ISO27-13-001 Online Practice Questions and Answers

Which of the following statements are correct for Clean Desk Policy?

A. Don't leave confidential documents on your desk.

B. Don't leave valuable items on your desk if you are not in your work area.

C. Don't leave highly confidential items.

D. Don't leave laptops without cable lock.

What type of legislation requires a proper controlled purchase process?

A. Personal data protection act

B. Computer criminality act

C. Government information act

D. Intellectual property rights act

_________________is an asset like other important business assets has value to an organization and consequently needs to be protected.

A. Infrastructure

B. Data

C. Information

D. Security

Phishing is what type of Information Security Incident?

A. Private Incidents

B. Cracker/Hacker Attacks

C. Technical Vulnerabilities

D. Legal Incidents

What is social engineering?

A. A group planning for a social activity in the organization

B. Creating a situation wherein a third party gains confidential information from you

C. The organization planning an activity for welfare of the neighborhood

An administration office is going to determine the dangers to which it is exposed.

What do we call a possible event that can have a disruptive effect on the reliability of information?

A. dependency

B. threat

C. vulnerability

D. risk

Who are allowed to access highly confidential files?

A. Employees with a business need-to-know

B. Contractors with a business need-to-know

C. Employees with signed NDA have a business need-to-know

D. Non-employees designated with approved access and have signed NDA

In the event of an Information security incident, system users' roles and responsibilities are to be observed, except:

A. Report suspected or known incidents upon discovery through the Servicedesk

B. Preserve evidence if necessary

C. Cooperate with investigative personnel during investigation if needed

D. Make the information security incident details known to all employees

Which of the following is a preventive security measure?

A. Installing logging and monitoring software

B. Shutting down the Internet connection after an attack

C. Storing sensitive information in a data save

Availability means

A. Service should be accessible at the required time and usable by all

B. Service should be accessible at the required time and usable only by the authorized entity

C. Service should not be accessible when required

What is the worst possible action that an employee may receive for sharing his or her password or access with others?

A. Forced roll off from the project

B. The lowest rating on his or her performance assessment

C. Three days suspension from work

D. Termination

In which order is an Information Security Management System set up?

A. Implementation, operation, maintenance, establishment

B. Implementation, operation, improvement, maintenance

C. Establishment, implementation, operation, maintenance

D. Establishment, operation, monitoring, improvement

Which measure is a preventive measure?

A. Installing a logging system that enables changes in a system to be recognized

B. Shutting down all internet traffic after a hacker has gained access to the company systems

C. Putting sensitive information in a safe

Which of the following is not a type of Information Security attack?

A. Legal Incidents

B. Vehicular Incidents

C. Technical Vulnerabilities

D. Privacy Incidents

Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.

Which of these examples is a threat to integrity?

A. a loose cable

B. accidental alteration of data

C. private use of data

D. System restart