According to ISO IEC 27001:2022 in clause 5.1 Leadership and Commitment, how should top management provide evidence of their commitment to the ISMS?

A) Promoting continuous improvement.

B) Directing and supporting people to contribute to the effectiveness of the information security management system.

None is requested by clause 5.1.

According to ISO IEC 27001:2022 Clause 5.2, the information security policy should:

(A): Be available as documented information.

(B): Be communicated within the organization.

(C): Be available to interested parties, as appropriate.

According to ISO IEC 27001:2022, regarding risk management, the organization shall:

(A): Define and implement an information security risk assessment process.

(B): Define and implement an information security risk treatment process.

(C): Maintain documented information on information security risk assessment and risk treatment processes.

According to ISO IEC 27001:2022, regarding clause 7.5 documented information, the organization shall ensure: 1. That it is available and ready for use, where and when needed. 2. That it is adequately protected (e.g., against loss of confidentiality, misuse, or loss of integrity). 3. To perform activities as applicable to ensure the preservation of legibility.

(C): None since clause 7.5 does not refer to documented information of an ISMS.

According to ISO IEC 27001:2022, regarding clause 9.1 Monitoring, Measurement, Analysis and Evaluation, the organization shall define: 1. What needs to be tracked and measured, including information security processes and controls. 2. The methods of monitoring, measurement, analysis, and evaluation, as applicable, to ensure valid results.

(C): None since clause 9.1 does not refer to the Monitoring, Measurement, Analysis, and Evaluation of an ISMS.

According to ISO IEC 27001:2022, regarding clause 9.1 Internal audits, the organization shall: 1. Plan, establish, implement and maintain an audit program(s) that includes frequency, methods, responsibilities, planning requirements, and reporting. 2. Audit programs should consider the importance of the processes involved and the results of previous audits. 3. Conduct internal audits at planned intervals, to provide information about the information security management system.

(C): None since clause 9.1 does not refer to internal audits.

According to ISO IEC 27001:2022, regarding clause 8.3 Treatment of Information Security Risks, the organization shall: 1. Implement the information security risk management plan. 2. Retain documented information on the results of the treatment of information security risks.

(C): None, since clause 8.3 does not refer to the Information Security risk treatment plan.

According to ISO/IEC 27001:2022 regarding clause 7.5 Documented Information, the organization shall ensure, as appropriate: 1. Identification and description (e.g., title, date, author or reference number). 2. Format (e.g., language, software version, graphics) and its media (e.g., paper, electronic). 3 The review and approval regarding suitability and adequacy.

(C): None since clause 7.5 does not refer to the treatment of documented information of an ISMS.

ISO/IEC 27001:2022 regarding clause 6.1 actions to address risks and opportunities, states that mitigate, assume, share and eliminate are:

(B): The classification of controls in Appendix A.

(C): Risk classification for the SOA.

In ISO IEC 27001:2022, ____________________ is defined as a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are met.

(C): Information security policy.

(D): ISO IEC 27001:2022 Standard.

In ISO IEC 27001:2022 in clause 4.3, during the determination of the Scope of the Information Security Management System the _________ and the ____________ should be considered.

(D): The external and internal issues mentioned in section 4.1 and the requirements mentioned in section 4.2

(A): The external and internal dependencies mentioned in section 4.1 and the risks mentioned in section 4.2.

(B): Stakeholders and risks surrounding the organization.

(C): Stakeholders and requirements. .

According to ISO IEC 27001:2022, ________________ during its ________________ should include considerations on: Changes in external and internal issues that are relevant to the ISMS. The status of actions since previous management reviews. Opportunities for continuous improvement.

(C): Top Management during its ISMS review.

(A): Senior Management during its internal audit.

(B): Auditors during their internal audit.

(D): Auditors during their ISMS review.

Certiprof ISO27001 Foundation - Exercise

Authored by sudiyuwono wowo

Professional Development

1st Grade

Used 2+ times

Certiprof ISO27001 Foundation - Exercise

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

40 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

According to ISO IEC 27001:2022 Clause 4.3, external and internal issues, interfaces and
dependencies must be considered to define the ISMS scope.
This statement is:

True

False

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

According to ISO IEC 27001:2022, the information security risk assessment process requires
identifying risk owners and establishing and maintaining information security risk criteria.
This statement is:

True

False

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which statement describes the benefits of an information security management system?

An aid to management in structuring its approach to information security management.

Enables organizations to properly manage disruptive incidents.

Allows the organization to focus on containing the impact caused by information security incidents.

An aid in the identification of nonconformities during audits.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Appointing at least two internal auditors for the information security system is described as a
critical success factor of an information security management system (ISMS). This statement is:

Trus

False

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Implementing an effective information security awareness, training, and education program is
described as a critical success factor of an information security management system (ISMS).
This statement is:

True

False

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

ISO IEC 27001:2022 requires information security objectives to be part of:

Internal audits.

