ISO 27001 INTERNAL AUDITOR
EXAM WITH CORRECT QUESTIONS
AND ANSWERS 2025
I. What is ISO 27001? - CORRECT-ANSWERSan internationally recognized
standard, that specifies the requirements for establishing, implementing
and maintaining information Security Management System (ISMS)
II. Top management responsibilities - CORRECT-ANSWERSsetting the general
roles and responsibilities for ISMS and defined the contents of the top-level
information security policy
III. information - CORRECT-ANSWERSAn asset, which has value for the
organization and needs to be protected.
IV. Information security - CORRECT-ANSWERSensuring the confidentiality,
integrity and availability of information
V. Confidentiality - CORRECT-ANSWERSAssurance of data privacy, allows
authorized persons to access the information
VI. Integrity - CORRECT-ANSWERSAssurance that only authorized persons are
able to modify the data.
,VII. Availability - CORRECT-ANSWERSAssurance of the timely and reliable
access to data and services for authorized users.
VIII. Is information security wider concept than IT security - CORRECT-
ANSWERSYES
IX. PDCA cycle - CORRECT-ANSWERSPlan, Do, Check, Act a 4-phase method
used in all ISO management standards for controlling and continuous
improvement of processes and systems.
X. Plan (PDCA Cycle) - CORRECT-ANSWERSWhat to achieve and how to do
it; Understanding the context of the company, defining the scope,
planning the information security policy, conduct risk assessment,
document SOA and Risk treatment plan
XI. Do (PDCA Cycle) - CORRECT-ANSWERSImplementing the plan for in the
previous phase; Implementation of Risk treatment plan on regular basis
and various controls and processes in order to achieve information
security objectives.
XII. Check (PDCA Cycle) - CORRECT-ANSWERSConfirming if things went as
planned, and if the desired objectives were achieved; Regular monitoring
and measuring internal audits, management reviews.
, XIII. Act (PDCA Cycle) - CORRECT-ANSWERSImproving the way we do things;
Implementing corrective actions and improvement initiatives
XIV. Is Identify information security risks part of the Plan phase - CORRECT-
ANSWERSYES
XV. Is the activity Conduct internal audit part of the Plan Phase? - CORRECT-
ANSWERSNo
XVI. Is the activity Based on the results from the risk assessment, choose
controls and document a Statement of applicability part of the Plan
Phase? - CORRECT-ANSWERSYES
XVII. Is the activity Document the Information Security Policy part of the Plan
Phase? - CORRECT-ANSWERSYES
XVIII. Is the activity Implementing improvements part of the Plan Phase? -
CORRECT-ANSWERSNo
XIX. Project Manager - CORRECT-ANSWERSPerson who will coordinate the ISO
27001 implementation project in the company
XX. Project Team - CORRECT-ANSWERSThe persons that will under the
coordination of the project manager will be included in the documenting
EXAM WITH CORRECT QUESTIONS
AND ANSWERS 2025
I. What is ISO 27001? - CORRECT-ANSWERSan internationally recognized
standard, that specifies the requirements for establishing, implementing
and maintaining information Security Management System (ISMS)
II. Top management responsibilities - CORRECT-ANSWERSsetting the general
roles and responsibilities for ISMS and defined the contents of the top-level
information security policy
III. information - CORRECT-ANSWERSAn asset, which has value for the
organization and needs to be protected.
IV. Information security - CORRECT-ANSWERSensuring the confidentiality,
integrity and availability of information
V. Confidentiality - CORRECT-ANSWERSAssurance of data privacy, allows
authorized persons to access the information
VI. Integrity - CORRECT-ANSWERSAssurance that only authorized persons are
able to modify the data.
,VII. Availability - CORRECT-ANSWERSAssurance of the timely and reliable
access to data and services for authorized users.
VIII. Is information security wider concept than IT security - CORRECT-
ANSWERSYES
IX. PDCA cycle - CORRECT-ANSWERSPlan, Do, Check, Act a 4-phase method
used in all ISO management standards for controlling and continuous
improvement of processes and systems.
X. Plan (PDCA Cycle) - CORRECT-ANSWERSWhat to achieve and how to do
it; Understanding the context of the company, defining the scope,
planning the information security policy, conduct risk assessment,
document SOA and Risk treatment plan
XI. Do (PDCA Cycle) - CORRECT-ANSWERSImplementing the plan for in the
previous phase; Implementation of Risk treatment plan on regular basis
and various controls and processes in order to achieve information
security objectives.
XII. Check (PDCA Cycle) - CORRECT-ANSWERSConfirming if things went as
planned, and if the desired objectives were achieved; Regular monitoring
and measuring internal audits, management reviews.
, XIII. Act (PDCA Cycle) - CORRECT-ANSWERSImproving the way we do things;
Implementing corrective actions and improvement initiatives
XIV. Is Identify information security risks part of the Plan phase - CORRECT-
ANSWERSYES
XV. Is the activity Conduct internal audit part of the Plan Phase? - CORRECT-
ANSWERSNo
XVI. Is the activity Based on the results from the risk assessment, choose
controls and document a Statement of applicability part of the Plan
Phase? - CORRECT-ANSWERSYES
XVII. Is the activity Document the Information Security Policy part of the Plan
Phase? - CORRECT-ANSWERSYES
XVIII. Is the activity Implementing improvements part of the Plan Phase? -
CORRECT-ANSWERSNo
XIX. Project Manager - CORRECT-ANSWERSPerson who will coordinate the ISO
27001 implementation project in the company
XX. Project Team - CORRECT-ANSWERSThe persons that will under the
coordination of the project manager will be included in the documenting
