, approved by
management, published, communicated to and acknowledged by relevant personnel and relevant
interested parties, and reviewed at planned intervals and if significant changes occur.
5 Organizational controls - CORRECT ANSWER - Information security roles and
responsibilities
Information security roles and responsibilities shall be defined and allocated according to the
organization needs.
5 Organizational controls - CORRECT ANSWER - Segregation of duties Control
Conflicting duties and conflicting areas of responsibility shall be segregated.
5 Organizational controls - CORRECT ANSWER - Management responsibilities Control
Management shall require all personnel to apply information security in accordance with the
established information security policy, topic- specific policies and procedures of the
organization.
5 Organizational controls - CORRECT ANSWER - Contact with authorities Control
The organization shall establish and maintain contact with relevant authorities.
,5 Organizational controls - CORRECT ANSWER - Contact with special interest groups
The organization shall establish and maintain contact with special interest groups or other
specialist security forums and professional associations.
5 Organizational controls - CORRECT ANSWER - Threat intelligence Control
Information relating to information security threats shall be collected and analysed to produce
threat intelligence.
5 Organizational controls - CORRECT ANSWER - Information security in project
management
Information security shall be integrated into project management.
5 Organizational controls - CORRECT ANSWER - Inventory of information and other
associated assets
An inventory of information and other associated assets, including owners, shall be developed
and maintained.
5 Organizational controls - CORRECT ANSWER - Acceptable use of information and
other associated assets
Rules for the acceptable use and procedures for handling information and other associated assets
shall be identified, documented and implemented.
5 Organizational controls - CORRECT ANSWER - Return of assets Control
, Personnel and other interested parties as appropriate shall return all the organization's assets in
their possession upon change or termination of their employment, contract or agreement.
5 Organizational controls - CORRECT ANSWER - Classification of information Control
Information shall be classified according to the information security needs of the organization
based on confidentiality, integrity, availability and relevant interested party requirements.
5 Organizational controls - CORRECT ANSWER - Labelling of information Control
An appropriate set of procedures for information labelling shall be developed and implemented
in accordance with the information classification scheme adopted by the organization.
5 Organizational controls - CORRECT ANSWER - Information transfer Control
Information transfer rules, procedures, or agreements shall be in place for all types of transfer
facilities within the organization and between the organization and other parties.
5 Organizational controls - CORRECT ANSWER - Access control Control
Rules to control physical and logical access to information and other associated assets shall be
established and implemented based on business and information security requirements.
5 Organizational controls - CORRECT ANSWER - Identity management Control
The full life cycle of identities shall be managed.
5 Organizational controls - CORRECT ANSWER - Authentication information Control
ACTUAL Exam Questions and CORRECT
Answers
5 Organizational controls - CORRECT ANSWER - Policies for information security
Information security policy and topic-specific policies shall be defined, approved by
management, published, communicated to and acknowledged by relevant personnel and relevant
interested parties, and reviewed at planned intervals and if significant changes occur.
5 Organizational controls - CORRECT ANSWER - Information security roles and
responsibilities
Information security roles and responsibilities shall be defined and allocated according to the
organization needs.
5 Organizational controls - CORRECT ANSWER - Segregation of duties Control
Conflicting duties and conflicting areas of responsibility shall be segregated.
5 Organizational controls - CORRECT ANSWER - Management responsibilities Control
Management shall require all personnel to apply information security in accordance with the
established information security policy, topic- specific policies and procedures of the
organization.
5 Organizational controls - CORRECT ANSWER - Contact with authorities Control
The organization shall establish and maintain contact with relevant authorities.
,5 Organizational controls - CORRECT ANSWER - Contact with special interest groups
The organization shall establish and maintain contact with special interest groups or other
specialist security forums and professional associations.
5 Organizational controls - CORRECT ANSWER - Threat intelligence Control
Information relating to information security threats shall be collected and analysed to produce
threat intelligence.
5 Organizational controls - CORRECT ANSWER - Information security in project
management
Information security shall be integrated into project management.
5 Organizational controls - CORRECT ANSWER - Inventory of information and other
associated assets
An inventory of information and other associated assets, including owners, shall be developed
and maintained.
5 Organizational controls - CORRECT ANSWER - Acceptable use of information and
other associated assets
Rules for the acceptable use and procedures for handling information and other associated assets
shall be identified, documented and implemented.
5 Organizational controls - CORRECT ANSWER - Return of assets Control
, Personnel and other interested parties as appropriate shall return all the organization's assets in
their possession upon change or termination of their employment, contract or agreement.
5 Organizational controls - CORRECT ANSWER - Classification of information Control
Information shall be classified according to the information security needs of the organization
based on confidentiality, integrity, availability and relevant interested party requirements.
5 Organizational controls - CORRECT ANSWER - Labelling of information Control
An appropriate set of procedures for information labelling shall be developed and implemented
in accordance with the information classification scheme adopted by the organization.
5 Organizational controls - CORRECT ANSWER - Information transfer Control
Information transfer rules, procedures, or agreements shall be in place for all types of transfer
facilities within the organization and between the organization and other parties.
5 Organizational controls - CORRECT ANSWER - Access control Control
Rules to control physical and logical access to information and other associated assets shall be
established and implemented based on business and information security requirements.
5 Organizational controls - CORRECT ANSWER - Identity management Control
The full life cycle of identities shall be managed.
5 Organizational controls - CORRECT ANSWER - Authentication information Control
