ISO-ISMS-LA Online Practice Questions and Answers

The following are purposes of Information Security, except:

A. Ensure Business Continuity

B. Minimize Business Risk

C. Increase Business Assets

D. Maximize Return on Investment

Which threat could occur if no physical measures are taken?

A. Unauthorised persons viewing sensitive files

B. Confidential prints being left on the printer

C. A server shutting down because of overheating

D. Hackers entering the corporate network

Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of

threats are: a cable becomes loose, someone alters information by accident, data is used privately or is

falsified.

Which of these examples is a threat to integrity?

A. a loose cable

B. accidental alteration of data

C. private use of data

D. System restart

What type of measure involves the stopping of possible consequences of security incidents?

A. Corrective

B. Detective

C. Repressive

D. Preventive

After a devastating office fire, all staff are moved to other branches of the company. At what moment in the incident management process is this measure effectuated?

A. Between incident and damage

B. Between detection and classification

C. Between recovery and normal operations

D. Between classification and escalation

What is a reason for the classification of information?

A. To provide clear identification tags

B. To structure the information according to its sensitivity

C. Creating a manual describing the BYOD policy

What controls can you do to protect sensitive data in your computer when you go out for lunch?

A. You activate your favorite screen-saver

B. You are confident to leave your computer screen as is since a password protected screensaver is installed and it is set to activate after 10 minutes of inactivity

C. You lock your computer by pressing Windows+L or CTRL-ALT-DELETE and then click "Lock Computer".

D. You turn off the monitor

A decent visitor is roaming around without visitor's ID. As an employee you should do the following, except:

A. Say "hi" and offer coffee

B. Call the receptionist and inform about the visitor

C. Greet and ask him what is his business

D. Escort him to his destination

What type of compliancy standard, regulation or legislation provides a code of practice for information security?

A. ISO/IEC 27002

B. Personal data protection act

C. Computer criminality act

D. IT Service Management

A planning process that introduced the concept of planning as a cycle that forms the basis for continuous improvement is called:

A. time based planning.

B. plan, do, check, act.

C. planning for continuous improvement.

D. RACI Matrix