ISMS reviews.

The information security policy.

The SoA.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

According to ISO IEC 27001:2022 in its clause 9.3 Management review, communicating the
importance of complying with the requirements of the ISMS is a top management responsibility
concerning the ISMS:

True

False

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

45 questions

PC TWR II 2022

Quiz

•

1st Grade

37 questions

RRSP

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

8 questions

2 Step Word Problems

Quiz

•

KG - University

20 questions

Comparing Fractions

Quiz

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Latin Bases claus(clois,clos, clud, clus) and ped

Quiz

•

6th - 8th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

7 questions

The Story of Books

Quiz

•

6th - 8th Grade

Discover more resources for Professional Development

15 questions

Guess the Food with Emojis

Quiz

•

1st Grade

Certiprof ISO27001 Foundation - Exercise

According to ISO IEC 27001:2022 Clause 4.3, external and internal issues, interfaces and
dependencies must be considered to define the ISMS scope.
This statement is:

According to ISO IEC 27001:2022, the information security risk assessment process requires
identifying risk owners and establishing and maintaining information security risk criteria.
This statement is:

Which statement describes the benefits of an information security management system?

Appointing at least two internal auditors for the information security system is described as a
critical success factor of an information security management system (ISMS). This statement is:

Implementing an effective information security awareness, training, and education program is
described as a critical success factor of an information security management system (ISMS).
This statement is:

ISO IEC 27001:2022 requires information security objectives to be part of:

According to ISO IEC 27001:2022 in its clause 9.3 Management review, communicating the
importance of complying with the requirements of the ISMS is a top management responsibility
concerning the ISMS:

According to ISO IEC 27001:2022 in clause 5.1 Leadership and Commitment, how should top
management provide evidence of their commitment to the ISMS?

According to ISO IEC 27001:2022 in clause 9.3, the objective of the top management review of
the ISMS is to ensure its suitability, adequacy, and continuing effectiveness.

According to ISO IEC 27001:2022 the SoA must contain:
1. Evidence of senior management authorization of controls.
2. A list of the risks applicable to the organization.
3. The necessary controls with their justifications for inclusion and exclusion.
4. The information security policy.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Certiprof ISO27001 Foundation - Exercise

According to ISO IEC 27001:2022 Clause 4.3, external and internal issues, interfaces anddependencies must be considered to define the ISMS scope. This statement is:

According to ISO IEC 27001:2022, the information security risk assessment process requiresidentifying risk owners and establishing and maintaining information security risk criteria. This statement is:

Which statement describes the benefits of an information security management system?

Appointing at least two internal auditors for the information security system is described as acritical success factor of an information security management system (ISMS). This statement is:

Implementing an effective information security awareness, training, and education program isdescribed as a critical success factor of an information security management system (ISMS). This statement is:

ISO IEC 27001:2022 requires information security objectives to be part of:

According to ISO IEC 27001:2022 in its clause 9.3 Management review, communicating theimportance of complying with the requirements of the ISMS is a top management responsibilityconcerning the ISMS:

According to ISO IEC 27001:2022 in clause 5.1 Leadership and Commitment, how should topmanagement provide evidence of their commitment to the ISMS?

According to ISO IEC 27001:2022 in clause 9.3, the objective of the top management review ofthe ISMS is to ensure its suitability, adequacy, and continuing effectiveness.

According to ISO IEC 27001:2022 the SoA must contain:1. Evidence of senior management authorization of controls.2. A list of the risks applicable to the organization.3. The necessary controls with their justifications for inclusion and exclusion.4. The information security policy.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

According to ISO IEC 27001:2022 Clause 4.3, external and internal issues, interfaces and
dependencies must be considered to define the ISMS scope.
This statement is:

According to ISO IEC 27001:2022, the information security risk assessment process requires
identifying risk owners and establishing and maintaining information security risk criteria.
This statement is:

Appointing at least two internal auditors for the information security system is described as a
critical success factor of an information security management system (ISMS). This statement is:

Implementing an effective information security awareness, training, and education program is
described as a critical success factor of an information security management system (ISMS).
This statement is:

According to ISO IEC 27001:2022 in its clause 9.3 Management review, communicating the
importance of complying with the requirements of the ISMS is a top management responsibility
concerning the ISMS:

According to ISO IEC 27001:2022 in clause 5.1 Leadership and Commitment, how should top
management provide evidence of their commitment to the ISMS?

According to ISO IEC 27001:2022 in clause 9.3, the objective of the top management review of
the ISMS is to ensure its suitability, adequacy, and continuing effectiveness.

According to ISO IEC 27001:2022 the SoA must contain:
1. Evidence of senior management authorization of controls.
2. A list of the risks applicable to the organization.
3. The necessary controls with their justifications for inclusion and exclusion.
4. The information security policy.