ISOIEC 27001 Information Security Associate Program Exam Answers

ISO/IEC 27001 Information Security Associate Program Exam Ans

Hello Friends in this article i am gone to share skill front ISO/IEC 27001 Information Security Associate Program Exam Quiz Answers with you..

About this Exam

100% FREE ISO/IEC 27001 Information Security Associate™

  • CERTIFICATION: ISO/IEC 27001 Information Security Associate™ (USD 199.- Value)
  • BONUS PROGRAM E-BOOK: 63 Pages (USD 97.- Value)
  • BONUS PROGRAM AUDIOBOOK: 58 Minutes, 26 Seconds (USD 50.- Value)
  • SHAREABLE & VERIFIABLE DIGITAL BADGE: Your Name Engraved On It, Custom Made For You (USD 99.- Value)

The Skills You’ll Learn:

Chapter 1. Why Does ISO/IEC 27001 Matter?
Chapter 2. The Structure Of ISO/IEC 27001
Chapter 3. ISMS Scope and Statement of Applicability (SoA)
Chapter 4. Mandatory Requirements for Organizational ISO 27001 Certification
Chapter 5. ISO 27001 Audit Programs
Chapter 6. ISO 27001 Step-By-Step Implementation Guide
Chapter 7. ISO 27001 Roles And Responsibility In Organizations
BONUS Chapter 1. Become A Bit Better Than You, Everyday.
BONUS Chapter 2. Next Steps For The Pursuit Of Growth.

Enroll Link : ISO/IEC 27001 Information Security Associate Program

ISO/IEC 27001 Information Security Associate Program Exam Quiz Answers

Question 1)
Which of the following contains references to expected business continuity planning practices that organizations must implement?

  • ISO 17799:2008,section 1
  • ISO 27002:2005, section 10
  • ISO 27005:2008, section 8
  • ISO 27001:2005, annex A

Question 2)
Which sections are included in the ISO/IEC 27001?

  • Introduction: the standard describes a process for systematically managing information risks
  • Operation: it contains a bit more detail about assessing and treating information risks, managing changes, and documenting things
  • Planning: outlines the process to identify, analyze, and plan to treat information risks and clarify information security objectives.
  • All the choices above.

Question 3)
What are the requirements for the SoA (Statement of Applicability)?

  • It is a mandatory requirement.
  • It must not be explicitly defined.
  • It should contain the risk treatment options.
  • All the choices above.

Question 4)
Taking organizational security measures is inseparably linked with all other measures that have to be taken. What is the name of the system that guarantees the coherence of information security in the organization? (1)

  • Rootkit
  • Information Security Management System (ISMS)
  • Security regulations for special information for the government
  • None of the choices above

Question 5)
Who is responsible for the internal ISMS audits, plans, and manages the audits?

  • ISMS officer/CISO.
  • External audit team.
  • CEO of the organization.
  • None of the choices above.

Question 6)
Which steps can be included in the Phase Model for ISMS Scope Definition and SoA Awareness Campaigns? (4)

  • Raising Awareness
  • Evaluating effectiveness
  • Assessing requirements
  • All the choices above.

Question 7)
When determining the scope of the information security management system, which one is a FALSE consideration?

  • The requirements shall be considered.
  • The scope shall not be available as documented information.
  • The external and internal issues shall be considered.
  • The interfaces and dependencies between activities performed by the organization and
  • those that are performed by other organizations.

Question 8)
Which department of the organization is responsible for the establishment of the information security policy?

  • IT department.
  • Top management.
  • Marketing department.
  • Human Ressource department.

Question 9)
What is the purpose of performing the Risk Assessment & Risk Treatment?

  • The purpose of the risk treatment process is to decrease the risks that are not acceptable.
  • A Risk Assessment Report is essential, which documents all the steps taken during the risk assessment and risk treatment process.
  • By implementing the risk assessment, the point is to get a comprehensive picture of the internal and external dangers to the organization’s information.
  • All the choices above.

Question 10)
What is the benefit of certified compliance with ISO/IEC 27001 by a respected certification body?

  • The certificate has marketing potential and brand value.
  • It demonstrates that the organization takes information security management seriously.
  • It demonstrates that it is a quality organization.
  • All the choices above.

Question 11)
Which points shall the Information Security Policy contain?

  • Including information security objectives or providing the framework for setting information security objectives.
  • Including a commitment to satisfy applicable requirements related to information security.
  • Including a commitment to continual improvement of the information security management system.
  • All the choices above.

Question 12)
Why do organizations have an information security policy?

  • To give direction to how information security is set up within an organization.
  • To demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
  • To ensure that everyone knows who is responsible for carrying out the backup procedures.
  • To ensure that staff does not break any laws.

Question 13)
What should the review of the organization’s information security management system include?

  • Nonconformities and corrective actions.
  • Opportunities for continual improvement.
  • Changes in external and internal issues, which are relevant to the information security management system.
  • All the choices above.

