Lead Auditor 27001

Question 1

Information is what kind of asset?

Answer 1

Strategic

Question 2

Property of accuracy and completeness. CIA triad

Answer 2

Integrity

Question 3

CIA Triad

Answer 3

Confidential
Integrity
Availability

Question 4

A hacker compromising a message someone sends to another is what CIA?

Answer 4

Integrity, accuracy of message was corrupted

Question 5

When someone sends a message and they can no longer claim they didn’t is what?

Answer 5

Non repudiation

Question 6

Property is the entity it claims to be

Answer 6

Authenticity

Question 7

Example of authentic and non repudiation

Answer 7

Digital signature

Question 8

Use a framework of resources to achieve an organization’s objectives

Answer 8

Management systems

Question 9

Management system components

Answer 9

Quality management
Scope
Organization
Process
Policies
Records

Question 10

PDCA cycle

Answer 10

In the quality management:
Plan
Do
Check
Act

Question 11

Management system used to ensure the information security of its information assets

Answer 11

ISMS

In sec man sys

Question 12

Item of value to an org is a primary asset

Answer 12

False, information asset

Primary is business process

Question 13

Stand. That specifies requirements for estáb implementation and manage. And continual improving of ISMS

Answer 13

ISO 27001

Question 14

Catalog of security and privacy controls for all U.S. federal information systems

Answer 14

Nist 800-53

Question 15

Framework for governance and manage of enterprise IT

Answer 15

Cobit 2019

Question 16

Only normative standards like 27001 can be audited

Answer 16

True

Question 18

Nist framework is what 5?

Answer 18

Identify
Protect
Detect
Respond
Recover

6th is governance

Question 20

Standard that contains guidelines for implementing security controls

Answer 20

27002

Question 21

Clause 7.5

Answer 21

Documented information

Question 22

Which clause requires org to include documented information in the ISMS as directly required by 27001 and org for effectiveness of the ISMS

Answer 22

7.5

Question 23

Documentation life cycle

Answer 23

Créate
Store
Use
Archive
Dispose

Question 24

12 step method

Answer 24

Management support
Scope of ISMS
Gap Analysis
Information security policy
Competence assurance
Asset inventory
Risk management methodology
Risk assessment
Risk treatment
Performance evaluation
Improvement
Certification audit

Question 25

Determines whether a project is worth it

Answer 25

Business case

Question 26

Raci matrix

Answer 26

Responsible
Accountable
Consulted
Informed

Question 27

Most important reason to obtain support by top management for an ISO 27001 implementation project

Answer 27

Guarantee sufficient resources and budget for the implementation

Question 28

Responsibility specifically for top management in ISO 27001

Answer 28

Approving information security policy

Question 29

True or false, multiple roles can be assigned accountability role within an activity

Answer 29

False

Question 31

Name a standard that is normative and can be certified

Answer 31

27001

Question 32

A procedures describing how to configure a server is an example of?

Answer 32

Document

Question 34

3 purposes of context analysis

Answer 34

Scope of isms
Risk and opportunities
Adaptation

Question 35

Pestel

Answer 35

Political
Economical
Social
Technological
Environmental
Legal

Question 37

4.4

Answer 37

Org estab implements and maintains continuous improvement of ISMS

Question 38

Only 2 process required in ISO 27001

Answer 38

Risk assessment
Risk treatment

Question 39

This has to be available as documented information due to requirements of ISO 27001

Answer 39

Scope of ISMS

Question 40

A customer requiring an org to have compliance with privacy regulations is defined as what?

Answer 40

Interested party

Question 41

Who is accountable for approving scope of ISMS?

Answer 41

Top management

Question 42

Org establishes information security objectives and plans to achieve them at relevant functions and levels

Answer 42

6.2

Question 43

Info sec objectives

Answer 43

Strategic goals
Is policy
Confidential
Integrity
Availability

Question 44

Smart goals

Answer 44

Specific
Measure able
Achieve able
Relevant
Timebound

Question 47

Management systeme used to ensure the information security of its information assets

Answer 47

ISMS

Question 49

Primary assets are an item of value to the org

Answer 49

False, information assets

Primary is business processes and activities information

Supporting assets- enable primary assets

Question 50

4 tabs to track assets

Answer 50

Classification
Type
Category
Owner

Question 52

This consists of leadership, org structure and process that ensure enterprises IT sustains and extends the enterprise strategies and objectives

Answer 52

IT governance

Question 53

3 benefits of IT governance

Answer 53

Benefits realization
Risk optimization
Resource optimization

Question 54

Resource optimization treats risks to meet an org risk acceptance criteria

Answer 54

False, risk optimization
-Resource optimization is the provision of necessary resources and training for efficient tech use

Benefits realization is IT creates value aligned with org values and measure for success and eliminate low value initiatives