Professional Documents
Culture Documents
2. The scope of an IT audit often varies, but can involve any combination of the following:
4. An information security management system (ISMS) is a set of policies and procedures for
systematically managing an organization’s sensitive data
True or False?
True
Answer: ………….
A. SETA
B. Access control
C. PDCA
D. PCA
6. Which of the following is a crucial step among the 6 main steps in the ISMS
implementation?
A. Risk Appetite
B. Statement of Applicability
C. Preparing Asset register
D. Security Awareness
7. To make sound decisions about information security, management must not be informed
about the various threats to an organization’s people, applications, data, and information
systems.
True or False?
False
Answer: ………….
8. Losses to assets may come from intentional or accidental actions by insiders and people
outside the organization fall into which category of Threats & Attacks.
A. Forces of Nature
B. Hacking
C. Human error or failure
D. Espionage or trespass
A. IT Department
B. CISO
C. CEO
D. All the above
10. Local security coordinators have several responsibilities in an organisation. Which of the
following is one of them?
A. Ensuring security policies are followed and any security breaches are identified
B. Ensuring that the CISO is conducting Risk Assessment properly
C. Ensuring ISO 27001 implementation is going smoothly
D. Ensuring that security controls are being implemented properly
11. IT security governance is the system by which an organization directs and controls IT
security (based on ISO 38500).
True or False?
True
Answer: ………….
12. Privacy legislation such as ________ will influence how information is stored and managed
within the enterprise and how resources are deployed to ensure that it complies with this
legislation.
A. Non-Disclosure Agreement
B. Data Protection Act
C. Service Level Agreement
D. Cybersecurity & Cybercrime Act 2021
13. Information Security Governance is doing the right thing and Information Security
Management is doing things right. If we say Accountability in Governance, to which of the
following are we referring to in Management?
A. Flexibility
B. Assurance
C. Responsibility
D. Operability
A. Risk Management
B. Governance
C. ISMS
D. Security
15. In Information Security Governance Best Practices, information security activities must
not be integrated into other management activities of the enterprise, including strategic
planning, capital planning, and enterprise architecture.
True or False?
Answer: ………….
False
16. Involving senior management in developing, writing and getting commitment to security
policies will help in which of the following?
True or False?
Answer: ………….
True
18. A standard is a set of detailed working instructions that will describe what, when, how
and by whom something should be done.
True or False?
False
Answer: ………….
20. Ensuring that users only access information, facilities or equipment for which they have
the requisite authorization can be included in which of the following policy?
A. HR policy
B. Internet Usage policy
C. Acceptable Use policy
D. Equipment Disposal policy
21. Which of the following can be triggered in case of a violation of a policy by an employee?
A. Employment termination
B. Disciplinary process
C. Both A & B
D. None of them
22. A ________ exercise should be completed before the audit or review is started and a
checklist should be developed to measure the efficacy of the assurance controls.
A. Inventory
B. Gap Assessment
C. Scoping
D. Risk Assessment
23. Once the results of an audit or review is recorded within a formal report and presented by
the reviewer to both senior management and the manager, which type of plan should be
agreed upon by both the reviewer and the senior management?
A. A governance plan
B. A security framework plan
C. A risk assessment plan
D. A corrective action plan
24. An information security strategy should normally consider the trends in threats and
vulnerabilities to potential types of incidents and areas where cost savings can be made.
True or False?
Answer: ……….….
True
25. There are normally five phases in the management of an incident. Reporting, Investigation,
Corrective action, Review and:
A. Assessment
B. Planning
C. Act
D. Audit
26. Any organisation must ensure it is abiding by the requirements of the country’s ________
before providing any information to a third party, even if they are a law enforcement body.
A. ICT Act
B. Data Protection Act
C. Cybersecurity & Cybercrime Act
D. Electronic Transaction Act
A. MAUCORS
B. M-CORS
C. Government portal
D. CSU website
A. Containment
B. Preventive
C. Detection
D. Recovery
30. An information security strategy is a plan to take the assurance function within an
organisation from the reality of where it is now, with all its problems and issues, to an
improved state in the future.
True or False?
Answer: …….….
True