ISO-ISMS-LA Online Practice Questions and Answers

An employee caught with offense of abusing the internet, such as P2P file sharing or video/audio streaming, will not receive a warning for committing such act but will directly receive an IR.

A. True

B. False

The following are purposes of Information Security, except:

A. Ensure Business Continuity

B. Minimize Business Risk

C. Increase Business Assets

D. Maximize Return on Investment

Information Security is a matter of building and maintaining ________ .

A. Confidentiality

B. Trust

C. Protection

D. Firewalls

What is a reason for the classification of information?

A. To provide clear identification tags

B. To structure the information according to its sensitivity

C. Creating a manual describing the BYOD policy

An administration office is going to determine the dangers to which it is exposed.

What do we call a possible event that can have a disruptive effect on the reliability of information?

A. dependency

B. threat

C. vulnerability

D. risk

After a fire has occurred, what repressive measure can be taken?

A. Extinguishing the fire after the fire alarm sounds

B. Buying in a proper fire insurance policy

C. Repairing all systems after the fire

CMM stands for?

A. Capability Maturity Matrix

B. Capacity Maturity Matrix

C. Capability Maturity Model

D. Capable Mature Model

In order to take out a fire insurance policy, an administration office must determine the value of the data that it manages.

Which factor is [b]not[/b] important for determining the value of data for an organization?

A. The content of data.

B. The degree to which missing, incomplete or incorrect data can be recovered.

C. The indispensability of data for the business processes.

D. The importance of the business processes that make use of the data.

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

A. Identifying assets and their value

B. Implementing counter measures

C. Establishing a balance between the costs of an incident and the costs of a security measure

D. Determining relevant vulnerabilities and threats

Which of the following factors does NOT contribute to the value of data for an organisation?

A. The correctness of data

B. The indispensability of data

C. The importance of data for processes

D. The content of data