- All Exams Instant Download
Phishing is what type of Information Security Incident?
Phishing is what type of Information Security Incident? A. Private Incidents B. Cracker/Hacker Attacks C. Technical Vulnerabilities D. Legal IncidentsView AnswerAnswer: B Explanation: Phishing is a type of information security incident that falls under the category of cracker/hacker attacks. Phishing is a form of fraud that uses deceptive emails or...
Implement plan on a test basis - this comes under which section of PDCA
Implement plan on a test basis - this comes under which section of PDCAA . PlanB . DoC . ActD . CheckView AnswerAnswer: B Explanation: The PDCA cycle is a four-step method for managing and improving processes. The steps are Plan, Do, Check, and Act. In the Plan phase, the...
Which three of the following options represent valid audit trails?
You are conducting a third-party surveillance audit when another member of the audit team approaches you seeking clarification. They have been asked to assess the organisation's application of control 5.7 - Threat Intelligence. They are aware that this is one of the new controls introduced in the 2022 edition of...
Which one of the following options best describes the main purpose of a Stage 1 third-party audit?
Which one of the following options best describes the main purpose of a Stage 1 third-party audit?A . To introduce the audit team to the clientB . To learn about the organisation's procurementC . To determine redness for a stage 2 auditD . To check for legal compliance by the...
The following are the guidelines to protect your password, except:
The following are the guidelines to protect your password, except:A . Don't use the same password for various company system security accessB . Do not share passwords with anyoneC . For easy recall, use the same password for company and personal accountsD . Change a temporary password on first log-onView...
Which six of the following would cause you concern in respect of conformity to ISO/IEC 27001:2022 requirements?
The data center at which you work is currently seeking ISO/IEC27001:2022 certification. In preparation for your initial certification visit a number of internal audits have been carried out by a colleague working at another data centre within your Group. They secured their ISO/IEC 27001:2022 certificate earlier in the year. You...
What should the correct answers be?
DRAG DROP You have just completed a scheduled information security audit of your organisation when the IT Manager approaches you and asks for your assistance in the revision of the company's risk management process. He is attempting to update the current documentation to make it easier for other managers to...
Which two of the following statements are true?
Which two of the following statements are true?A . The role of a certification body auditor involves evaluating the organisation's processes for ensuring compliance with their legal requirementsB . Curing a third-party audit, the auditor evaluates how the organisation ensures that 4 6 made aware of changes to the legal...
Which of the following is not a type of Information Security attack?
Which of the following is not a type of Information Security attack?A . Legal IncidentsB . Vehicular IncidentsC . Technical VulnerabilitiesD . Privacy IncidentsView AnswerAnswer: B Explanation: Vehicular incidents are not a type of information security attack. A vehicular incident is an event that involves a vehicle or its driver...
Which four of the following should she answer 'that is true'?
You are an experienced ISMS audit team leader. During the conducting of a third-party surveillance audit, you decide to test your auditee's knowledge of ISO/IEC 27001's risk management requirements. You ask her a series of questions to which the answer is either 'that is true' or 'that is false'. Which...
