ISO 27001 Foundation practice UPDATED
ACTUAL Exam Questions and CORRECT
Answers
What does the organization need to consider when determining the ISMS scope? - CORRECT
ANSWER - The internal issues, the requirements of interested parties, and external issues
What is the purpose of ISO 27001? - CORRECT ANSWER - Providing the requirements
of the ISMS development and operation
Which of the following is an external issue that can affect the scope of the ISMS? - CORRECT
ANSWER - Government regulations, risk appetite, processes and practices--or all of the
above
Government regulation is an external issue to the company that can affect the scope of the ISMS
- CORRECT ANSWER - The commitment of top management to improve the ISMS
A risk owner is the one who - CORRECT ANSWER - Is accountable and has the authority
to manage the risk
Interested parties who can affect the scope of the ISMS are - CORRECT ANSWER -
Stakeholders who can affect the ISMS operation, the ones that are affected by the ISMS
activities, Government agencies or regulators who can have special requirements related to the
ISMS --- or all of the above
An antivirus software protect information from being corrupted by malware. It is ensuring the -
CORRECT ANSWER - The integrity of information
Which of the following is required to be included in the Statement of Applicability? - CORRECT
ANSWER - The justification for excluding any of the Annex A controls
, The documentation of internal and external issues is - CORRECT ANSWER - Not
required
What is a residual risk? - CORRECT ANSWER - Remaining risk after treatment
Internal and external issues are reviewed and monitored - CORRECT ANSWER -
Regularly
Owners of a company who may require a return on investment of the ISMS are an example of -
CORRECT ANSWER - Intersted parties
The policies for information security control in Annex A of ISO/IEC 27001 must be reviewed in
order to - CORRECT ANSWER - Check the effectiveness of information security policies
and identify any improvements
What audit outcome should be used to identify an opportunity for improvement? - CORRECT
ANSWER - Observation
Which benefit is gained from operating an Information Security Management System? -
CORRECT ANSWER - Reduces the number of information security incidents, offers
organization wide protection, provides a centrally managed framework --or all the above
Who is responsible of conducting the review of the ISMS to ensure its continuing suitability,
adequacy and effectiveness? - CORRECT ANSWER - The top management
Which controls belong to the Compliance category in Annex A of ISO/IEC 27001? - CORRECT
ANSWER - Intellectual Property rights
Which steps should the collection of evidence (Control A 16.1.7) follow after the occurrence of
an information security incident? - CORRECT ANSWER - Identify, collect and preserve
ACTUAL Exam Questions and CORRECT
Answers
What does the organization need to consider when determining the ISMS scope? - CORRECT
ANSWER - The internal issues, the requirements of interested parties, and external issues
What is the purpose of ISO 27001? - CORRECT ANSWER - Providing the requirements
of the ISMS development and operation
Which of the following is an external issue that can affect the scope of the ISMS? - CORRECT
ANSWER - Government regulations, risk appetite, processes and practices--or all of the
above
Government regulation is an external issue to the company that can affect the scope of the ISMS
- CORRECT ANSWER - The commitment of top management to improve the ISMS
A risk owner is the one who - CORRECT ANSWER - Is accountable and has the authority
to manage the risk
Interested parties who can affect the scope of the ISMS are - CORRECT ANSWER -
Stakeholders who can affect the ISMS operation, the ones that are affected by the ISMS
activities, Government agencies or regulators who can have special requirements related to the
ISMS --- or all of the above
An antivirus software protect information from being corrupted by malware. It is ensuring the -
CORRECT ANSWER - The integrity of information
Which of the following is required to be included in the Statement of Applicability? - CORRECT
ANSWER - The justification for excluding any of the Annex A controls
, The documentation of internal and external issues is - CORRECT ANSWER - Not
required
What is a residual risk? - CORRECT ANSWER - Remaining risk after treatment
Internal and external issues are reviewed and monitored - CORRECT ANSWER -
Regularly
Owners of a company who may require a return on investment of the ISMS are an example of -
CORRECT ANSWER - Intersted parties
The policies for information security control in Annex A of ISO/IEC 27001 must be reviewed in
order to - CORRECT ANSWER - Check the effectiveness of information security policies
and identify any improvements
What audit outcome should be used to identify an opportunity for improvement? - CORRECT
ANSWER - Observation
Which benefit is gained from operating an Information Security Management System? -
CORRECT ANSWER - Reduces the number of information security incidents, offers
organization wide protection, provides a centrally managed framework --or all the above
Who is responsible of conducting the review of the ISMS to ensure its continuing suitability,
adequacy and effectiveness? - CORRECT ANSWER - The top management
Which controls belong to the Compliance category in Annex A of ISO/IEC 27001? - CORRECT
ANSWER - Intellectual Property rights
Which steps should the collection of evidence (Control A 16.1.7) follow after the occurrence of
an information security incident? - CORRECT ANSWER - Identify, collect and preserve
