ISO 27001 Annex A controls UPDATED ACTUAL Exam Questions and CORRECT Answers

ISO 27001 Annex A controls UPDATED
ACTUAL Exam Questions and CORRECT
Answers
5 Organizational controls - CORRECT ANSWER - Policies for information security


Information security policy and topic-specific policies shall be defined, approved by
management, published, communicated to and acknowledged by relevant personnel and relevant
interested parties, and reviewed at planned intervals and if significant changes occur.


5 Organizational controls - CORRECT ANSWER - Information security roles and
responsibilities


Information security roles and responsibilities shall be defined and allocated according to the
organization needs.


5 Organizational controls - CORRECT ANSWER - Segregation of duties Control


Conflicting duties and conflicting areas of responsibility shall be segregated.


5 Organizational controls - CORRECT ANSWER - Management responsibilities Control


Management shall require all personnel to apply information security in accordance with the
established information security policy, topic- specific policies and procedures of the
organization.


5 Organizational controls - CORRECT ANSWER - Contact with authorities Control


The organization shall establish and maintain contact with relevant authorities.

,5 Organizational controls - CORRECT ANSWER - Contact with special interest groups


The organization shall establish and maintain contact with special interest groups or other
specialist security forums and professional associations.


5 Organizational controls - CORRECT ANSWER - Threat intelligence Control


Information relating to information security threats shall be collected and analysed to produce
threat intelligence.


5 Organizational controls - CORRECT ANSWER - Information security in project
management


Information security shall be integrated into project management.


5 Organizational controls - CORRECT ANSWER - Inventory of information and other
associated assets


An inventory of information and other associated assets, including owners, shall be developed
and maintained.


5 Organizational controls - CORRECT ANSWER - Acceptable use of information and
other associated assets


Rules for the acceptable use and procedures for handling information and other associated assets
shall be identified, documented and implemented.


5 Organizational controls - CORRECT ANSWER - Return of assets Control

, Personnel and other interested parties as appropriate shall return all the organization's assets in
their possession upon change or termination of their employment, contract or agreement.


5 Organizational controls - CORRECT ANSWER - Classification of information Control


Information shall be classified according to the information security needs of the organization
based on confidentiality, integrity, availability and relevant interested party requirements.


5 Organizational controls - CORRECT ANSWER - Labelling of information Control


An appropriate set of procedures for information labelling shall be developed and implemented
in accordance with the information classification scheme adopted by the organization.


5 Organizational controls - CORRECT ANSWER - Information transfer Control


Information transfer rules, procedures, or agreements shall be in place for all types of transfer
facilities within the organization and between the organization and other parties.


5 Organizational controls - CORRECT ANSWER - Access control Control


Rules to control physical and logical access to information and other associated assets shall be
established and implemented based on business and information security requirements.


5 Organizational controls - CORRECT ANSWER - Identity management Control


The full life cycle of identities shall be managed.


5 Organizational controls - CORRECT ANSWER - Authentication information Control