ISO 27000 Foundation Annex A Control Themes Questions and Answers

Question 1

An organization is updating its information security policies to include guidelines for the use of cloud services, threat intelligence, and ICT readiness for business continuity.
According to the ISO 27001:2022 Annex A structure, these controls primarily fall under which theme?

Accepted Answer

Organizational Controls

Answer

People Controls

Answer

Physical Controls

Answer

Technological Controls

Question 2

A company is implementing a 'Clean Desk and Clear Screen' policy, installing privacy screens on monitors in open-plan offices, and establishing procedures for the secure disposal of storage media. These measures are examples of controls from which Annex A theme?

Accepted Answer

Physical Controls

Answer

Organizational Controls

Answer

Technological Controls

Answer

People Controls

Question 3

A financial institution is conducting a security review. They are evaluating the effectiveness of their employee security awareness training, background verification screening for new hires, and the formal disciplinary process for security violations. Which Annex A control theme are they focusing on?

Accepted Answer

People Controls

Answer

Organizational Controls

Answer

Technological Controls

Answer

Physical Controls

Question 4

Which of the following controls is a primary example of a Technological Control as defined in the ISO 27001:2022 Annex A themes?

Accepted Answer

Management of privileged access rights

Answer

Information security awareness, education, and training

Answer

Securing offices, rooms, and facilities

Answer

Information security policy and procedures

Question 5

A startup is building its Information Security Management System (ISMS). To protect its source code and customer data, the IT team is tasked with implementing data masking, web filtering, and secure coding practices. These controls belong to which of the four main Annex A themes?

Accepted Answer

Technological Controls

Answer

Organizational Controls

Answer

People Controls

Answer

Physical Controls

Question 6

The ISO 27001:2022 standard restructured the Annex A controls from 14 domains into four main themes. Which theme encompasses the broadest, highest-level controls concerning information security governance, policies, and risk management?

Accepted Answer

Organizational Controls

Answer

Physical Controls

Answer

People Controls

Answer

Technological Controls