ISO27001-final Exam with
Correct/Verified Answers 2026
Updated.
What does the ISO/IEC 27001 standard provide? - Answer Requirements for an information
security management system
Organizations can obtain certification against the ISO/IEC 27002 standard if they implement all
of its information security controls. - Answer False
The implementation of ISO/IEC 27001 is a legal requirement in most countries. - Answer
False
What is the aim of laws with regard to intellectual property rights? - Answer Protecting
certain intangible assets
Which of the following is one of the objectives of the privacy protection policy? - Answer To
increase awareness regarding the legal requirements for protecting personal information
When does the surveillance audit take place? - Answer After obtaining certification
ISO performs accreditation and certification activities - Answer False
Which of the statements holds true with certification bodies? - Answer Certification bodies
are accredited by accreditation bodies
A third party that performs the assessment of conformity of management systems is: - Answer
A certification body
Your Market is a market research company which helps its customers determine which products
and services are on demand. The company is currently evaluating the effectiveness of its
information security controls through an ISMS audit. What is Your Market in this case? - Answer
An auditee
According to ISO 9000, what is an asset? - Answer Item or entity that has potential or actual
value to an organization
, What is the difference between specifications and records? - Answer Specifications are
documents that state requirements, whereas records are documents that state achieved results
A former employee of Company A has gained unauthorized access to the company's sensitive
information. What does this present? - Answer A threat that has the potential to harm the
assets of the organization, such as information or systems
With which of the following principles does an organization comply if it ensures that only
authorized users have access to their sensitive data? - Answer Confidentiality
What does the integrity principle entail? - Answer That information is accurate and safe from
unauthorized access
Which of the options below represents an example of a vulnerability? - Answer Unencrypted
data
What can have an impact on the availability of information? - Answer Performance
degradation
An organization has clearly defined the security procedures and uses an access control software
to avoid unauthorized access of the personnel to its confidential data. What is the function of
these security controls? - Answer To prevent the occurrence of incidents
To which classification of security controls does the implementation of patches after the
identification of system vulnerabilities belong? - Answer Corrective by function and technical
by type
What is one of the main purposes of implementing an ISMS? - Answer To reduce information
security risks
Which of the statements below regarding the ISMS scope is correct? - Answer The ISMS
scope must be available as documented information
Who is responsible for establishing the information security policy according to ISO/IEC 27001? -
Answer The top management
What criteria should be considered when selecting a risk assessment methodology? - Answer
Costs and availability of supporting software tools
Correct/Verified Answers 2026
Updated.
What does the ISO/IEC 27001 standard provide? - Answer Requirements for an information
security management system
Organizations can obtain certification against the ISO/IEC 27002 standard if they implement all
of its information security controls. - Answer False
The implementation of ISO/IEC 27001 is a legal requirement in most countries. - Answer
False
What is the aim of laws with regard to intellectual property rights? - Answer Protecting
certain intangible assets
Which of the following is one of the objectives of the privacy protection policy? - Answer To
increase awareness regarding the legal requirements for protecting personal information
When does the surveillance audit take place? - Answer After obtaining certification
ISO performs accreditation and certification activities - Answer False
Which of the statements holds true with certification bodies? - Answer Certification bodies
are accredited by accreditation bodies
A third party that performs the assessment of conformity of management systems is: - Answer
A certification body
Your Market is a market research company which helps its customers determine which products
and services are on demand. The company is currently evaluating the effectiveness of its
information security controls through an ISMS audit. What is Your Market in this case? - Answer
An auditee
According to ISO 9000, what is an asset? - Answer Item or entity that has potential or actual
value to an organization
, What is the difference between specifications and records? - Answer Specifications are
documents that state requirements, whereas records are documents that state achieved results
A former employee of Company A has gained unauthorized access to the company's sensitive
information. What does this present? - Answer A threat that has the potential to harm the
assets of the organization, such as information or systems
With which of the following principles does an organization comply if it ensures that only
authorized users have access to their sensitive data? - Answer Confidentiality
What does the integrity principle entail? - Answer That information is accurate and safe from
unauthorized access
Which of the options below represents an example of a vulnerability? - Answer Unencrypted
data
What can have an impact on the availability of information? - Answer Performance
degradation
An organization has clearly defined the security procedures and uses an access control software
to avoid unauthorized access of the personnel to its confidential data. What is the function of
these security controls? - Answer To prevent the occurrence of incidents
To which classification of security controls does the implementation of patches after the
identification of system vulnerabilities belong? - Answer Corrective by function and technical
by type
What is one of the main purposes of implementing an ISMS? - Answer To reduce information
security risks
Which of the statements below regarding the ISMS scope is correct? - Answer The ISMS
scope must be available as documented information
Who is responsible for establishing the information security policy according to ISO/IEC 27001? -
Answer The top management
What criteria should be considered when selecting a risk assessment methodology? - Answer
Costs and availability of supporting software tools
