ISO 27001 module 1-3 UPDATED ACTUAL
Exam Questions and CORRECT Answers
A list of required documentation. - CORRECT ANSWER - Scope of ISMS
Information secuirty and risk treatment
Information secuirty policy and objectives
Statement of Applicability
Risk treatment plan
Risk treatment report
Records of training, skills experience and qualifications
Monitoring measurement results
Internal audit program
Results of internal audit
Results of mangement review
Results of corrective actions
Is ISO 27001 a standard that defines the technical details for information security, e.g., how to
configure a firewall? - CORRECT ANSWER - No
Why is the Planning section described before the Operation section in the standard? - CORRECT
ANSWER - In order to have efficient operations, you need to plan them ahead
Identify which of the following information security controls are organizational controls: -
CORRECT ANSWER - Defining a policy on the use of cryptographic controls
Documenting a clear screen policy
Documenting a procedure for training employees
Choose which of the following activities are parts of the Plan phase: - CORRECT
ANSWER - Identify information security risks
, Based on the results from the risk assessment, choose controls and document a Statement of
applicability
Document the Information Security Policy
The project manager, as one of the basic roles in the ISMS implementation process, has the
following characteristics: - CORRECT ANSWER - Coordinates the project for
implementation of ISO 27001
Often is also the information security officer
How do you decide which policies and procedures to document? - CORRECT ANSWER -
Check whether it is required by ISO 27001
Check the risk assessment results to see if there is a need for such a control
Check how important the process is to you and how complex it is
Improving the overall information security in your company.
Compliance with the ISO 27001 standard and to information security legislation.
Lowering expenses
Organizing your company.
Providing a marketing edge. - CORRECT ANSWER - What are the most significant
benefits of implementing an Information Security Management System based on ISO 27001 in
an organization?
Flase - CORRECT ANSWER - Information security and IT security refer to the same
thing: true or false
True - CORRECT ANSWER - An Information Security Management System is a
systematic approach for managing and protecting a company's information. true or false
A method used for implementation and maintenance of an Information Security Management
System in organizations - CORRECT ANSWER - The PDCA cycle is:
Exam Questions and CORRECT Answers
A list of required documentation. - CORRECT ANSWER - Scope of ISMS
Information secuirty and risk treatment
Information secuirty policy and objectives
Statement of Applicability
Risk treatment plan
Risk treatment report
Records of training, skills experience and qualifications
Monitoring measurement results
Internal audit program
Results of internal audit
Results of mangement review
Results of corrective actions
Is ISO 27001 a standard that defines the technical details for information security, e.g., how to
configure a firewall? - CORRECT ANSWER - No
Why is the Planning section described before the Operation section in the standard? - CORRECT
ANSWER - In order to have efficient operations, you need to plan them ahead
Identify which of the following information security controls are organizational controls: -
CORRECT ANSWER - Defining a policy on the use of cryptographic controls
Documenting a clear screen policy
Documenting a procedure for training employees
Choose which of the following activities are parts of the Plan phase: - CORRECT
ANSWER - Identify information security risks
, Based on the results from the risk assessment, choose controls and document a Statement of
applicability
Document the Information Security Policy
The project manager, as one of the basic roles in the ISMS implementation process, has the
following characteristics: - CORRECT ANSWER - Coordinates the project for
implementation of ISO 27001
Often is also the information security officer
How do you decide which policies and procedures to document? - CORRECT ANSWER -
Check whether it is required by ISO 27001
Check the risk assessment results to see if there is a need for such a control
Check how important the process is to you and how complex it is
Improving the overall information security in your company.
Compliance with the ISO 27001 standard and to information security legislation.
Lowering expenses
Organizing your company.
Providing a marketing edge. - CORRECT ANSWER - What are the most significant
benefits of implementing an Information Security Management System based on ISO 27001 in
an organization?
Flase - CORRECT ANSWER - Information security and IT security refer to the same
thing: true or false
True - CORRECT ANSWER - An Information Security Management System is a
systematic approach for managing and protecting a company's information. true or false
A method used for implementation and maintenance of an Information Security Management
System in organizations - CORRECT ANSWER - The PDCA cycle is:
