ISO27-13-001 Online Practice Questions and Answers

Information or data that are classified as ______ do not require labeling.

A. Public

B. Internal

C. Confidential

D. Highly Confidential

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

A. Identifying assets and their value

B. Implementing counter measures

C. Establishing a balance between the costs of an incident and the costs of a security measure

D. Determining relevant vulnerabilities and threats

You see a blue color sticker on certain physical assets. What does this signify?

A. The asset is very high critical and its failure affects the entire organization

B. The asset with blue stickers should be kept air conditioned at all times

C. The asset is high critical and its failure will affect a group/s/project's work in the organization

D. The asset is critical and the impact is restricted to an employee only

What is the worst possible action that an employee may receive for sharing his or her password or access with others?

A. Forced roll off from the project

B. The lowest rating on his or her performance assessment

C. Three days suspension from work

D. Termination

The following are purposes of Information Security, except:

A. Ensure Business Continuity

B. Minimize Business Risk

C. Increase Business Assets

D. Maximize Return on Investment

Which of the following is an information security management system standard published by the International Organization for Standardization?

A. ISO9008

B. ISO27001

C. ISO5501

D. ISO22301

A hacker gains access to a webserver and can view a file on the server containing credit card numbers.

Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated?

A. Availability

B. Confidentiality

C. Integrity

D. Compliance

Which of the following is a technical security measure?

A. Encryption

B. Security policy

C. Safe storage of backups

D. User role profiles.

In order to take out a fire insurance policy, an administration office must determine the value of the data that it manages.

Which factor is [b]not[/b] important for determining the value of data for an organization?

A. The content of data.

B. The degree to which missing, incomplete or incorrect data can be recovered.

C. The indispensability of data for the business processes.

D. The importance of the business processes that make use of the data.

Cabling Security is associated with Power, telecommunication and network cabling carrying information are protected from interception and damage.

A. True

B. False