ISO Information Security Management Systems Professional

Size: px

Start display at page:

Download "ISO 27000 Information Security Management Systems Professional"

Scarlett Sims
10 years ago
Views:

1 ISO Information Security Management Systems Professional Professional Certifications Sample Questions

2 Sample Questions 1. A single framework of business continuity plans should be maintained to ensure all plans are consistent, to consistently address information security requirements and to identify priorities for testing and maintenance. Which of the following considerations is INCORRECT as a part of the above framework? A. Determination of the conditions for activating the plans, which describe the process to be followed before each plan is activated B. Temporary procedures which describe the actions to be taken to return to normal business operations C. A schedule which specifies the expiration date of the plan D. Emergency procedures, which describe the actions to be taken after an incident which jeopardizes business operations 2. Before encrypted information or cryptographic controls move from one country to another country, which is the key action? A. There is no key action as all have been taken in initial country B. Mandatory or discretionary methods of access by the countries authorities to information encrypted by hardware or software have to implemented by organization C. Legal advice should be taken D. None of the above Page 2

testing and maintenance. Which of the following considerations is INCORRECT as a part of the above framework? A.

3 3. Which of the following, could NOT be included in Information Security Management System documentation: A. A description of the risk assessment methodology B. The risk assessment report C. The scope of the Information Security Management System D. None of the above 4. Which of the following policies can be best hierarchy in High Level General Policies? A. Cryptographic controls policy B. Privacy policy C. Access control policy D. Clear screen policy 5. Which is the key factor that affects the extent of measurement needed for the Information Security Measurement Program? A. The size of the organization B. The complexity of the organization C. The importance of information security D. The combination of the all of the above Page 3

Which of the following policies can be best hierarchy in High Level General Policies? A. Cryptographic controls policy B. Privacy policy C. Access control policy D.

4 6. In order to achieve the control objective To manage information security within the organization which of the following controls is the most suitable to be applied? A. All identified security requirements should be addressed before giving customers access to the organizations information or assets B. Appropriate contacts with special interest groups or other specialist security forums and professional associations should be maintained C. Rules for the acceptable use of information and assets should be identified, documented and implemented D. None of the above 7. Data output from an application should be validated to ensure that the processing of stored information is correct and appropriate to the circumstances. Which of the following actions could NOT be an output data validation? A. Periodic review of the content of key fields or data files to confirm their validity and integrity B. Reconciliation control counts to ensure processing of all data C. Providing sufficient information for a reader or subsequent processing system to determine the accuracy, completeness, precision and classification of the information D. Creating a log of activities Page 4

Appropriate contacts with special interest groups or other specialist security forums and professional associations should be maintained C.

5 8. The systems for managing passwords should be interactive and should ensure quality passwords. When an application requires user passwords to be assigned to an independent authority, which of the following should be applied? A. Enforce a choice of quality passwords B. Allow users to select and change their own passwords and include a confirmation procedure to allow for input errors C. Enforce password changes D. Force users to change temporary passwords at the first log on 9. As a consultant you are advising the IT manager that security incident procedures should be established to handle: A. Information systems failures B. Misuse of information systems C. Malicious code D. All of the above 10. As a Security Officer you have to establish security perimeters in order to protect an area of a new information processing facility. The first step is to: A. Analyze the security requirements and the results of risk assessment in order to define the siting and strength of each of security perimeters B. Define the authentication controls e.g. access control card C. Establish the recorded controls of entry and departure of visitors D. All of the above Page 5

Allow users to select and change their own passwords and include a confirmation procedure to allow for input errors C. Enforce password changes D.

6 ANSWER KEY for SAMPLE Questions 1 C 2 C 3 D 4 B 5 D 6 B 7 A 8 A 9 D 10 C Page 6

INFORMATION SYSTEMS. Revised: August 2013

INFORMATION SYSTEMS. Revised: August 2013 Revised: August 2013 INFORMATION SYSTEMS In November 2011, The University of North Carolina Information Technology Security Council [ITSC] recommended the adoption of ISO/IEC 27002 Information technology