Home > Information Security > Quizzes > Information Security Associate Exam - SkillFront Exam Questions
Information Security Associate Exam - SkillFront Exam Questions
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 26% Most missed: “Which of the following contains references to expected business continuity plann…”
Information Security Associate Exam - SkillFront Exam Questions
Time left 00:00
25 Questions

1. Taking organizational security measures is inseparably linked with all other measures that have to be taken. What is the name of the system that guarantees the coherence of information security in the organization? (1)
2. When an organization processes information in a confidential nature and is legally obliged to implement the highest-level security measures, what type of a risk management strategy does it need to use?
3. Which sections are included in the ISO/IEC 27001?
4. Which is the sub-process that is included in the cyclical process of the audit program?
5. Who is responsible for the internal ISMS audits, plans, and manages the audits?
6. A properly implemented risk analysis provides a considerable amount of useful information. A risk analysis has four main objectives. Which one is NOT one of the four main objectives of risk analysis?
7. Which step is NOT included in the Information Risk Assessment Process?
8. Why do organizations have an information security policy?
9. What is the benefit of certified compliance with ISO/IEC 27001 by a respected certification body?
10. What should be included in the operational planning and control documents?
11. What are the requirements for the SoA (Statement of Applicability)?
12. Which answer is NOT an objective to the internal audits that the organization shall conduct at planned intervals?
13. Why is the ISO Step-By-Step Implementation Guide so crucial for the organization?
14. What are the typical duties of the security leadership role?
15. What is NOT the right course of action for the organization when a nonconformity occurs?
16. What should the review of the organization’s information security management system include?
17. Which department of the organization is responsible for the establishment of the information security policy?
18. What is the primary goal of writing an Information Security Policy?
19. Which is NOT one of the characteristics of an information security objective?
20. When an audit program in the organization must be planned and implemented, which aspects should be considered?
21. Which points shall the Information Security Policy contain?
22. Which step is essential so that an organization can achieve its information security objectives?
23. Which of the following contains references to expected business continuity planning practices that organizations must implement?
24. What should an organization document as evidence of the monitoring and measurement of information security?
25. What is NOT a risk treatment option based on ISO/IEC 27001?