APMG-International
ISO-IEC-27001-Foundation
Q1:
Which activity is a required element of information security risk identification?
○
A
Determine the risk owners○
B
Consider the likelihood of the occurrence○
C
Prioritize the risk for treatment○
D
Determine the level of risk
APMG-International
ISO-IEC-27001-Foundation
Q2:
Which statement is a factor that will influence the implementation of the information security management system?
○
A
The ISMS will be separate from the organization's overall management structure○
B
The ISMS will encompass all controls specified within ISO/IEC 27001○
C
The ISMS will be scaled to the controls according to the needs of the organization○
D
The ISMS will be operated as an independent process within the organization
APMG-International
ISO-IEC-27001-Foundation
Q3:
Which aspect of ISO/IEC 27001 requires that contractors know about the organization's information security policies?
○
A
Nonconformity and corrective action○
B
Competence○
C
Communication○
D
Awareness
APMG-International
ISO-IEC-27001-Foundation
Q4:
Which action is a required response to an identified residual risk?
○
A
By default, it shall be controlled by information security awareness and training○
B
Top management shall delegate its treatment to risk owners○
C
It shall be reviewed by the risk owner to consider acceptance○
D
The organization shall change practices to avoid the risk occurring
APMG-International
ISO-IEC-27001-Foundation
Q5:
Which action is an organization required to take to ensure that personnel are competent to perform their assigned tasks within the ISMS?
○
A
Identify products which could be used in the organization to improve ISMS performance and effectiveness○
B
Ensure all personnel are trained to ISO/IEC 27001 Foundation level○
C
Ensure that the controls for compliance with legal and contractual requirements are implemented○
D
Hold up-to-date records on training, skills, experience and qualifications