Which is the main purpose of control 6.1 Screening of ISO/IEC 27001:2022?

To ensure that all personnel are eligible and suitable for their roles

To ensure that employees and contractors are aware of and fulfil their information security responsibilities

To protect the organization’s interests as part of the process of any changes in employment

Who shall have access to documented operating procedures?

The person responsible for operating procedures

What is the main requirement of control 8.34 Protection of information systems during audit testing of ISO/IEC 27001:2022?

The tester and appropriate management shall plan and agree on audit tests and other assurance activities involving assessment of operational systems

The tester and appropriate management shall appropriately manage test information

The tester shall separate and secure the development, testing, and production environments

What is the purpose of control 5.7 Threat intelligence of ISO/IEC 27001:2022?

To provide awareness of the organization’s threat environment

To ensure appropriate flow of information takes place with respect to information security

To ensure authorized access to information and other associated assets

Which statement below best describes the relationship between information security aspects?

Threats exploit vulnerabilities to damage or destroy assets

Controls protect assets by reducing threats

Risk is a function of vulnerabilities that harm assets

Which of the following is one of the objectives of the privacy protection policy?

To increase awareness regarding the legal requirements for protecting personal information

To increase awareness regarding cybercrimes that target an organization’s computer network

To increase awareness regarding the validity of digital signatures in electronic documents

ISO27001 Quizz Section 789 (Day#2C)

Authored by sudiyuwono wowo

Professional Development

1st Grade

Used 4+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

15 questions

Show all answers

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

An action taken to eliminate the cause of a potential nonconformity or other potential undesirable situation is known as:

Correction

Corrective action

Preventive action

Answer explanation

Preventive actions are actions taken to eliminate the cause of a potential nonconformity or other potential undesirable situation.

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

What are the activities that should be included in the situation analysis phase of the corrective action process?

Identification and documentation of the nonconformities

Evaluation of options and selection of solutions

Follow- up on and review of corrective actions

Answer explanation

Situation analysis phase of the corrective action process comprises of three activities: analysis of the root cause, evaluation of options, and selection of solutions.

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

What is the correlation between continual improvement and information security errors?

Continual improvement helps reduce the number of errors

Continual improvement helps increase the number of errors

Continual improvement introduces new errors

Answer explanation

The continual improvement process helps reduce the number of errors

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

An action taken to eliminate the causes of a nonconformity helps in the creation of a continual improvement culture.

True

False

Answer explanation

A corrective action aims to correct; it does not promote continual improvement in an organization, nor does it foster such culture

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

Segregation of information security duties is :

Detective and Technical control

Preventive and adminsitrative control

Corrective and managerial control

Answer explanation

By function, the segregation of duties is a preventive control that reduces the opportunities for the unauthorized use or unintentional misuse of the organization’s information. By type, it is an administrative control

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

Consideration of applicable legislation is:

Detective and maangerial control

Corrective and administrative control

Preventive and legal control

Answer explanation

By function, taking the applicable legislation into consideration is a preventive control that prevents breaches in legal obligations related to information security. By type, it is a legal control

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

Why should organizations review the information security policies after the occurrence of significant changes?

To ensure continuing reliability of the information security policy

To ensure continuing suitability, adequacy, and effectiveness of the information security policy

To ensure continuing efficiency, performance, and correctness of the information security policy

Answer explanation

Based on ISO/IEC 27001:2022, control 5.1 the policies for information security should be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

11 questions

Soal PPPK 2021

Quiz

•

KG - Professional Dev...

10 questions

Protein, Fats and Carbohydrates

Quiz

•

KG - University

15 questions

Classroom Expectations

Quiz

•

1st Grade

15 questions

Single View Мэдлэг бататгах quiz

Quiz

•

1st Grade

20 questions

QUIZ 4 : TOPIC 8 [PROCESS COSTING]

Quiz

•

1st Grade - University

20 questions

How much idea I have?

Quiz

•

1st Grade - Professio...

17 questions

Computing part 1 U 6-10

Quiz

•

1st Grade

15 questions

El conocimiento, la ciencia y la investigación

Quiz

•

1st Grade

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Professional Development

15 questions

Guess the Food with Emojis

Quiz

•

1st Grade

ISO27001 Quizz Section 789 (Day#2C)

An action taken to eliminate the cause of a potential nonconformity or other potential undesirable situation is known as:

Preventive actions are actions taken to eliminate the cause of a potential nonconformity or other potential undesirable situation.

What are the activities that should be included in the situation analysis phase of the corrective action process?

Situation analysis phase of the corrective action process comprises of three activities: analysis of the root cause, evaluation of options, and selection of solutions.

What is the correlation between continual improvement and information security errors?

The continual improvement process helps reduce the number of errors

An action taken to eliminate the causes of a nonconformity helps in the creation of a continual improvement culture.

A corrective action aims to correct; it does not promote continual improvement in an organization, nor does it foster such culture

Segregation of information security duties is :

By function, the segregation of duties is a preventive control that reduces the opportunities for the unauthorized use or unintentional misuse of the organization’s information. By type, it is an administrative control

Consideration of applicable legislation is:

By function, taking the applicable legislation into consideration is a preventive control that prevents breaches in legal obligations related to information security. By type, it is a legal control

Why should organizations review the information security policies after the occurrence of significant changes?

Based on ISO/IEC 27001:2022, control 5.1 the policies for information security should be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness

**Which is the main purpose of control 6.1 Screening of ISO/IEC 27001:2022?**

The purpose of control 6.1, as defined by ISO/IEC 27002, is to ensure all personnel are eligible and suitable for the roles for which they are considered.

Who shall have access to documented operating procedures?

Based on ISO/IEC 27001:2022, control 5.37, operating procedures for information processing facilities shall be documented and made available personnel who need them.

**What is the main requirement of control 8.34 Protection of information systems during audit testing of ISO/IEC 27001:2022?**

According to ISO/IEC 27001:2022, control 8.34, audit tests and other assurance activities involving assessment of operational systems shall be planned and agreed between the tester and appropriate management.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development