ISO 27001 MODULE 1-3QUESTIONS
EXAM WITH CORRECT QUESTIONS
AND ANSWERS 2025
A list of required documentation. - CORRECT-ANSWERSScope of ISMS
Information secuirty and risk treatment
Information secuirty policy and objectives
Statement of Applicability
Risk treatment plan
Risk treatment report
Records of training, skills experience and qualifications
Monitoring measurement results
Internal audit program
Results of internal audit
Results of mangement review
Results of corrective actions
Is ISO 27001 a standard that defines the technical details for information security, e.g.,
how to configure a firewall? - CORRECT-ANSWERSNo
Why is the Planning section described before the Operation section in the standard? -
CORRECT-ANSWERSIn order to have efficient operations, you need to plan them ahead
, Identify which of the following information security controls are organizational
controls: - CORRECT-ANSWERSDefining a policy on the use of cryptographic controls
Documenting a clear screen policy
Documenting a procedure for training employees
Choose which of the following activities are parts of the Plan phase: - CORRECT-
ANSWERSIdentify information security risks
Based on the results from the risk assessment, choose controls and document a
Statement of applicability
Document the Information Security Policy
The project manager, as one of the basic roles in the ISMS implementation process,
has the following characteristics: - CORRECT-ANSWERSCoordinates the project for
implementation of ISO 27001
Often is also the information security officer
How do you decide which policies and procedures to document? - CORRECT-
ANSWERSCheck whether it is required by ISO 27001
Check the risk assessment results to see if there is a need for such a control
Check how important the process is to you and how complex it is
EXAM WITH CORRECT QUESTIONS
AND ANSWERS 2025
A list of required documentation. - CORRECT-ANSWERSScope of ISMS
Information secuirty and risk treatment
Information secuirty policy and objectives
Statement of Applicability
Risk treatment plan
Risk treatment report
Records of training, skills experience and qualifications
Monitoring measurement results
Internal audit program
Results of internal audit
Results of mangement review
Results of corrective actions
Is ISO 27001 a standard that defines the technical details for information security, e.g.,
how to configure a firewall? - CORRECT-ANSWERSNo
Why is the Planning section described before the Operation section in the standard? -
CORRECT-ANSWERSIn order to have efficient operations, you need to plan them ahead
, Identify which of the following information security controls are organizational
controls: - CORRECT-ANSWERSDefining a policy on the use of cryptographic controls
Documenting a clear screen policy
Documenting a procedure for training employees
Choose which of the following activities are parts of the Plan phase: - CORRECT-
ANSWERSIdentify information security risks
Based on the results from the risk assessment, choose controls and document a
Statement of applicability
Document the Information Security Policy
The project manager, as one of the basic roles in the ISMS implementation process,
has the following characteristics: - CORRECT-ANSWERSCoordinates the project for
implementation of ISO 27001
Often is also the information security officer
How do you decide which policies and procedures to document? - CORRECT-
ANSWERSCheck whether it is required by ISO 27001
Check the risk assessment results to see if there is a need for such a control
Check how important the process is to you and how complex it is
