1/13/2021 SkillFront Certification Examination

SKILLFRONT

Examination of ISO/IEC 27001 Information Security Associate™

Dear,

Welcome to the examination of the ISO/IEC 27001 Information Security Associate™ Course and Certification Program. The
following test examination is presented to you after your successful registration for ISO/IEC 27001 Information Security
Associate™. We congratulate and thank you again for your trust in our programs!

To complete the test, you're given 60 minutes and an additional 5 minutes, which you are spending to read this introduction
before you start the test. After you select the correct answer for each question, you submit your answers to SkillFront by
using the "Submit Answers" button at the very bottom of this page. We highly recommend you to answer all of the questions.
If you're uncertain about answers to some questions, please try to make your best guesses to increase your chances of
success.

After submitting your answers, you will immediately receive your test score per our website, and per email, you provided us
during your registration. Once you correctly answer at least 60% of the questions, you will successfully earn:

1. Your Certification of ISO/IEC 27001 Information Security Associate™ and

2. Your Shareable Digital Badge of ISO/IEC 27001 Information Security Associate™.

This test is the sole property of SkillFront, and International Copyright Laws protect it. You cannot modify the test contents
or reproduce, display, publicly perform, distribute, or otherwise use the test contents in any way for any public or commercial
purpose. The use of this test contents on any other website or in a network computer environment for any purpose is strictly
prohibited.

We wish you the best of luck in this test examination!

SkillFront

Examination Start Date and Time: 13/01/2021 22:43:58

Examination Completion Date and Time: 13/01/2021 23:43:58

QUESTION 1

Which of the following contains references to expected business continuity planning practices that organizations must
implement?

ISO 27005:2008, section 8

ISO 27001:2005, annex A

ISO 17799:2008,section 1

ISO 27002:2005, section 10

QUESTION 2
Which sections are included in the ISO/IEC 27001?

https://www.skillfront.com/Examination 1/9
1/13/2021 SkillFront Certification Examination

Operation: it contains a bit more detail about assessing and treating information risks, managing changes, and
documenting things

Introduction: the standard describes a process for systematically managing information risks

Planning: outlines the process to identify, analyze, and plan to treat information risks and clarify information security
objectives.

All the choices above.

QUESTION 3

What are the requirements for the SoA (Statement of Applicability)?

It must not be explicitly defined.

It is a mandatory requirement.

It should contain the risk treatment options.

All the choices above.

QUESTION 4
Taking organizational security measures is inseparably linked with all other measures that have to be taken. What is the name
of the system that guarantees the coherence of information security in the organization? (1)

Information Security Management System (ISMS)

Security regulations for special information for the government

Rootkit

None of the choices above

QUESTION 5
Which steps can be included in the Phase Model for ISMS Scope Definition and SoA Awareness Campaigns? (4)

Raising Awareness

Assessing requirements

Evaluating effectiveness

All the choices above.

QUESTION 6

https://www.skillfront.com/Examination 2/9
1/13/2021 SkillFront Certification Examination

When determining the scope of the information security management system, which one is a FALSE consideration?

The requirements shall be considered.

The external and internal issues shall be considered.

The scope shall not be available as documented information.

The interfaces and dependencies between activities performed by the organization and those that are performed by
other organizations.

QUESTION 7

Which department of the organization is responsible for the establishment of the information security policy?

Top management.

Marketing department.

Human Ressource department.

IT department.

QUESTION 8

Which points shall the Information Security Policy contain?

Including a commitment to satisfy applicable requirements related to information security.

Including a commitment to continual improvement of the information security management system.

Including information security objectives or providing the framework for setting information security objectives.

All the choices above.

QUESTION 9

Why do organizations have an information security policy?

To give direction to how information security is set up within an organization.

To ensure that everyone knows who is responsible for carrying out the backup procedures.

To demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.

To ensure that staff does not break any laws.

QUESTION 10

https://www.skillfront.com/Examination 3/9
1/13/2021 SkillFront Certification Examination

Which step is NOT included in the Information Risk Assessment Process?

Identifying information security risks.

Formulate an information security risk treatment plan.

Analyze information security risks.

Evaluate information security risks.

QUESTION 11

A properly implemented risk analysis provides a considerable amount of useful information. A risk analysis has four main
objectives. Which one is NOT one of the four main objectives of risk analysis?

Determining relevant vulnerabilities and threats.

Identifying assets and their value.

Determining the costs of threats.

Establishing a balance between the costs of an incident and the costs of a security measure.

QUESTION 12

When an organization processes information in a confidential nature and is legally obliged to implement the highest-level
security measures, what type of a risk management strategy does it need to use?

Risk neutral.

Risk bearing.

Risk avoiding.

All of the choices above.

QUESTION 13
Which steps does an information risk treatment include?

Select appropriate information security risk treatment options, taking account of the risk assessment results.

Formulate an information security risk treatment plan.

Determine all necessary controls to implement the information security risk treatment option chosen.