Question 14)
A properly implemented risk analysis provides a considerable amount of useful information. A risk analysis has four main objectives. Which one is NOT one of the four main objectives of risk analysis?

  • Identifying assets and their value.
  • Determining the costs of threats.
  • Determining relevant vulnerabilities and threats.
  • Establishing a balance between the costs of an incident and the costs of a security measure.

Question 15)
When an organization processes information in a confidential nature and is legally obliged to implement the highest-level security measures, what type of a risk management strategy does it need to use?

  • Risk avoiding.
  • Risk neutral.
  • Risk bearing.
  • All of the choices above.

Question 16)
Which steps does an information risk treatment include?

  • Formulate an information security risk treatment plan.
  • Determine all necessary controls to implement the information security risk treatment option chosen.
  • Select appropriate information security risk treatment options, taking account of the risk assessment results.
  • All the choices above.

Question 17)
Which is NOT one of the characteristics of an information security objective?

  • To be measurable.
  • To be communicated.
  • To be constant and not be updated as appropriate.
  • To be consistent with the information security policy.

Question 18)
Which step is essential so that an organization can achieve its information security objectives?

  • What will be done.
  • Who will be responsible.
  • What resources will be required.
  • All the choices above.

Question 19)
What should be included in the operational planning and control documents?

  • The organization shall ensure that outsourced processes are determined and controlled.
  • The organization shall control planned changes and review the consequences of unintended changes.
  • The organization shall keep documented information to have confidence that the processes have been carried as planned.
  • All the choices above.

Question 20)
What is NOT a risk treatment option based on ISO/IEC 27001?

  • Risk Transfer.
  • Risk Avoidance.
  • Risk Awareness.
  • Risk Reduction.

Question 21)
What should an organization document as evidence of the monitoring and measurement of information security?

  • Who shall monitor and measure.
  • When the monitoring and measuring shall be performed.
  • What needs to be monitored and measured, including information security processes and controls.
  • All the choices above.

Question 22)
Which answer is NOT an objective to the internal audits that the organization shall conduct at planned intervals?

  • The organization shall define the audit criteria and scope for each audit.
  • The organization shall plan, establish, and maintain an audit program.
  • The organization shall ensure that the results of the audits are reported to the relevant management.
  • The organization shall select auditors and conduct audits that ensure partiality and subjectivity of the audit process.

Question 23)
Which step is NOT included in the Information Risk Assessment Process?

  • Identifying information security risks.
  • Analyze information security risks.
  • Evaluate information security risks.
  • Formulate an information security risk treatment plan.

Question 24)
What is NOT the right course of action for the organization when a nonconformity occurs?

  • The information security management system should remain unchanged.
  • The organization should review the effectiveness of any corrective action taken.
  • The organization should evaluate the need for action to eliminate the causes of nonconformity.
  • The organization should take action to control and correct it and deal with the consequences.

Question 25)
When an audit program in the organization must be planned and implemented, which aspects should be considered?

  • Frequency of audits.
  • Planning requirements for the audits.
  • Roles and responsibilities within the teams.
  • All the choices above.

Question 26)
Which is the sub-process that is included in the cyclical process of the audit program?

  • Defining general audit criteria.
  • Planning specific audit activities.
  • Reviewing and improvement of the audit activities by the management.
  • All the choices above.

Question 27)
Why is the ISO Step-By-Step Implementation Guide so crucial for the organization?

  • If you follow this Guide, the organization can achieve the ISO 27001 certification.
  • The Guide shows the organization Step-By-Step an easy way to implement the ISO 27001.
  • In this checklist, you have the main steps to implement ISO 27001 easy in your organization.
  • All the choices above.

Question 28)
What is the primary goal of writing an Information Security Policy?

  • It should be very detailed.
  • The management should define what it wants to achieve and how to control it.
  • It should define advanced requirements for information security in the organization.
  • None of the choices above.

Question 29)
When an organization implements an ISO/IEC 27001 compliance program, what is NOT one of the required tasks?

  • The management must ensure that everyone performs their duties.
  • The management must ensure that the ISMS is achieving the desired results.
  • They must, for example, configure the firewall in the organization.
  • They must know what is going on in the ISMS and make some crucial decisions.

Question 30)
What are the typical duties of the security leadership role?

  • Setting the strategic objective, building the security road-map, allocating budget, and human resources.
  • Developing, tracking, and reporting security Key performance indicators (KPIs) to relevant stakeholders.
  • Defining the security program’s context, including aligning the program to business objectives and ensuring appropriate stakeholders have been considered.
  • All the choices above.

Question 31)
When determining the scope of the information security management system, which one is a FALSE consideration?

  • The requirements shall be considered.
  • The scope shall not be available as documented information.
  • The external and internal issues shall be considered.
  • The interfaces and dependencies between activities performed by the organization and
  • those that are performed by other organizations.

 

 

Leave a Comment