ISO27001 and ISO27002, standards and risk
management UPDATED ACTUAL Exam
Questions and CORRECT Answers
Before we are able to start defining a security strategy, we must first know what we are
protecting and what we are protecting it from. - CORRECT ANSWER - Risk Analysis
Risk Assessment
To achieve information security, a suitable set of controls needs to be implemented, what are
they? - CORRECT ANSWER - Policies, procedures, organizational structures and
software and hardware functions.
All security controls and mechanisms are implemented to protect one or more of these security
principles? - CORRECT ANSWER - Confidentiality (exclusivity), Integrity and
Availability
What security principle ensures that a necessary level of secrecy is enforced at each element of
data processing and prevents unauthorized disclosure? - CORRECT ANSWER -
Confidentiality
Confidentiality can be achieved by? - CORRECT ANSWER - Encrypting data while at
rest and during transit
Using network traffic padding
Implementing strict access controls and data classifications
Training and awareness of proper procedures
Some examples of Confidentiality measures are? - CORRECT ANSWER - Clear desk
policy
Need to know basis
Strict access controls (physical and logical)
, Separation of duties
Strict separations between environments
Logical access management
Encryption for data at rest (whole disk, database encryption)
Encryption for data in transit (IPsec, SSL, PPTP, SSH)
What is traffic padding? - CORRECT ANSWER - Produces a continuous random data
stream of cipher text making it harder for an attacker to distinguish between true data flow and
padding.
What security principle refers to being correct or consistent with the intended state of
information? - CORRECT ANSWER - Integrity
Some examples of Integrity measures are? - CORRECT ANSWER - Changes in data and
systems are authorized
Auditing
Segregation of Duties
Hashing (data integrity)
Configuration management (system integrity)
Change control (process integrity)
Access control (physical and logical)
Transmission CRC functions
What security principle refers to the reliable and timeless access to data and resources to
authorized individuals? - CORRECT ANSWER - Availability
Some examples of Availability measures are? - CORRECT ANSWER - RAID
Clustering
Load Balancing
management UPDATED ACTUAL Exam
Questions and CORRECT Answers
Before we are able to start defining a security strategy, we must first know what we are
protecting and what we are protecting it from. - CORRECT ANSWER - Risk Analysis
Risk Assessment
To achieve information security, a suitable set of controls needs to be implemented, what are
they? - CORRECT ANSWER - Policies, procedures, organizational structures and
software and hardware functions.
All security controls and mechanisms are implemented to protect one or more of these security
principles? - CORRECT ANSWER - Confidentiality (exclusivity), Integrity and
Availability
What security principle ensures that a necessary level of secrecy is enforced at each element of
data processing and prevents unauthorized disclosure? - CORRECT ANSWER -
Confidentiality
Confidentiality can be achieved by? - CORRECT ANSWER - Encrypting data while at
rest and during transit
Using network traffic padding
Implementing strict access controls and data classifications
Training and awareness of proper procedures
Some examples of Confidentiality measures are? - CORRECT ANSWER - Clear desk
policy
Need to know basis
Strict access controls (physical and logical)
, Separation of duties
Strict separations between environments
Logical access management
Encryption for data at rest (whole disk, database encryption)
Encryption for data in transit (IPsec, SSL, PPTP, SSH)
What is traffic padding? - CORRECT ANSWER - Produces a continuous random data
stream of cipher text making it harder for an attacker to distinguish between true data flow and
padding.
What security principle refers to being correct or consistent with the intended state of
information? - CORRECT ANSWER - Integrity
Some examples of Integrity measures are? - CORRECT ANSWER - Changes in data and
systems are authorized
Auditing
Segregation of Duties
Hashing (data integrity)
Configuration management (system integrity)
Change control (process integrity)
Access control (physical and logical)
Transmission CRC functions
What security principle refers to the reliable and timeless access to data and resources to
authorized individuals? - CORRECT ANSWER - Availability
Some examples of Availability measures are? - CORRECT ANSWER - RAID
Clustering
Load Balancing
