Question 1

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

Options :

A : Identifying assets and their value

B : Implementing counter measures

C : Establishing a balance between the costs of an incident and the costs of a security measure

D : Determining relevant vulnerabilities and threats

Answer: B

Question 2

Which of the following does a lack of adequate security controls represent?

Options :

A : Asset

B : Vulnerability

C : Impact

D : Threat

Answer: B

Question 3

Phishing is what type of Information Security Incident?

Options :

A : Private Incidents

B : Cracker/Hacker Attacks

C : Technical Vulnerabilities

D : Legal Incidents

Answer: B

Question 4

Below is Purpose of 'Integrity', which is one of the Basic Components of Information Security

Options :

A : the property that information is not made available or disclosed to unauthorized individuals

B : the property of safeguarding the accuracy and completeness of assets.

C : the property of being accessible and usable upon demand by an authorized entity.

Answer: B

Question 5

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an

organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure?

Options :

A : Appoint security staff

B : Encrypt all sensitive information

C : Formulate a policy

D : Set up an access control procedure

Answer: C

Higher Test Marks with Free Online ISO27-13-001 Exam Practice

Buying Options: