Diederik Merkens
Quiz by , created 10 months ago

This is the first quiz about 27002

1049
0
0
Diederik Merkens
Created by Diederik Merkens 10 months ago
Close
  • ISO 27002 quiz part 1

    Question 1 of 10

    1

    What does the Information Security Policy describe?

    Select one of the following:

    • which InfoSec-controls have been selected and taken

    • how the InfoSec-objectives will be reached

    • what the implementation-planning of the information security management system is

    • which Information Security-procedures are selected

    Explanation

    Question 2 of 10

    1

    Select from the dropdown list to complete the text.

    In the context of contact with special interest groups, any information sharing agreements should identify requirements for the protection of ( topic-specific, public, confidential ) information.

    Explanation

    Question 3 of 10

    1

    Responsibilities for information security in projects should be defined and allocated to:

    Select one of the following:

    • the project manager

    • specified roles defined in the used project management method of the organization

    • the InfoSec officer

    • the owner of the involved asset

    • the manager of the business domain in which the project is carried out

    Explanation

    Question 4 of 10

    1

    Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

    Select one of the following:

    • True
    • False

    Explanation

    Question 5 of 10

    1

    Select from the dropdown list to complete the text.

    Prior to employment, ( screening, awareness training, trial period ) as well as terms & conditions of employment are included as controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

    Explanation

    Question 6 of 10

    1

    It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures (“whistle blowing”)

    Select one of the following:

    • True
    • False

    Explanation

    Question 7 of 10

    1

    The identified owner of an asset is always an individual

    Select one of the following:

    • True
    • False

    Explanation

    Question 8 of 10

    1

    Who is accountable to classify information assets?

    Select one of the following:

    • the CEO

    • the CISO

    • the asset owner

    • the Information Security team

    Explanation

    Question 9 of 10

    1

    Select from the dropdown list to complete the text.

    Physical labels and ( data encryption, metadata, digital folders ) are two common forms of labelling which are mentioned in ISO 27002.

    Explanation

    Question 10 of 10

    1

    What should be used to protect data on removable media if data confidentiality or integrity are important considerations?

    Select one of the following:

    • backup on another removable medium

    • a password

    • logging

    • cryptographic techniques

    Explanation