Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM ISO-ISMS-LA - ISO 27001:2013 ISMS - Certified Lead Auditor

GAQM ISO-ISMS-LA Premium Access     Download Demo    
Page: 1 / 3
Total 100 questions

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. 

What is not one of the four main objectives of a risk analysis?

A.

Identifying assets and their value

B.

Implementing counter measures

C.

Establishing a balance between the costs of an incident and the costs of a security measure

D.

Determining relevant vulnerabilities and threats  

You see a blue color sticker on certain physical assets. What does this signify?

A.

The asset is very high critical and its failure affects the entire organization

B.

The asset with blue stickers should be kept air conditioned at all times

C.

The asset is high critical and its failure will affect a group/s/project's work in the organization

D.

The asset is critical and the impact is restricted to an employee only

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure? 

A.

Appoint security staff

B.

Encrypt all sensitive information 

C.

Formulate a policy 

D.

Set up an access control procedure 

What is a definition of compliance? 

A.

Laws, considered collectively or the process of making or enacting laws 

B.

The state or fact of according with or meeting rules or standards

C.

An official or authoritative instruction 

D.

A rule or directive made and maintained by an authority.

Often, people do not pick up their prints from a shared printer. How can this affect the confidentiality of information?

A.

Confidentiality cannot be guaranteed

B.

Integrity cannot be guaranteed

C.

Authenticity cannot be guaranteed

D.

Availability cannot be guaranteed

A property of Information that has the ability to prove occurrence of a claimed event.

A.

Electronic chain letters 

B.

Integrity

C.

Availability

D.

Accessibility

Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this? 

A.

Social engineering threat 

B.

Organisational threat

C.

Technical threat 

D.

Malware threat 

What type of system ensures a coherent Information Security organisation? 

A.

Federal Information Security Management Act (FISMA) 

B.

Information Technology Service Management System (ITSM)

C.

Information Security Management System (ISMS) 

D.

Information Exchange Data System (IEDS)

The following are definitions of Information, except:

A.

accurate and timely data

B.

specific and organized data for a purpose

C.

mature and measurable data

D.

can lead to understanding and decrease in uncertainty

Changes to the information processing facilities shall be done in controlled manner.

A.

True

B.

False