@prefix schema: .
@prefix xsd: .
@prefix rdfs: .
@prefix : .
# Dataset
:dataset a schema:Dataset ;
schema:name "ISO 27K Q&A Benchmark Dataset" ;
schema:description "A multiple-choice question-and-answer benchmark dataset covering ISO/IEC 27000-series information security management standards." ;
schema:url ;
schema:creator [ a schema:Person ; schema:name "Dimitar Jovanovski" ] ;
schema:license ;
schema:keywords "ISO 27001", "ISO 27002", "information security", "ISMS", "benchmark", "QnA" ;
schema:numberOfItems 222 ;
schema:hasPart
:question-1 ,
:question-2 ,
:question-3 ,
:question-4 ,
:question-5 ,
:question-6 ,
:question-7 ,
:question-8 ,
:question-9 ,
:question-10 ,
:question-11 ,
:question-12 ,
:question-13 ,
:question-14 ,
:question-15 ,
:question-16 ,
:question-17 ,
:question-18 ,
:question-19 ,
:question-20 ,
:question-21 ,
:question-22 ,
:question-23 ,
:question-24 ,
:question-25 ,
:question-26 ,
:question-27 ,
:question-28 ,
:question-29 ,
:question-30 ,
:question-31 ,
:question-32 ,
:question-33 ,
:question-34 ,
:question-35 ,
:question-36 ,
:question-37 ,
:question-38 ,
:question-39 ,
:question-40 ,
:question-41 ,
:question-42 ,
:question-43 ,
:question-44 ,
:question-45 ,
:question-46 ,
:question-47 ,
:question-48 ,
:question-49 ,
:question-50 ,
:question-51 ,
:question-52 ,
:question-53 ,
:question-54 ,
:question-55 ,
:question-56 ,
:question-57 ,
:question-58 ,
:question-59 ,
:question-60 ,
:question-61 ,
:question-62 ,
:question-63 ,
:question-64 ,
:question-65 ,
:question-66 ,
:question-67 ,
:question-68 ,
:question-69 ,
:question-70 ,
:question-71 ,
:question-72 ,
:question-73 ,
:question-74 ,
:question-75 ,
:question-76 ,
:question-77 ,
:question-78 ,
:question-79 ,
:question-80 ,
:question-81 ,
:question-82 ,
:question-83 ,
:question-84 ,
:question-85 ,
:question-86 ,
:question-87 ,
:question-88 ,
:question-89 ,
:question-90 ,
:question-91 ,
:question-92 ,
:question-93 ,
:question-94 ,
:question-95 ,
:question-96 ,
:question-97 ,
:question-98 ,
:question-99 ,
:question-100 ,
:question-101 ,
:question-102 ,
:question-103 ,
:question-104 ,
:question-105 ,
:question-106 ,
:question-107 ,
:question-108 ,
:question-109 ,
:question-110 ,
:question-111 ,
:question-112 ,
:question-113 ,
:question-114 ,
:question-115 ,
:question-116 ,
:question-117 ,
:question-118 ,
:question-119 ,
:question-120 ,
:question-121 ,
:question-122 ,
:question-123 ,
:question-124 ,
:question-125 ,
:question-126 ,
:question-127 ,
:question-128 ,
:question-129 ,
:question-130 ,
:question-131 ,
:question-132 ,
:question-133 ,
:question-134 ,
:question-135 ,
:question-136 ,
:question-137 ,
:question-138 ,
:question-139 ,
:question-140 ,
:question-141 ,
:question-142 ,
:question-143 ,
:question-144 ,
:question-145 ,
:question-146 ,
:question-147 ,
:question-148 ,
:question-149 ,
:question-150 ,
:question-151 ,
:question-152 ,
:question-153 ,
:question-154 ,
:question-155 ,
:question-156 ,
:question-157 ,
:question-158 ,
:question-159 ,
:question-160 ,
:question-161 ,
:question-162 ,
:question-163 ,
:question-164 ,
:question-165 ,
:question-166 ,
:question-167 ,
:question-168 ,
:question-169 ,
:question-170 ,
:question-171 ,
:question-172 ,
:question-173 ,
:question-174 ,
:question-175 ,
:question-176 ,
:question-177 ,
:question-178 ,
:question-179 ,
:question-180 ,
:question-181 ,
:question-182 ,
:question-183 ,
:question-184 ,
:question-185 ,
:question-186 ,
:question-187 ,
:question-188 ,
:question-189 ,
:question-190 ,
:question-191 ,
:question-192 ,
:question-193 ,
:question-194 ,
:question-195 ,
:question-196 ,
:question-197 ,
:question-198 ,
:question-199 ,
:question-200 ,
:question-201 ,
:question-202 ,
:question-203 ,
:question-204 ,
:question-205 ,
:question-206 ,
:question-207 ,
:question-208 ,
:question-209 ,
:question-210 ,
:question-211 ,
:question-212 ,
:question-213 ,
:question-214 ,
:question-215 ,
:question-216 ,
:question-217 ,
:question-218 ,
:question-219 ,
:question-220 ,
:question-221 ,
:question-222 .
