What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?
What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?A . To prevent unauthorized physical access, damage, and interference to the organization's information and other associated assetsB . To maintain the confidentiality of information that is accessible by personnel or external partiesC . To ensure...
What can be concluded from this scenario?
FinanceX, a well-known financial institution, uses an online banking platform that enables clients to easily and securely access their bank accounts. To log in, clients are required to enter the one-lime authorization code sent to their smartphone. What can be concluded from this scenario?A . FinanceX has implemented a securityControl...
Is this compliant with ISO/IEC 27001?
An organization documented each security control that it Implemented by describing their functions in detail. Is this compliant with ISO/IEC 27001?A . No, the standard requires to document only the operation of processes and controls, so no description of each security control is neededB . No, because the documented information...
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's top management contracted two experts to direct and manage the ISMS implementation project.
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's...
Which tool is used to identify, analyze, and manage interested parties?
Which tool is used to identify, analyze, and manage interested parties?A . The probability/impact matrixB . The power/interest matrixC . The likelihood/severity matrixView AnswerAnswer: B Explanation: The power/interest matrix is a tool that can be used to identify, analyze, and manage interested parties according to ISO/IEC 27001:2022. The power/interest matrix...
Based on scenario 5. in which category of the interested parties does the MR manager of Operaze belong?
Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review,...
Which of the actions presented in scenario 4 is NOT compliant with the requirements of ISO/IEC 27001?
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's...
Based on scenario 5. which committee should Operaze create to ensure the smooth running of the ISMS?
Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review,...
What should TradeB do in order to deal with residual risks?
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's...
Can Socket Inc. find out that no persistent backdoor was placed and that the attack was initiated from an employee inside the company by reviewing event logs that record user faults and exceptions?
Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility. Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did...