ISO

Question 1.

What is the main reason for ISO 27001?

Question 2.

In what document does an organization describe its ISMS approach?

Question 3.

What is the treatment of risk that shifts risk to another party?

Question 4.

What is the required document that describes security risks?

Question 5.

What is the main security rule that guarantees data is accessed only by authorized individuals?

Question 6.

What does ISO call perpetual improvements in ISMS?

Question 7.

What kind of audit is an internal one?

Question 8.

What is ISMS effectiveness appraisal?

Question 9.

What is the procedure for authenticating an individual's identity?

Question 10.

What is the paper that outlines roles and duties?

Question 11.

What is the term used to describe minimizing risk impact?

Question 12.

What is the response to risk that involves not doing anything?

Question 13.

What is the type of control an access badge?

Question 14.

What is the minimum record for an ISO 27001 certification audit?

Question 15.

What kind of backup is done on a regular basis to prevent data loss?

Question16.

What is the initial step in the risk assessment process?

Question 17.

What is the document that outlines ISMS requirements?

Question 18.

What is the attack that takes advantage of human psychology?

Question 19.

What is the unauthorized disclosure of data called?

Question 20.

What is the function that authorizes ISMS policies?

Question 21.

What is the control type that comprises antivirus software?

Question 22.

What is the primary purpose of an ISMS audit?

Question 23.

What is the process of recovering lost data?

Question 24.

What is the term used to describe altering risks to tolerable levels?

Question 25.

What document officially states management's commitment to security?

Question 26.

What is the process of ensuring only necessary data is collected and stored?

Question 27.

What is the security control type that involves staff awareness training?

Question 28.

What is the process of converting plaintext into unreadable text?

Question 29.

What is the term for unauthorized modification of data?

Question 30.

What is the process of identifying weaknesses in a system?

Question 31.

What is the key principle that ensures only authorized users access data?

Question 32.    

What type of control is used to detect security incidents?

Question 33.    

What is the process of assessing potential damage from risks?

Question 34.    

What security principle ensures that actions can be traced back to individuals?

Question 35.    

What is the primary goal of business continuity planning?

Question 36.    

What type of risk treatment involves reducing the likelihood of occurrence?

Question 37.    

What document describes actions to take during a cybersecurity incident?

Question 38.    

What is the process of ensuring security measures function as intended?

Question 39.    

What security concept ensures individuals can be held responsible for their actions?

Question 40.    

What is the document that details an organization's security policies?

Question 41.    

What is the process of formally evaluating an organization’s security compliance?

Question 42.    

What principle ensures that users can only perform actions necessary for their role?

Question 43.    

What is the practice of monitoring user activity in an information system?

Question 44.    

What is the term for restoring data from backup after a failure?

Question 45.    

What is a preventive security control that restricts physical access?

Question 46.    

What type of security control is a security awareness training program?

Question 47.    

What is the term for a security vulnerability that has not been patched?

Question 48.    

What is the process of formally authorizing system changes before implementation?

Question 49.    

What type of control is an audit log used for tracking security events?

Question 50.    

What is the primary objective of risk management in cybersecurity?