ISO-IEC-LI Online Practice Questions and Answers

One of the ways Internet of Things (IoT) devices can communicate with each other (or `the outside world') is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?

A. Near Field Communication (NFC)

B. Bluetooth

C. Radio Frequency Identification (RFID)

D. The 4G protocol

Why is compliance important for the reliability of the information?

A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.

B. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.

C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.

D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.

Responsibilities for information security in projects should be defined and allocated to: A. the project manager

B. specified roles defined in the used project management method of the organization

C. the InfoSec officer

D. the owner of the involved asset

Prior to employment, _________ as well as terms and conditions of employment are included as controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

A. screening

B. authorizing

C. controlling

D. flexing

Companies use 27002 for compliance for which of the following reasons:

A. A structured program that helps with security and compliance

B. Explicit requirements for all regulations

C. Compliance with ISO 27002 is sufficient to comply with all regulations

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

A. Information Security Management System

B. The use of tokens to gain access to information systems

C. Validation of input and output data in applications

D. Encryption of information

Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization.

What occurs during the first step of this process: identification?

A. The first step consists of checking if the user is using the correct certificate.

B. The first step consists of checking if the user appears on the list of authorized users.

C. The first step consists of comparing the password with the registered password.

D. The first step consists of granting access to the information to which the user is authorized.

What is an example of a non-human threat to the physical environment?

A. Fraudulent transaction

B. Corrupted file

C. Storm

D. Virus

An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

A. Availability measure

B. Integrity measure

C. Organizational measure

D. Technical measure

What is the greatest risk for an organization if no information security policy has been defined?

A. If everyone works with the same account, it is impossible to find out who worked on what.

B. Information security activities are carried out by only a few people.

C. Too many measures are implemented.

D. It is not possible for an organization to implement information security in a consistent manner.