What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?

What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?A . To prevent unauthorized physical access, damage, and interference to the organization's information and other associated assetsB . To maintain the confidentiality of information that is accessible by personnel or external partiesC . To ensure...

September 5, 2024 No Comments READ MORE +

What can be concluded from this scenario?

FinanceX, a well-known financial institution, uses an online banking platform that enables clients to easily and securely access their bank accounts. To log in, clients are required to enter the one-lime authorization code sent to their smartphone. What can be concluded from this scenario?A . FinanceX has implemented a securityControl...

September 5, 2024 No Comments READ MORE +

Is this compliant with ISO/IEC 27001?

An organization documented each security control that it Implemented by describing their functions in detail. Is this compliant with ISO/IEC 27001?A . No, the standard requires to document only the operation of processes and controls, so no description of each security control is neededB . No, because the documented information...

September 5, 2024 No Comments READ MORE +

Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's top management contracted two experts to direct and manage the ISMS implementation project.

Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's...

September 4, 2024 No Comments READ MORE +

Which tool is used to identify, analyze, and manage interested parties?

Which tool is used to identify, analyze, and manage interested parties?A . The probability/impact matrixB . The power/interest matrixC . The likelihood/severity matrixView AnswerAnswer: B Explanation: The power/interest matrix is a tool that can be used to identify, analyze, and manage interested parties according to ISO/IEC 27001:2022. The power/interest matrix...

September 3, 2024 No Comments READ MORE +

Based on scenario 5. in which category of the interested parties does the MR manager of Operaze belong?

Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review,...

September 3, 2024 No Comments READ MORE +

Which of the actions presented in scenario 4 is NOT compliant with the requirements of ISO/IEC 27001?

Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's...

September 2, 2024 No Comments READ MORE +

Based on scenario 5. which committee should Operaze create to ensure the smooth running of the ISMS?

Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review,...

September 2, 2024 No Comments READ MORE +

What should TradeB do in order to deal with residual risks?

Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's...

August 31, 2024 No Comments READ MORE +

Can Socket Inc. find out that no persistent backdoor was placed and that the attack was initiated from an employee inside the company by reviewing event logs that record user faults and exceptions?

Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility. Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did...

August 30, 2024 No Comments READ MORE +