FREE ISO 27000 Foundation ISMS Fundamentals and Vocabulary Questions and Answers

Question 1

According to ISO/IEC 27000, which of the following BEST defines 'confidentiality' as a core principle of information security?

Accepted Answer

The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

Answer

ISO/IEC 27000:2018 explicitly defines confidentiality as 'the property that information is not made available or disclosed to unauthorized individuals, entities, or processes'. This is a fundamental component of the CIA triad, which forms the basis of information security.

Question 2

A financial company identifies that a disgruntled former employee still possesses network access credentials. In the context of an ISMS based on ISO 27000, what does this situation primarily represent?

Accepted Answer

A threat

Answer

ISO/IEC 27000 defines a threat as a 'potential cause of an unwanted incident, which may result in harm to a system or organization'. The disgruntled former employee with credentials is the potential cause of an incident; they are the threat agent.

Question 3

Which standard in the ISO 27000 family provides the overview, fundamental principles, and vocabulary for Information Security Management Systems (ISMS)?

Accepted Answer

ISO/IEC 27000

Answer

ISO/IEC 27000 is the foundational standard in the series. It provides a comprehensive overview of ISMS, introduces key concepts, and, most importantly, establishes the formal terms and definitions used throughout the entire ISO/IEC 27000 family of standards.

Question 4

An organization's server room lacks a fire suppression system. According to the vocabulary of ISO 27000, this deficiency is best described as a(n):

Accepted Answer

Vulnerability

Answer

A vulnerability is defined as a 'weakness of an asset or control that can be exploited by one or more threats'. The absence of a fire suppression system is a weakness in the physical protection of the server room asset, which could be exploited by a threat (i.e., a fire).

Question 5

What are the three core components of the CIA triad, as defined in ISO/IEC 27000, that an ISMS is designed to preserve?

Accepted Answer

Confidentiality, Integrity, and Availability

Answer

ISO/IEC 27000 defines the three fundamental principles of information security as the CIA triad: Confidentiality, Integrity, and Availability. These three principles are the cornerstone of an ISMS and represent the primary objectives for protecting information assets.

ISO 27000 Foundation Certification Practice Test

ISO 27000 Foundation Certification Practice Test

FREE ISO 27000 Foundation ISMS Fundamentals and Vocabulary Questions and Answers