ISO-ISMS-LA Online Practice Questions and Answers

What is the purpose of an Information Security policy?

A. An information security policy makes the security plan concrete by providing the necessary details

B. An information security policy provides insight into threats and the possible consequences

C. An information security policy provides direction and support to the management regarding information security

D. An information security policy documents the analysis of risks and the search for countermeasures

A fire breaks out in a branch office of a health insurance company. The personnel are transferred to neighboring branches to continue their work.

Where in the incident cycle is moving to a stand-by arrangements found?

A. between threat and incident

B. between recovery and threat

C. between damage and recovery

D. between incident and damage

Changes on project-managed applications or database should undergo the change control process as documented.

A. True

B. False

What type of measure involves the stopping of possible consequences of security incidents?

A. Corrective

B. Detective

C. Repressive

D. Preventive

Does the security have the right to ask you to display your ID badges and check your bags?

A. True

B. False

How are data and information related?

A. Data is a collection of structured and unstructured information

B. Information consists of facts and statistics collected together for reference or analysis

C. When meaning and value are assigned to data, it becomes information

A hacker gains access to a webserver and can view a file on the server containing credit card numbers. Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated?

A. Availability

B. Confidentiality

C. Integrity

D. Compliance

What is a repressive measure in case of a fire?

A. Taking out a fire insurance

B. Putting out a fire after it has been detected by a fire detector

C. Repairing damage caused by the fire

How is the purpose of information security policy best described?

A. An information security policy documents the analysis of risks and the search for countermeasures.

B. An information security policy provides direction and support to the management regarding information security.

C. An information security policy makes the security plan concrete by providing it with the necessary details.

D. An information security policy provides insight into threats and the possible consequences.

In what part of the process to grant access to a system does the user present a token?

A. Authorisation

B. Verification

C. Authentication

D. Identification