ISO 27001 FOUNDATION PRACTICE
TEST
What does the organization need to consider when determining the
ISMS scope? - ANSWER The internal issues, the requirements of
interested parties, and external issues
What is the purpose of ISO 27001? - ANSWER Providing the
requirements of the ISMS development and operation
Which of the following is an external issue that can affect the scope of
the ISMS? - ANSWER Government regulations, risk appetite, processes
and practices--or all of the above
Government regulation is an external issue to the company that can
affect the scope of the ISMS - ANSWER The commitment of top
management to improve the ISMS
A risk owner is the one who - ANSWER Is accountable and has the
authority to manage the risk
Interested parties who can affect the scope of the ISMS are - ANSWER
Stakeholders who can affect the ISMS operation, the ones that are
affected by the ISMS activities, Government agencies or regulators who
can have special requirements related to the ISMS --- or all of the above
An antivirus software protect information from being corrupted by
malware. It is ensuring the - ANSWER The integrity of information
Which of the following is required to be included in the Statement of
Applicability? - ANSWER The justification for excluding any of the Annex
A controls
The documentation of internal and external issues is - ANSWER Not
required
What is a residual risk? - ANSWER Remaining risk after treatment
, Internal and external issues are reviewed and monitored - ANSWER
Regularly
Owners of a company who may require a return on investment of the
ISMS are an example of - ANSWER Intersted parties
The policies for information security control in Annex A of ISO/IEC
27001 must be reviewed in order to - ANSWER Check the effectiveness
of information security policies and identify any improvements
What audit outcome should be used to identify an opportunity for
improvement? - ANSWER Observation
Which benefit is gained from operating an Information Security
Management System? - ANSWER Reduces the number of information
security incidents, offers organization wide protection, provides a
centrally managed framework --or all the above
Who is responsible of conducting the review of the ISMS to ensure its
continuing suitability, adequacy and effectiveness? - ANSWER The top
management
Which controls belong to the Compliance category in Annex A of
ISO/IEC 27001? - ANSWER Intellectual Property rights
Which steps should the collection of evidence (Control A 16.1.7) follow
after the occurrence of an information security incident? - ANSWER
Identify, collect and preserve
The scope of the ISMS should be validated by - ANSWER top
management
Reassessment of risk should be performed - ANSWER Regularly and
when significant changes occur
As per ISO/IEC 27001 requirements, documenting the results of the risk
treatment plan is - ANSWER Mandatory
TEST
What does the organization need to consider when determining the
ISMS scope? - ANSWER The internal issues, the requirements of
interested parties, and external issues
What is the purpose of ISO 27001? - ANSWER Providing the
requirements of the ISMS development and operation
Which of the following is an external issue that can affect the scope of
the ISMS? - ANSWER Government regulations, risk appetite, processes
and practices--or all of the above
Government regulation is an external issue to the company that can
affect the scope of the ISMS - ANSWER The commitment of top
management to improve the ISMS
A risk owner is the one who - ANSWER Is accountable and has the
authority to manage the risk
Interested parties who can affect the scope of the ISMS are - ANSWER
Stakeholders who can affect the ISMS operation, the ones that are
affected by the ISMS activities, Government agencies or regulators who
can have special requirements related to the ISMS --- or all of the above
An antivirus software protect information from being corrupted by
malware. It is ensuring the - ANSWER The integrity of information
Which of the following is required to be included in the Statement of
Applicability? - ANSWER The justification for excluding any of the Annex
A controls
The documentation of internal and external issues is - ANSWER Not
required
What is a residual risk? - ANSWER Remaining risk after treatment
, Internal and external issues are reviewed and monitored - ANSWER
Regularly
Owners of a company who may require a return on investment of the
ISMS are an example of - ANSWER Intersted parties
The policies for information security control in Annex A of ISO/IEC
27001 must be reviewed in order to - ANSWER Check the effectiveness
of information security policies and identify any improvements
What audit outcome should be used to identify an opportunity for
improvement? - ANSWER Observation
Which benefit is gained from operating an Information Security
Management System? - ANSWER Reduces the number of information
security incidents, offers organization wide protection, provides a
centrally managed framework --or all the above
Who is responsible of conducting the review of the ISMS to ensure its
continuing suitability, adequacy and effectiveness? - ANSWER The top
management
Which controls belong to the Compliance category in Annex A of
ISO/IEC 27001? - ANSWER Intellectual Property rights
Which steps should the collection of evidence (Control A 16.1.7) follow
after the occurrence of an information security incident? - ANSWER
Identify, collect and preserve
The scope of the ISMS should be validated by - ANSWER top
management
Reassessment of risk should be performed - ANSWER Regularly and
when significant changes occur
As per ISO/IEC 27001 requirements, documenting the results of the risk
treatment plan is - ANSWER Mandatory
