CSC - Cybersecurity Compliance ISO 27001 Controls Questions and Answers

Question 1

A financial services company is migrating its customer relationship management (CRM) system to a public cloud service.
According to ISO 27001:2022 Annex A, which control specifically requires the company to establish and manage information security requirements for this transition and ongoing use?

Accepted Answer

A.5.23 Information security for use of cloud services

Answer

A.5.1 Policy for information security

Answer

A.8.1 User endpoint devices

Answer

A.5.19 Information security in supplier relationships

Question 2

An organization's security team has implemented a SIEM tool to collect logs from various systems. To comply with ISO 27001:2022 control A.8.16, what is the most critical next step?

Accepted Answer

Actively analyze the collected data for anomalous behavior.

Answer

Ensure log data is encrypted at rest.

Answer

Archive the logs for a period of seven years.

Answer

Restrict access to the SIEM tool to senior management only.

Question 3

A marketing manager needs to send a file containing sensitive customer data to an external printing vendor. Which of the following ISO 27001:2022 controls provides the most relevant guidance for protecting this data in transit?

Accepted Answer

A.5.14 Information transfer

Answer

A.8.24 Use of cryptography

Answer

A.5.10 Acceptable use of information and other associated assets

Answer

A.7.4 Physical security monitoring

Question 4

A company is developing a new remote work policy. To align with ISO 27001:2022 control A.6.7, which of the following aspects is MOST crucial to include?

Accepted Answer

Security measures for information accessed, processed, or stored outside the organization's premises.

Answer

A list of approved company holidays.

Answer

Requirements for employees' internet connection speed.

Answer

A clause mandating the use of company-provided coffee mugs.

Question 5

Which of the following ISO 27001:2022 controls is considered a 'Technological' control?

Accepted Answer

A.8.28 Secure coding

Answer

A.6.3 Information security awareness, education and training

Answer

A.5.1 Policies for information security

Answer

A.7.2 Physical entry

Question 6

A hospital's IT team is concerned about ransomware attacks. They have implemented antivirus software on all endpoints and servers. To enhance their defenses in line with ISO 27001 principles for malware protection, what additional measure should they prioritize?

Accepted Answer

Conducting user awareness training on phishing and social engineering.

Answer

Increasing the physical security of the data center.

Answer

Negotiating lower software licensing fees with the antivirus vendor.

Answer

Decommissioning all legacy operating systems immediately.

A financial services company is migrating its customer relationship management (CRM) system to a public cloud service.According to ISO 27001:2022 Annex A, which control specifically requires the company to establish and manage information security requirements for this transition and ongoing use?

A financial services company is migrating its customer relationship management (CRM) system to a public cloud service.
According to ISO 27001:2022 Annex A, which control specifically requires the company to establish and manage information security requirements for this transition and ongoing use?