All the choices above.

QUESTION 14

https://www.skillfront.com/Examination 4/9
1/13/2021 SkillFront Certification Examination

Which is NOT one of the characteristics of an information security objective?

To be measurable.

To be constant and not be updated as appropriate.

To be consistent with the information security policy.

To be communicated.

QUESTION 15

Which step is essential so that an organization can achieve its information security objectives?

Who will be responsible.

What resources will be required.

What will be done.

All the choices above.

QUESTION 16

What should be included in the operational planning and control documents?

The organization shall keep documented information to have confidence that the processes have been carried as
planned.

The organization shall ensure that outsourced processes are determined and controlled.

The organization shall control planned changes and review the consequences of unintended changes.

All the choices above.

QUESTION 17
What is NOT a risk treatment option based on ISO/IEC 27001?

Risk Avoidance.

Risk Awareness.

Risk Reduction.

Risk Transfer.

QUESTION 18

https://www.skillfront.com/Examination 5/9
1/13/2021 SkillFront Certification Examination

What should an organization document as evidence of the monitoring and measurement of information security?

Who shall monitor and measure.

What needs to be monitored and measured, including information security processes and controls.

When the monitoring and measuring shall be performed.

All the choices above.

QUESTION 19
Which answer is NOT an objective to the internal audits that the organization shall conduct at planned intervals?

The organization shall define the audit criteria and scope for each audit.

The organization shall plan, establish, and maintain an audit program.

The organization shall select auditors and conduct audits that ensure partiality and subjectivity of the audit process.

The organization shall ensure that the results of the audits are reported to the relevant management.

QUESTION 20
What should the review of the organization's information security management system include?

Changes in external and internal issues, which are relevant to the information security management system.

Nonconformities and corrective actions.

Opportunities for continual improvement.

All the choices above.

QUESTION 21

What is NOT the right course of action for the organization when a nonconformity occurs?

The information security management system should remain unchanged.

The organization should evaluate the need for action to eliminate the causes of nonconformity.

The organization should review the effectiveness of any corrective action taken.

The organization should take action to control and correct it and deal with the consequences.

QUESTION 22

What is the benefit of certified compliance with ISO/IEC 27001 by a respected certification body?

https://www.skillfront.com/Examination 6/9
1/13/2021 SkillFront Certification Examination

It demonstrates that it is a quality organization.

The certificate has marketing potential and brand value.

It demonstrates that the organization takes information security management seriously.

All the choices above.

QUESTION 23

When an audit program in the organization must be planned and implemented, which aspects should be considered?

Roles and responsibilities within the teams.

Frequency of audits.

Planning requirements for the audits.

All the choices above.

QUESTION 24

Who is responsible for the internal ISMS audits, plans, and manages the audits?

ISMS officer/CISO.

CEO of the organization.

External audit team.

None of the choices above.

QUESTION 25
Which is the sub-process that is included in the cyclical process of the audit program?

Planning specific audit activities.

Defining general audit criteria.

Reviewing and improvement of the audit activities by the management.

All the choices above.

QUESTION 26

Why is the ISO Step-By-Step Implementation Guide so crucial for the organization?

https://www.skillfront.com/Examination 7/9
1/13/2021 SkillFront Certification Examination

In this checklist, you have the main steps to implement ISO 27001 easy in your organization.

If you follow this Guide, the organization can achieve the ISO 27001 certification.

The Guide shows the organization Step-By-Step an easy way to implement the ISO 27001.

All the choices above.

QUESTION 27
What is the primary goal of writing an Information Security Policy?

It should be very detailed.

It should define advanced requirements for information security in the organization.

The management should define what it wants to achieve and how to control it.

None of the choices above.

QUESTION 28
What is the purpose of performing the Risk Assessment & Risk Treatment?

By implementing the risk assessment, the point is to get a comprehensive picture of the internal and external dangers
to the organization's information.

The purpose of the risk treatment process is to decrease the risks that are not acceptable.

A Risk Assessment Report is essential, which documents all the steps taken during the risk assessment and risk
treatment process.

All the choices above.

QUESTION 29

When an organization implements an ISO/IEC 27001 compliance program, what is NOT one of the required tasks?

They must, for example, configure the firewall in the organization.

They must know what is going on in the ISMS and make some crucial decisions.

The management must ensure that everyone performs their duties.

The management must ensure that the ISMS is achieving the desired results.

QUESTION 30

What are the typical duties of the security leadership role?

https://www.skillfront.com/Examination 8/9
1/13/2021 SkillFront Certification Examination

Setting the strategic objective, building the security road-map, allocating budget, and human resources.

Defining the security program's context, including aligning the program to business objectives and ensuring appropriate
stakeholders have been considered.

Developing, tracking, and reporting security Key performance indicators (KPIs) to relevant stakeholders.

All the choices above.

􏄤
 Submit Answers

©2021 SkillFront - All Rights Reserved

https://www.skillfront.com/Examination 9/9