# Questions
:question-1 a schema:Question ;
schema:name "Question 1" ;
schema:text "What is an Information Security Management System (ISMS)?" ;
schema:suggestedAnswer :answer-1-A ,
:answer-1-B ,
:answer-1-C ,
:answer-1-D ;
schema:acceptedAnswer :answer-1-A ;
schema:isPartOf :dataset .
:answer-1-A a schema:Answer ;
schema:position "A" ;
schema:text "A set of policies and procedures for managing sensitive company information" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-1 .
:answer-1-B a schema:Answer ;
schema:position "B" ;
schema:text "A software tool for managing security risks." ;
schema:isPartOf :question-1 .
:answer-1-C a schema:Answer ;
schema:position "C" ;
schema:text "A physical security system" ;
schema:isPartOf :question-1 .
:answer-1-D a schema:Answer ;
schema:position "D" ;
schema:text "A consulting service for security compliance" ;
schema:isPartOf :question-1 .
:question-2 a schema:Question ;
schema:name "Question 2" ;
schema:text "What are the two main parts of ISO 27001 standard?" ;
schema:suggestedAnswer :answer-2-A ,
:answer-2-B ,
:answer-2-C ,
:answer-2-D ;
schema:acceptedAnswer :answer-2-D ;
schema:isPartOf :dataset .
:answer-2-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk management and compliance" ;
schema:isPartOf :question-2 .
:answer-2-B a schema:Answer ;
schema:position "B" ;
schema:text "Governance and technical controls" ;
schema:isPartOf :question-2 .
:answer-2-C a schema:Answer ;
schema:position "C" ;
schema:text "Leadership and management" ;
schema:isPartOf :question-2 .
:answer-2-D a schema:Answer ;
schema:position "D" ;
schema:text "Implementation and maintenance" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-2 .
:question-3 a schema:Question ;
schema:name "Question 3" ;
schema:text "What is the purpose of ISO 27001?" ;
schema:suggestedAnswer :answer-3-A ,
:answer-3-B ,
:answer-3-C ,
:answer-3-D ;
schema:acceptedAnswer :answer-3-D ;
schema:isPartOf :dataset .
:answer-3-A a schema:Answer ;
schema:position "A" ;
schema:text "To provide a framework for managing sensitive company information" ;
schema:isPartOf :question-3 .
:answer-3-B a schema:Answer ;
schema:position "B" ;
schema:text "To ensure compliance with government regulations" ;
schema:isPartOf :question-3 .
:answer-3-C a schema:Answer ;
schema:position "C" ;
schema:text "To improve an organization's overall security posture" ;
schema:isPartOf :question-3 .
:answer-3-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-3 .
:question-4 a schema:Question ;
schema:name "Question 4" ;
schema:text "What are the benefits of implementing ISO 27001?" ;
schema:suggestedAnswer :answer-4-A ,
:answer-4-B ,
:answer-4-C ,
:answer-4-D ;
schema:acceptedAnswer :answer-4-D ;
schema:isPartOf :dataset .
:answer-4-A a schema:Answer ;
schema:position "A" ;
schema:text "Improving an organization's overall security posture" ;
schema:isPartOf :question-4 .
:answer-4-B a schema:Answer ;
schema:position "B" ;
schema:text "Enhancing an organization's reputation and credibility" ;
schema:isPartOf :question-4 .
:answer-4-C a schema:Answer ;
schema:position "C" ;
schema:text "Facilitating compliance with legal and regulatory requirements" ;
schema:isPartOf :question-4 .
:answer-4-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-4 .
:question-5 a schema:Question ;
schema:name "Question 5" ;
schema:text "What is the main difference between ISO 27001 and ISO 27002?" ;
schema:suggestedAnswer :answer-5-A ,
:answer-5-B ,
:answer-5-C ,
:answer-5-D ;
schema:acceptedAnswer :answer-5-A ;
schema:isPartOf :dataset .
:answer-5-A a schema:Answer ;
schema:position "A" ;
schema:text "ISO 27001 is a standard and ISO 27002 is a code of practice" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-5 .
:answer-5-B a schema:Answer ;
schema:position "B" ;
schema:text "ISO 27001 is for management and ISO 27002 is for technical implementation" ;
schema:isPartOf :question-5 .
:answer-5-C a schema:Answer ;
schema:position "C" ;
schema:text "ISO 27001 is for small businesses and ISO 27002 is for large organizations" ;
schema:isPartOf :question-5 .
:answer-5-D a schema:Answer ;
schema:position "D" ;
schema:text "ISO 27001 is for government agencies and ISO 27002 is for private sector" ;
schema:isPartOf :question-5 .
:question-6 a schema:Question ;
schema:name "Question 6" ;
schema:text "Which of the following best describes the structure of ISO 27001?" ;
schema:suggestedAnswer :answer-6-A ,
:answer-6-B ,
:answer-6-S ,
:answer-6-C ,
:answer-6-D ;
schema:acceptedAnswer :answer-6-B ;
schema:isPartOf :dataset .
:answer-6-A a schema:Answer ;
schema:position "A" ;
schema:text "A set of guidelines for implementing a data backup plan" ;
schema:isPartOf :question-6 .
:answer-6-B a schema:Answer ;
schema:position "B" ;
schema:text "A framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISM" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-6 .
:answer-6-S a schema:Answer ;
schema:position "S" ;
schema:text "" ;
schema:isPartOf :question-6 .
:answer-6-C a schema:Answer ;
schema:position "C" ;
schema:text "A set of regulations for protecting personal data in the healthcare industry" ;
schema:isPartOf :question-6 .
:answer-6-D a schema:Answer ;
schema:position "D" ;
schema:text "A standard for ensuring the security of industrial control systems" ;
schema:isPartOf :question-6 .
:question-7 a schema:Question ;
schema:name "Question 7" ;
schema:text "In which section of ISO 27001 standard is \"Clause 6\" is mentioned?" ;
schema:suggestedAnswer :answer-7-A ,
:answer-7-B ,
:answer-7-C ,
:answer-7-D ;
schema:acceptedAnswer :answer-7-C ;
schema:isPartOf :dataset .
:answer-7-A a schema:Answer ;
schema:position "A" ;
schema:text "Section 4 - The Planning Phase" ;
schema:isPartOf :question-7 .
:answer-7-B a schema:Answer ;
schema:position "B" ;
schema:text "Section 5 - The Support Phase" ;
schema:isPartOf :question-7 .
:answer-7-C a schema:Answer ;
schema:position "C" ;
schema:text "Section 6 - The Operation Phase" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-7 .
:answer-7-D a schema:Answer ;
schema:position "D" ;
schema:text "Section 7 - The Performance Evaluation Phase" ;
schema:isPartOf :question-7 .
:question-8 a schema:Question ;
schema:name "Question 8" ;
schema:text "How can an organization ensure the availability of their information systems according to the ISO 27001 standard?" ;
schema:suggestedAnswer :answer-8-A ,
:answer-8-B ,
:answer-8-C ,
:answer-8-D ;
schema:acceptedAnswer :answer-8-A ;
schema:isPartOf :dataset .
:answer-8-A a schema:Answer ;
schema:position "A" ;
schema:text "By implementing regular backups and disaster recovery plans" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-8 .
:answer-8-B a schema:Answer ;
schema:position "B" ;
schema:text "By implementing strict access controls and monitoring user activity" ;
schema:isPartOf :question-8 .
:answer-8-C a schema:Answer ;
schema:position "C" ;
schema:text "By implementing firewalls and intrusion detection systems" ;
schema:isPartOf :question-8 .
:answer-8-D a schema:Answer ;
schema:position "D" ;
schema:text "By implementing encryption and secure communication protocols" ;
schema:isPartOf :question-8 .
:question-9 a schema:Question ;
schema:name "Question 9" ;
schema:text "What are the common types of confidentiality controls implemented in an ISMS as per ISO 27001 standard?" ;
schema:suggestedAnswer :answer-9-A ,
:answer-9-B ,
:answer-9-C ,
:answer-9-D ;
schema:acceptedAnswer :answer-9-A ;
schema:isPartOf :dataset .
:answer-9-A a schema:Answer ;
schema:position "A" ;
schema:text "Encryption and firewalls" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-9 .
:answer-9-B a schema:Answer ;
schema:position "B" ;
schema:text "Access controls and intrusion detection" ;
schema:isPartOf :question-9 .
:answer-9-C a schema:Answer ;
schema:position "C" ;
schema:text "Backup and disaster recovery" ;
schema:isPartOf :question-9 .
:answer-9-D a schema:Answer ;
schema:position "D" ;
schema:text "Physical security and surveillance" ;
schema:isPartOf :question-9 .
:question-10 a schema:Question ;
schema:name "Question 10" ;
schema:text "Which of the following best describes the principle of \"integrity\" in the context of ISO 27001?" ;
schema:suggestedAnswer :answer-10-A ,
:answer-10-B ,
:answer-10-C ,
:answer-10-D ;
schema:acceptedAnswer :answer-10-B ;
schema:isPartOf :dataset .
:answer-10-A a schema:Answer ;
schema:position "A" ;
schema:text "Ensuring that only authorized individuals have access to sensitive information" ;
schema:isPartOf :question-10 .
:answer-10-B a schema:Answer ;
schema:position "B" ;
schema:text "Maintaining the accuracy and completeness of information throughout its lifecycle" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-10 .
:answer-10-C a schema:Answer ;
schema:position "C" ;
schema:text "Ensuring that information is protected from unauthorized modification or destruction" ;
schema:isPartOf :question-10 .
:answer-10-D a schema:Answer ;
schema:position "D" ;
schema:text "Ensuring that information systems are available for their intended purpose" ;
schema:isPartOf :question-10 .
:question-11 a schema:Question ;
schema:name "Question 11" ;
schema:text "Which of the following would be the most appropriate action for an organization to take in order to ensure the confidentiality, integrity, and availability of their information assets, according to the principles of an Information Security Management System (ISMS) as outlined in ISO 27001?" ;
schema:suggestedAnswer :answer-11-A ,
:answer-11-B ,
:answer-11-C ,
:answer-11-D ;
schema:acceptedAnswer :answer-11-C ;
schema:isPartOf :dataset .
:answer-11-A a schema:Answer ;
schema:position "A" ;
schema:text "Implementing firewalls and antivirus software on all company computers" ;
schema:isPartOf :question-11 .
:answer-11-B a schema:Answer ;
schema:position "B" ;
schema:text "Providing regular security awareness training for all employees" ;
schema:isPartOf :question-11 .
:answer-11-C a schema:Answer ;
schema:position "C" ;
schema:text "Conducting regular risk assessments and implementing controls to mitigate identified risks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-11 .
:answer-11-D a schema:Answer ;
schema:position "D" ;
schema:text "Restricting access to certain information assets to only a select group of individuals" ;
schema:isPartOf :question-11 .
:question-12 a schema:Question ;
schema:name "Question 12" ;
schema:text "A company is in the process of implementing an Information Security Management System (ISMS) in accordance with ISO 27001. The company's IT department is responsible for managing the ISMS, but they are unsure of how to proceed with the implementation. Which of the following options would be the best course of action for the IT department to take?" ;
schema:suggestedAnswer :answer-12-A ,
:answer-12-B ,
:answer-12-C ,
:answer-12-D ;
schema:acceptedAnswer :answer-12-C ;
schema:isPartOf :dataset .
:answer-12-A a schema:Answer ;
schema:position "A" ;
schema:text "Hire an external consultant to handle the implementation of the ISMS" ;
schema:isPartOf :question-12 .
:answer-12-B a schema:Answer ;
schema:position "B" ;
schema:text "Assign a single employee within the IT department to oversee the implementation of the ISMS" ;
schema:isPartOf :question-12 .
:answer-12-C a schema:Answer ;
schema:position "C" ;
schema:text "Form a cross-functional team within the company to handle the implementation of the ISMS" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-12 .
:answer-12-D a schema:Answer ;
schema:position "D" ;
schema:text "Outsource the implementation of the ISMS to a third-party vendor" ;
schema:isPartOf :question-12 .
:question-13 a schema:Question ;
schema:name "Question 13" ;
schema:text "In a company's effort to implement ISO 27001 requirements, which of the following steps would be considered the MOST important?" ;
schema:suggestedAnswer :answer-13-A ,
:answer-13-B ,
:answer-13-C ,
:answer-13-D ;
schema:acceptedAnswer :answer-13-C ;
schema:isPartOf :dataset .
:answer-13-A a schema:Answer ;
schema:position "A" ;
schema:text "Creating a detailed project plan" ;
schema:isPartOf :question-13 .
:answer-13-B a schema:Answer ;
schema:position "B" ;
schema:text "Conducting a gap analysis" ;
schema:isPartOf :question-13 .
:answer-13-C a schema:Answer ;
schema:position "C" ;
schema:text "Obtaining management buy-in and support" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-13 .
:answer-13-D a schema:Answer ;
schema:position "D" ;
schema:text "Developing a comprehensive security policy" ;
schema:isPartOf :question-13 .
:question-14 a schema:Question ;
schema:name "Question 14" ;
schema:text "What is the first step in implementing ISO 27001 requirements within an organization?" ;
schema:suggestedAnswer :answer-14-A ,
:answer-14-B ,
:answer-14-C ,
:answer-14-D ;
schema:acceptedAnswer :answer-14-A ;
schema:isPartOf :dataset .
:answer-14-A a schema:Answer ;
schema:position "A" ;
schema:text "Conducting a risk assessment" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-14 .
:answer-14-B a schema:Answer ;
schema:position "B" ;
schema:text "Developing an Information Security Policy" ;
schema:isPartOf :question-14 .
:answer-14-C a schema:Answer ;
schema:position "C" ;
schema:text "Designing and implementing controls" ;
schema:isPartOf :question-14 .
:answer-14-D a schema:Answer ;
schema:position "D" ;
schema:text "Obtaining management commitment" ;
schema:isPartOf :question-14 .
:question-15 a schema:Question ;
schema:name "Question 15" ;
schema:text "Which of the following documents is required to be maintained as per ISO 27001 standard?" ;
schema:suggestedAnswer :answer-15-A ,
:answer-15-B ,
:answer-15-C ,
:answer-15-D ;
schema:acceptedAnswer :answer-15-B ;
schema:isPartOf :dataset .
:answer-15-A a schema:Answer ;
schema:position "A" ;
schema:text "Employee handbook" ;
schema:isPartOf :question-15 .
:answer-15-B a schema:Answer ;
schema:position "B" ;
schema:text "Statement of applicability" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-15 .
:answer-15-C a schema:Answer ;
schema:position "C" ;
schema:text "Health and safety manual" ;
schema:isPartOf :question-15 .
:answer-15-D a schema:Answer ;
schema:position "D" ;
schema:text "Employee performance evaluations" ;
schema:isPartOf :question-15 .
:question-16 a schema:Question ;
schema:name "Question 16" ;
schema:text "What are the benefits of implementing ISO 27001?" ;
schema:suggestedAnswer :answer-16-A ,
:answer-16-B ,
:answer-16-C ,
:answer-16-D ,
:answer-16-E ;
schema:acceptedAnswer :answer-16-E ;
schema:isPartOf :dataset .
:answer-16-A a schema:Answer ;
schema:position "A" ;
schema:text "Improved compliance with regulatory requirements" ;
schema:isPartOf :question-16 .
:answer-16-B a schema:Answer ;
schema:position "B" ;
schema:text "Increased customer trust and confidence" ;
schema:isPartOf :question-16 .
:answer-16-C a schema:Answer ;
schema:position "C" ;
schema:text "Enhanced reputation and competitive advantage" ;
schema:isPartOf :question-16 .
:answer-16-D a schema:Answer ;
schema:position "D" ;
schema:text "Reduced risk of data breaches and cyber attacks" ;
schema:isPartOf :question-16 .
:answer-16-E a schema:Answer ;
schema:position "E" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-16 .
:question-17 a schema:Question ;
schema:name "Question 17" ;
schema:text "Is ISO 27001 a standard that defines the technical details for information security, e.g., how to configure a firewall?" ;
schema:suggestedAnswer :answer-17-A ,
:answer-17-B ;
schema:acceptedAnswer :answer-17-B ;
schema:isPartOf :dataset .
:answer-17-A a schema:Answer ;
schema:position "A" ;
schema:text "Yes" ;
schema:isPartOf :question-17 .
:answer-17-B a schema:Answer ;
schema:position "B" ;
schema:text "No" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-17 .
:question-18 a schema:Question ;
schema:name "Question 18" ;
schema:text "Which of the following statements represents an external issue?" ;
schema:suggestedAnswer :answer-18-A ,
:answer-18-B ,
:answer-18-C ,
:answer-18-D ;
schema:acceptedAnswer :answer-18-B ;
schema:isPartOf :dataset .
:answer-18-A a schema:Answer ;
schema:position "A" ;
schema:text "Organizational culture" ;
schema:isPartOf :question-18 .
:answer-18-B a schema:Answer ;
schema:position "B" ;
schema:text "Economic environment" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-18 .
:answer-18-C a schema:Answer ;
schema:position "C" ;
schema:text "The structure of the company" ;
schema:isPartOf :question-18 .
:answer-18-D a schema:Answer ;
schema:position "D" ;
schema:text "The business strategy" ;
schema:isPartOf :question-18 .
:question-19 a schema:Question ;
schema:name "Question 19" ;
schema:text "What is the first step in the planning phase of implementing an ISMS?" ;
schema:suggestedAnswer :answer-19-A ,
:answer-19-B ,
:answer-19-C ,
:answer-19-D ;
schema:acceptedAnswer :answer-19-D ;
schema:isPartOf :dataset .
:answer-19-A a schema:Answer ;
schema:position "A" ;
schema:text "Identifying the scope of the ISMS" ;
schema:isPartOf :question-19 .
:answer-19-B a schema:Answer ;
schema:position "B" ;
schema:text "Developing the Information Security Policy" ;
schema:isPartOf :question-19 .
:answer-19-C a schema:Answer ;
schema:position "C" ;
schema:text "Conducting a risk assessment" ;
schema:isPartOf :question-19 .
:answer-19-D a schema:Answer ;
schema:position "D" ;
schema:text "Understanding the organization and its context" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-19 .
:question-20 a schema:Question ;
schema:name "Question 20" ;
schema:text "What is the purpose of determining the scope of an ISMS?" ;
schema:suggestedAnswer :answer-20-A ,
:answer-20-B ,
:answer-20-C ,
:answer-20-D ;
schema:acceptedAnswer :answer-20-D ;
schema:isPartOf :dataset .
:answer-20-A a schema:Answer ;
schema:position "A" ;
schema:text "To identify which areas of the organization will be covered by the ISMS" ;
schema:isPartOf :question-20 .
:answer-20-B a schema:Answer ;
schema:position "B" ;
schema:text "To identify which information assets need to be protected" ;
schema:isPartOf :question-20 .
:answer-20-C a schema:Answer ;
schema:position "C" ;
schema:text "To identify which information security standards need to be met" ;
schema:isPartOf :question-20 .
:answer-20-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-20 .
:question-21 a schema:Question ;
schema:name "Question 21" ;
schema:text "What are the key elements of effective communication in an ISMS?" ;
schema:suggestedAnswer :answer-21-A ,
:answer-21-B ,
:answer-21-C ,
:answer-21-D ;
schema:acceptedAnswer :answer-21-D ;
schema:isPartOf :dataset .
:answer-21-A a schema:Answer ;
schema:position "A" ;
schema:text "Who needs to be communicated to" ;
schema:isPartOf :question-21 .
:answer-21-B a schema:Answer ;
schema:position "B" ;
schema:text "What needs to be communicated" ;
schema:isPartOf :question-21 .
:answer-21-C a schema:Answer ;
schema:position "C" ;
schema:text "How communication will be done" ;
schema:isPartOf :question-21 .
:answer-21-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-21 .
:question-22 a schema:Question ;
schema:name "Question 22" ;
schema:text "What is the difference between internal and external communication in an ISMS?" ;
schema:suggestedAnswer :answer-22-A ,
:answer-22-B ,
:answer-22-C ,
:answer-22-D ;
schema:acceptedAnswer :answer-22-A ;
schema:isPartOf :dataset .
:answer-22-A a schema:Answer ;
schema:position "A" ;
schema:text "Internal communication involves communication within the organization, external communication involves communication with external stakeholders" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-22 .
:answer-22-B a schema:Answer ;
schema:position "B" ;
schema:text "Internal communication involves communication with customers, external communication involves communication with suppliers" ;
schema:isPartOf :question-22 .
:answer-22-C a schema:Answer ;
schema:position "C" ;
schema:text "Internal communication involves communication with management, external communication involves communication with employees" ;
schema:isPartOf :question-22 .
:answer-22-D a schema:Answer ;
schema:position "D" ;
schema:text "Internal communication involves communication with regulatory bodies, external communication involves communication with the public" ;
schema:isPartOf :question-22 .
:question-23 a schema:Question ;
schema:name "Question 23" ;
schema:text "Who is responsible for managing the awareness program in an ISMS?" ;
schema:suggestedAnswer :answer-23-A ,
:answer-23-B ,
:answer-23-C ,
:answer-23-D ;
schema:acceptedAnswer :answer-23-A ;
schema:isPartOf :dataset .
:answer-23-A a schema:Answer ;
schema:position "A" ;
schema:text "The ISMS manager" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-23 .
:answer-23-B a schema:Answer ;
schema:position "B" ;
schema:text "The security officer" ;
schema:isPartOf :question-23 .
:answer-23-C a schema:Answer ;
schema:position "C" ;
schema:text "All employees" ;
schema:isPartOf :question-23 .
:answer-23-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isPartOf :question-23 .
:question-24 a schema:Question ;
schema:name "Question 24" ;
schema:text "Which of the following statements describes an ISMS scope?" ;
schema:suggestedAnswer :answer-24-A ,
:answer-24-B ,
:answer-24-C ,
:answer-24-D ;
schema:acceptedAnswer :answer-24-B ;
schema:isPartOf :dataset .
:answer-24-A a schema:Answer ;
schema:position "A" ;
schema:text "Company X’s ISO 27001 certificate is valid until November 22, 2028" ;
schema:isPartOf :question-24 .
:answer-24-B a schema:Answer ;
schema:position "B" ;
schema:text "The Information Security Management System (ISMS) applies to the provision of software development and implementation, as well as outsourcing of IT services including maintenance of hardware and software, operating from the offices in London and Edinburgh" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-24 .
:answer-24-C a schema:Answer ;
schema:position "C" ;
schema:text "The ISMS has implemented all the controls from Annex A" ;
schema:isPartOf :question-24 .
:answer-24-D a schema:Answer ;
schema:position "D" ;
schema:text "Company X has implemented ISO 9001 and ISO 27001" ;
schema:isPartOf :question-24 .
:question-25 a schema:Question ;
schema:name "Question 25" ;
schema:text "How can top management demonstrate leadership and commitment to the Information Security Management System?" ;
schema:suggestedAnswer :answer-25-A ,
:answer-25-B ,
:answer-25-C ,
:answer-25-D ;
schema:acceptedAnswer :answer-25-B ;
schema:isPartOf :dataset .
:answer-25-A a schema:Answer ;
schema:position "A" ;
schema:text "Documenting the information security policies and procedures" ;
schema:isPartOf :question-25 .
:answer-25-B a schema:Answer ;
schema:position "B" ;
schema:text "Ensuring the resources necessary for the ISMS" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-25 .
:answer-25-C a schema:Answer ;
schema:position "C" ;
schema:text "Creating exceptions to the security rules for top management" ;
schema:isPartOf :question-25 .
:answer-25-D a schema:Answer ;
schema:position "D" ;
schema:text "Dedicating one week a year for information security, while the rest of the time is dedicated to everyday activities" ;
schema:isPartOf :question-25 .
:question-26 a schema:Question ;
schema:name "Question 26" ;
schema:text "The following statements are requirements for the Information Security Policy:" ;
schema:suggestedAnswer :answer-26-A ,
:answer-26-B ,
:answer-26-C ,
:answer-26-D ;
schema:acceptedAnswer :answer-26-C ;
schema:isPartOf :dataset .
:answer-26-A a schema:Answer ;
schema:position "A" ;
schema:text "It should include detailed information about the roles and responsibilities of the employees" ;
schema:isPartOf :question-26 .
:answer-26-B a schema:Answer ;
schema:position "B" ;
schema:text "It should include relevant technical details and security rules" ;
schema:isPartOf :question-26 .
:answer-26-C a schema:Answer ;
schema:position "C" ;
schema:text "It should provide a framework for setting information security objectives" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-26 .
:answer-26-D a schema:Answer ;
schema:position "D" ;
schema:text "It must include the ISMS scope" ;
schema:isPartOf :question-26 .
:question-27 a schema:Question ;
schema:name "Question 27" ;
schema:text "Which of the following responsibilities and authorities are relevant for the person responsible for reporting on the performance of the ISMS to top management?" ;
schema:suggestedAnswer :answer-27-A ,
:answer-27-B ,
:answer-27-C ,
:answer-27-D ;
schema:acceptedAnswer :answer-27-D ;
schema:isPartOf :dataset .
:answer-27-A a schema:Answer ;
schema:position "A" ;
schema:text "Updating the Statement of Applicability" ;
schema:isPartOf :question-27 .
:answer-27-B a schema:Answer ;
schema:position "B" ;
schema:text "Training employees on ISMS rules" ;
schema:isPartOf :question-27 .
:answer-27-C a schema:Answer ;
schema:position "C" ;
schema:text "Conducting a campaign for ISMS awareness raising" ;
schema:isPartOf :question-27 .
:answer-27-D a schema:Answer ;
schema:position "D" ;
schema:text "Measuring the KPIs (Key Performance Indicators)" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-27 .
:question-28 a schema:Question ;
schema:name "Question 28" ;
schema:text "Which of the following objectives represents a measurable information security objective?" ;
schema:suggestedAnswer :answer-28-A ,
:answer-28-B ,
:answer-28-C ,
:answer-28-D ;
schema:acceptedAnswer :answer-28-B ;
schema:isPartOf :dataset .
:answer-28-A a schema:Answer ;
schema:position "A" ;
schema:text "Ensure 99.9% availability of the company’s services annually" ;
schema:isPartOf :question-28 .
:answer-28-B a schema:Answer ;
schema:position "B" ;
schema:text "Decrease the average time for solving incidents by 10% during the next 12 months" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-28 .
:answer-28-C a schema:Answer ;
schema:position "C" ;
schema:text "Increase the information security awareness of employees" ;
schema:isPartOf :question-28 .
:answer-28-D a schema:Answer ;
schema:position "D" ;
schema:text "Strengthen the overall capabilities of the Information Security Management System in the next six months" ;
schema:isPartOf :question-28 .
:question-29 a schema:Question ;
schema:name "Question 29" ;
schema:text "For effective implementation of incident management software in Company Y, the following resources should be available:" ;
schema:suggestedAnswer :answer-29-A ,
:answer-29-B ,
:answer-29-C ,
:answer-29-D ;
schema:acceptedAnswer :answer-29-D ;
schema:isPartOf :dataset .
:answer-29-A a schema:Answer ;
schema:position "A" ;
schema:text "Available person and time to conduct analysis of the most suitable software for incident management in Company Y" ;
schema:isPartOf :question-29 .
:answer-29-B a schema:Answer ;
schema:position "B" ;
schema:text "Responsible person for coordinating the implementation of the procedure" ;
schema:isPartOf :question-29 .
:answer-29-C a schema:Answer ;
schema:position "C" ;
schema:text "Available time for all employees to pass short training on how to use the incident management software for reporting incidents" ;
schema:isPartOf :question-29 .
:answer-29-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-29 .
:question-30 a schema:Question ;
schema:name "Question 30" ;
schema:text "Which of the following statements represents requirements from the ISO 27001 standard?" ;
schema:suggestedAnswer :answer-30-A ,
:answer-30-B ,
:answer-30-C ,
:answer-30-D ;
schema:acceptedAnswer :answer-30-B ;
schema:isPartOf :dataset .
:answer-30-A a schema:Answer ;
schema:position "A" ;
schema:text "All employees should have an ISO 27001 Introduction certificate" ;
schema:isPartOf :question-30 .
:answer-30-B a schema:Answer ;
schema:position "B" ;
schema:text "Keep records as evidence of competence" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-30 .
