ISO27001 #2 UPDATED ACTUAL Exam
Questions and CORRECT Answers
Which of the following is/are true regarding ISO 27002.
1. It contains the requirements for implementation of the controls in Annex A of ISO 27001.
2. It is the code of practice for information security controls and provides best practice advice
for the implementation of the controls listed in Annex A of ISO 27001.
3. It is the document against which an organization's implementation of controls is audited.
A. 2 only
B. 1 and 3
C. 1, 2, and 3
D. 1 only - CORRECT ANSWER - A. 2 only
2 The risk assessment methodology should be designed to:
A. Work on a spread sheet
B. Deliver consistent, valid and comparable results
C. Accommodate both quantitative and qualitative methodologies
D. Minimise the amount of time and effort required - CORRECT ANSWER - B. Deliver
consistent, valid and comparable results
When conducting an internal audit, who determines whether an ISMS conforms to an
organisation's requirements?
A. Interested parties
B. Auditors
C. The board of directors - CORRECT ANSWER - A. Auditors
, 4 How does ISO27000:2012 define information security?
A. Maintaining the 'top secret' nature of highly confidential information
B. Preservation of confidentiality, integrity and availability of information
C. Documented statement describing the control objectives and controls that
are relevant and applicable to an organisation's ISMS
D. Option for companies to ensure that confidential information is safe - CORRECT
ANSWER - A. Preservation of confidentiality, integrity and availability of information
5 What could be either an enabler or a hinderance to the success of an ISMS? - CORRECT
ANSWER - Culture of the organization
6 What determines where the risk sits on the risk assessment matrix? - CORRECT
ANSWER - A. The combination of the likelihood and consequence if the risk materialized
What is essential to ensure an ISMS serves the organization?
A. Carry out a risk assessment before doing anything
B. Protecting the confidentiality and integrity of information by restricting access to it
C. Reflecting the business, legal and regulatory drivers for information security
D. Ensuring the cost of implementing controls does not exceed the cost of risk - CORRECT
ANSWER - Reflecting the business, legal and regulatory drivers for information security
A risk decision could result in:
1. Acceptance
2. Rejection
Questions and CORRECT Answers
Which of the following is/are true regarding ISO 27002.
1. It contains the requirements for implementation of the controls in Annex A of ISO 27001.
2. It is the code of practice for information security controls and provides best practice advice
for the implementation of the controls listed in Annex A of ISO 27001.
3. It is the document against which an organization's implementation of controls is audited.
A. 2 only
B. 1 and 3
C. 1, 2, and 3
D. 1 only - CORRECT ANSWER - A. 2 only
2 The risk assessment methodology should be designed to:
A. Work on a spread sheet
B. Deliver consistent, valid and comparable results
C. Accommodate both quantitative and qualitative methodologies
D. Minimise the amount of time and effort required - CORRECT ANSWER - B. Deliver
consistent, valid and comparable results
When conducting an internal audit, who determines whether an ISMS conforms to an
organisation's requirements?
A. Interested parties
B. Auditors
C. The board of directors - CORRECT ANSWER - A. Auditors
, 4 How does ISO27000:2012 define information security?
A. Maintaining the 'top secret' nature of highly confidential information
B. Preservation of confidentiality, integrity and availability of information
C. Documented statement describing the control objectives and controls that
are relevant and applicable to an organisation's ISMS
D. Option for companies to ensure that confidential information is safe - CORRECT
ANSWER - A. Preservation of confidentiality, integrity and availability of information
5 What could be either an enabler or a hinderance to the success of an ISMS? - CORRECT
ANSWER - Culture of the organization
6 What determines where the risk sits on the risk assessment matrix? - CORRECT
ANSWER - A. The combination of the likelihood and consequence if the risk materialized
What is essential to ensure an ISMS serves the organization?
A. Carry out a risk assessment before doing anything
B. Protecting the confidentiality and integrity of information by restricting access to it
C. Reflecting the business, legal and regulatory drivers for information security
D. Ensuring the cost of implementing controls does not exceed the cost of risk - CORRECT
ANSWER - Reflecting the business, legal and regulatory drivers for information security
A risk decision could result in:
1. Acceptance
2. Rejection
