Skip to Content
Home Introduction to ISO 27001 Introduction to ISO 27001

Introduction to ISO 27001

0 %

Completed

Course content

Introduction to ISO 27001

10 XP
Prev Next
Fullscreen Share
Rating
0 0

There are no comments for now.

Join this Course
to be the first to leave a comment.

1. What is ISO 27001 primarily designed to provide?
A framework for managing information security risks A replacement for cybersecurity technologies A financial accounting standard A framework for data management
2. What does ISMS stand for?
Integrated Security Monitoring Solution Information Security Management System International Security Management Standard Internal System Monitoring Service
3. Which three principles form the foundation of information security?
Cost, efficiency, and performance Confidentiality, integrity, and availability Authentication, authorisation, and encryption Compliance, procurement, and governance
4. What is the purpose of security controls within ISO 27001?
To eliminate all operational activity To replace employee responsibilities To reduce identified security risks appropriately To avoid audit requirements
5. Which statement about risk management is MOST accurate?
Risk management is a one-time exercise completed during audits Risks should be identified, assessed, and reviewed continuously Risk management only applies to technical teams Risks can be ignored if controls already exist
6. Which of the following is an example of an information security control?
Ignoring policy violations Sharing privileged credentials during incidents Disabling audit logging MFA and access management
7. Why are policies and procedures important within an ISMS?
They replace technical security controls entirely Policies are only required for audit documentation Procedures reduce the need for training They support consistent and secure operational behaviour
8. What should employees do if they identify a potential security incident?
Ignore it unless operational impact becomes visible Attempt undocumented remediation independently Report it promptly through approved procedures Wait until annual audit reviews occur
9. Which of the following BEST describes least privilege?
Granting users only the access required for their role Providing administrator access by default Sharing accounts across operational teams Removing authentication requirements for efficiency
10. Why are internal audits important within ISO 27001?
They eliminate the need for risk management They replace incident response activities They only review financial performance They help identify weaknesses and verify compliance
11. What is the purpose of continual improvement within ISO 27001?
To improve controls and processes over time To freeze security controls permanently after certification To reduce operational visibility into risks To avoid updating documentation
12. Which of the following may be considered an information asset?
Only physical laptops Client data and authentication credentials Only cloud infrastructure Only financial systems
13. Why is supplier security included within ISO 27001 governance?
Suppliers are exempt from security expectations Third parties may introduce security and compliance risks Supplier risks only affect procurement teams Third-party access does not require governance
14. Which behaviour BEST supports ISO 27001 compliance?
Following policies, reporting concerns, and applying secure working practices Prioritising convenience over governance controls Ignoring low-risk policy violations Avoiding incident reporting to reduce audit visibility
15. What is the primary purpose of corrective actions?
To assign blame during incidents To avoid documenting audit findings To remove the need for risk reviews To address root causes and improve security effectiveness
16. Which statement about ISO 27001 is MOST accurate?
ISO 27001 is only a documentation exercise ISO 27001 requires operational participation across the organisation ISO 27001 only applies to security teams ISO 27001 eliminates the need for employee training
17. What may happen if information security controls are ineffective?
Audit requirements disappear automatically Security incidents become impossible to detect Data breaches, operational disruption, or compliance failures may occur Risks reduce without further action
18. Why is security awareness training important within an ISMS?
Employees play a critical role in operational security effectiveness Training removes the need for technical controls Training only benefits management teams Human behaviour does not affect security posture
19. Which of the following is an example of poor ISO 27001 operational practice?
Performing access reviews regularly Maintaining security awareness training programmes Following change management procedures Ignoring policy violations and failing to report incidents
20. What is the BEST overall approach to supporting ISO 27001?
Treat ISO 27001 as an annual audit exercise only Prioritise operational convenience over security governance Follow policies, manage risks, report issues, and support continual improvement Limit security responsibilities to technical teams only