FREE ISO 27000 Foundation ISO 27000 Family of Standards Questions and Answers

Question 1

An organization is implementing an Information Security Management System (ISMS) and needs detailed, practical guidance on how to implement the specific security controls listed in Annex A of ISO/IEC 27001.
Which standard in the ISO 27000 family should they primarily consult for this purpose?

Accepted Answer

ISO/IEC 27002

Answer

ISO/IEC 27005

Answer

ISO/IEC 27701

Answer

ISO/IEC 27000

Question 2

A company has successfully implemented an ISMS based on ISO/IEC 27001 and now wants to extend it to cover privacy management and the processing of Personally Identifiable Information (PII), aligning with regulations like GDPR. Which standard provides the requirements and guidance for establishing a Privacy Information Management System (PIMS) as an extension to an ISMS?

Accepted Answer

ISO/IEC 27701

Answer

ISO/IEC 27018

Answer

ISO/IEC 27005

Answer

ISO/IEC 29100

Question 3

During an ISO/IEC 27001 audit, the auditor will ask for a key document that lists all controls from Annex A, indicates whether they have been implemented, and provides a justification for any exclusions. What is this mandatory document called?

Accepted Answer

Statement of Applicability (SoA)

Answer

Risk Treatment Plan

Answer

Information Security Policy

Answer

ISMS Scope Document

Question 4

An organization is in the 'Check' phase of the Plan-Do-Check-Act (PDCA) cycle for its ISMS. Which of the following activities is most characteristic of this phase?

Accepted Answer

Monitoring and reviewing the ISMS performance against policies.

Answer

Establishing ISMS policies and objectives.

Answer

Implementing and operating the security controls.

Answer

Taking corrective actions to address non-conformities.

Question 5

A risk assessment team is following the process outlined in ISO/IEC 27005. After identifying risks and analyzing their potential impact and likelihood, what is the immediate next step in the risk management process before deciding on risk treatment?

Accepted Answer

Risk Evaluation

Answer

Risk Acceptance

Answer

Risk Communication

Answer

Context Establishment

Question 6

Which of the following BEST describes the relationship between ISO/IEC 27001 and ISO/IEC 27002?

Accepted Answer

ISO/IEC 27002 defines the audit process, while ISO/IEC 27001 lists the auditable controls.

Answer

ISO/IEC 27001 provides the vocabulary, while ISO/IEC 27002 provides the requirements for certification.

Answer

ISO/IEC 27002 is the main standard for certification, and ISO/IEC 27001 is a sector-specific guideline.

Answer

ISO/IEC 27001 specifies the requirements for an ISMS, while ISO/IEC 27002 provides detailed guidance for implementing controls.