ISO-IEC-LI Online Practice Questions and Answers

What does the Information Security Policy describe?

A. how the InfoSec-objectives will be reached

B. which InfoSec-controls have been selected and taken

C. what the implementation-planning of the information security management system is

D. which Information Security-procedures are selected

Prior to employment, _________ as well as terms and conditions of employment are included as controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

A. screening

B. authorizing

C. controlling

D. flexing

What is the ISO / IEC 27002 standard?

A. It is a guide of good practices that describes the control objectives and recommended controls regarding information security.

B. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001

C. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.

Select the controls that correspond to the domain "9. ACCESS CONTROL" of ISO / 27002 (Choose three)

A. Restriction of access to information

B. Return of assets

C. Management of access rights with special privileges

D. Withdrawal or adaptation of access rights

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

A. The costs for automating are easier to charge to the responsible departments.

B. A determination can be made as to which report should be printed first and which ones can wait a little longer.

C. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.

D. Reports can be developed more easily and with fewer errors.

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

A. Information Security Management System

B. The use of tokens to gain access to information systems

C. Validation of input and output data in applications

D. Encryption of information

What is the best description of a risk analysis?

A. A risk analysis is a method of mapping risks without looking at company processes.

B. A risk analysis helps to estimate the risks and develop the appropriate security measures.

C. A risk analysis calculates the exact financial consequences of damages.

Who is authorized to change the classification of a document?

A. The author of the document

B. The administrator of the document

C. The owner of the document

D. The manager of the owner of the document

What is an example of a security incident?

A. The lighting in the department no longer works.

B. A member of staff loses a laptop.

C. You cannot set the correct fonts in your word processing software.

D. A file is saved under an incorrect name.

An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

A. Availability measure

B. Integrity measure

C. Organizational measure

D. Technical measure