ISO Information Security Management Systems Foundation

Transcription

1 ISO Information Security Management Systems Foundation Professional Certifications Sample Questions

2 Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality management systems. A. ITIL B. SixSigma C. CobiT D. All of the above 2. In an access control policy, it is recommended to avoid: A. Everything is generally permitted unless expressly forbidden B. Everything is generally forbidden unless expressly permitted C. Usage of standard user access profiles for common job roles in the organization D. Process for removal of access rights 3. Which of the following elements should be considered when confidentiality agreements with employee are signed? A. Responsibilities regarding hardware and software installation and maintenance B. The permitted use of confidential information and rights of the signatory to use information C. The establishment of an escalation process for problem resolution D. All of the above Page 2

3 4. The process approach for information security management encourages its user to emphasize the implementation of: A. Monitoring and reviewing the performance of implementing controls B. Implementing and operating controls to manage an organization s information security risks in the context of the organization s overall business risks C. Continual improvement based on incident s experience 5. In order to define the detailed scope and boundaries for the Information Security Management System (ISMS), the following are necessary: a) Define the organizational scope and boundaries b) Define Information Communication Technology (ICT) scope and boundaries c) Define physical scope and boundaries The consideration ISMS Management forum should be consisted of managers directly involved in the scope of ISMS in which case should best taking into account? A. Organizational scope and boundaries B. ICT scope and boundaries C. Physical scope and boundaries 6. During the audit there should be frequent exchange of information among members of the audit team in order to: A. Ensure that all of the audit objectives are met. B. Ensure that as many nonconformities as possible are found. C. (A) and (B) Page 3

4 7. As a Human Resource manager, you have to hire new personnel for a job that has to do with handling of highly confidential information. Which of the following verification checks are you going to implement? A. Availability of satisfactory character references and check of the curriculum vitae B. Credit checks, checks of criminal records an independent identity check C. The above and further more detailed checks D. Appropriate checks described in relevant procedures that define criteria and limitations (e.g. regulations, laws, ethics) 8. Which of the following is NOT a malicious code? A. Logic bombs B. Hash C. Viruses and worms 9. According to ISO/IEC requirements the security requirements should be identified and agreed prior to the development and / or implementation of an information system. The main control objective is to: A. Ensure that security is an integral part of information systems B. Prevent errors, loss, unauthorized modification or misuse of information in application C. Ensure the security of systems files D. Maintain the security of application system software and information Page 4

5 10. The term "information security incident" refers to a(n): A. Identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of controls, or a previously unknown situation that may be security relevant B. Single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security C. Potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization D. All of the above Page 5

6 ANSWER KEY for SAMPLE Questions 1 D 2 A 3 B 4 B 5 A 6 A 7 D 8 B 9 A 10 B Page 6