CSC - Cybersecurity Compliance ISO 27001 Controls Questions and Answers

Question 1

A financial services company is migrating its customer relationship management (CRM) system to a public cloud service. According to ISO 27001:2022 Annex A, which control specifically requires the company to establish and manage information security requirements for this transition and ongoing use?

Accepted Answer

A.5.23 Information security for use of cloud services

Answer

ISO 27001:2022 control A.5.23 requires organizations to establish processes for the acquisition, use, management, and exit from cloud services in accordance with their information security requirements. This control directly addresses the scenario of migrating to and using a public cloud service.

Question 2

An organization's security team has implemented a SIEM tool to collect logs from various systems. To comply with ISO 27001:2022 control A.8.16, what is the most critical next step?

Accepted Answer

Actively analyze the collected data for anomalous behavior.

Answer

ISO 27001:2022 control A.8.16, 'Monitoring activities', requires that networks, systems, and applications be monitored for anomalous behavior. Simply collecting logs (covered under A.8.15) is not sufficient; the key is the active analysis of this data to detect potential security incidents.

Question 3

A marketing manager needs to send a file containing sensitive customer data to an external printing vendor. Which of the following ISO 27001:2022 controls provides the most relevant guidance for protecting this data in transit?

Accepted Answer

A.5.14 Information transfer

Answer

ISO 27001:2022 control A.5.14, 'Information transfer', mandates that rules, procedures, or agreements must be in place to protect information during all forms of transfer, whether electronic or physical, within the organization or to third parties. This directly applies to sending sensitive data to an external vendor.

Question 4

A company is developing a new remote work policy. To align with ISO 27001:2022 control A.6.7, which of the following aspects is MOST crucial to include?

Accepted Answer

Security measures for information accessed, processed, or stored outside the organization's premises.

Answer

ISO 27001:2022 control A.6.7, 'Remote working', requires that security measures be implemented when personnel are working remotely to protect information accessed, processed, or stored outside the organization's premises. This includes technical, physical, and procedural controls.

Question 5

Which of the following ISO 27001:2022 controls is considered a 'Technological' control?

Accepted Answer

A.8.28 Secure coding

Answer

In the ISO 27001:2022 revision, controls are grouped into four themes: Organisational, People, Physical, and Technological. A.8.28 'Secure coding' is explicitly listed under the Technological controls theme, as it pertains to the technical implementation of security within software.

(CSC) Cybersecurity Compliance Certification Practice Test

(CSC) Cybersecurity Compliance Certification Practice Test

CSC - Cybersecurity Compliance ISO 27001 Controls Questions and Answers