ISO 27001 FOUNDATION PRACTICE
TEST
What does the organization need to consider when determining the
ISMS scope? - ANSWER The internal issues, the requirements of
interested parties, and external issues
What is the purpose of ISO 27001? - ANSWER Providing the
requirements of the ISMS development and operation
Which of the following is an external issue that can affect the scope of
the ISMS? - ANSWER Government regulations, risk appetite, processes
and practices--or all of the above
Government regulation is an external issue to the company that can
affect the scope of the ISMS - ANSWER The commitment of top
management to improve the ISMS
A risk owner is the one who - ANSWER Is accountable and has the
authority to manage the risk
Interested parties who can affect the scope of the ISMS are - ANSWER
Stakeholders who can affect the ISMS operation, the ones that are
affected by the ISMS activities, Government agencies or regulators who
can have special requirements related to the ISMS --- or all of the above
An antivirus software protect information from being corrupted by
malware. It is ensuring the - ANSWER The integrity of information
Which of the following is required to be included in the Statement of
Applicability? - ANSWER The justification for excluding any of the Annex
A controls
The documentation of internal and external issues is - ANSWER Not
required
What is a residual risk? - ANSWER Remaining risk after treatment
, Internal and external issues are reviewed and monitored - ANSWER
Regularly
Owners of a company who may require a return on investment of the
ISMS are an example of - ANSWER Intersted parties
The policies for information security control in Annex A of ISO/IEC
27001 must be reviewed in order to - ANSWER Check the effectiveness
of information security policies and identify any improvements
What audit outcome should be used to identify an opportunity for
improvement? - ANSWER Observation
Which benefit is gained from operating an Information Security
Management System? - ANSWER Reduces the number of information
security incidents, offers organization wide protection, provides a
centrally managed framework --or all the above
Who is responsible of conducting the review of the ISMS to ensure its
continuing suitability, adequacy and effectiveness? - ANSWER The top
management
Which controls belong to the Compliance category in Annex A of
ISO/IEC 27001? - ANSWER Intellectual Property rights
Which steps should the collection of evidence (Control A 16.1.7) follow
after the occurrence of an information security incident? - ANSWER
Identify, collect and preserve
The scope of the ISMS should be validated by - ANSWER top
management
Reassessment of risk should be performed - ANSWER Regularly and
when significant changes occur
As per ISO/IEC 27001 requirements, documenting the results of the risk
treatment plan is - ANSWER Mandatory
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller luzlinkuz. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.