:answer-30-C a schema:Answer ;
schema:position "C" ;
schema:text "Assign a security mentor to each employee" ;
schema:isPartOf :question-30 .
:answer-30-D a schema:Answer ;
schema:position "D" ;
schema:text "All employees shall have university degrees" ;
schema:isPartOf :question-30 .
:question-31 a schema:Question ;
schema:name "Question 31" ;
schema:text "Information security awareness raising helps employees become information security experts:" ;
schema:suggestedAnswer :answer-31-A ,
:answer-31-B ;
schema:acceptedAnswer :answer-31-B ;
schema:isPartOf :dataset .
:answer-31-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-31 .
:answer-31-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-31 .
:question-32 a schema:Question ;
schema:name "Question 32" ;
schema:text "Communication rules should cover the following elements:" ;
schema:suggestedAnswer :answer-32-A ,
:answer-32-B ,
:answer-32-C ,
:answer-32-D ;
schema:acceptedAnswer :answer-32-B ;
schema:isPartOf :dataset .
:answer-32-A a schema:Answer ;
schema:position "A" ;
schema:text "When the scheduled internal audit is scheduled" ;
schema:isPartOf :question-32 .
:answer-32-B a schema:Answer ;
schema:position "B" ;
schema:text "What should be communicated" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-32 .
:answer-32-C a schema:Answer ;
schema:position "C" ;
schema:text "Standard form for communication for each media used (e.g., social media, press, television, etc.)" ;
schema:isPartOf :question-32 .
:answer-32-D a schema:Answer ;
schema:position "D" ;
schema:text "Why information security objectives are important" ;
schema:isPartOf :question-32 .
:question-33 a schema:Question ;
schema:name "Question 33" ;
schema:text "When creating a new document, you should take into consideration the following aspects:" ;
schema:suggestedAnswer :answer-33-A ,
:answer-33-B ,
:answer-33-C ,
:answer-33-D ;
schema:acceptedAnswer :answer-33-C ;
schema:isPartOf :dataset .
:answer-33-A a schema:Answer ;
schema:position "A" ;
schema:text "Storing the document wherever is suitable for you" ;
schema:isPartOf :question-33 .
:answer-33-B a schema:Answer ;
schema:position "B" ;
schema:text "Adding in as many examples as you can" ;
schema:isPartOf :question-33 .
:answer-33-C a schema:Answer ;
schema:position "C" ;
schema:text "Saving the document in the appropriate file format" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-33 .
:answer-33-D a schema:Answer ;
schema:position "D" ;
schema:text "The document is very well written, so it doesn’t need a title. It is pretty much obvious what it is" ;
schema:isPartOf :question-33 .
:question-34 a schema:Question ;
schema:name "Question 34" ;
schema:text "In a scenario where Company X is implementing an ISMS, what are the key considerations for determining the scope of the ISMS?" ;
schema:suggestedAnswer :answer-34-A ,
:answer-34-B ,
:answer-34-C ,
:answer-34-D ;
schema:acceptedAnswer :answer-34-C ;
schema:isPartOf :dataset .
:answer-34-A a schema:Answer ;
schema:position "A" ;
schema:text "The physical location of the company's assets" ;
schema:isPartOf :question-34 .
:answer-34-B a schema:Answer ;
schema:position "B" ;
schema:text "The types of data and information processed by the company" ;
schema:isPartOf :question-34 .
:answer-34-C a schema:Answer ;
schema:position "C" ;
schema:text "The legal and regulatory requirements the company must comply with" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-34 .
:answer-34-D a schema:Answer ;
schema:position "D" ;
schema:text "The company's organizational structure and lines of communication" ;
schema:isPartOf :question-34 .
:question-35 a schema:Question ;
schema:name "Question 35" ;
schema:text "In a scenario where a company is implementing an ISMS, which of the following actions best demonstrates leadership according to ISO 27001?" ;
schema:suggestedAnswer :answer-35-A ,
:answer-35-B ,
:answer-35-C ,
:answer-35-D ;
schema:acceptedAnswer :answer-35-C ;
schema:isPartOf :dataset .
:answer-35-A a schema:Answer ;
schema:position "A" ;
schema:text "Allowing employees to make decisions on their own regarding information security" ;
schema:isPartOf :question-35 .
:answer-35-B a schema:Answer ;
schema:position "B" ;
schema:text "Ignoring feedback and suggestions from employees regarding the ISMS" ;
schema:isPartOf :question-35 .
:answer-35-C a schema:Answer ;
schema:position "C" ;
schema:text "Actively participating in the implementation and ongoing maintenance of the ISMS" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-35 .
:answer-35-D a schema:Answer ;
schema:position "D" ;
schema:text "Outsourcing all responsibilities related to the ISMS to a third-party vendor" ;
schema:isPartOf :question-35 .
:question-36 a schema:Question ;
schema:name "Question 36" ;
schema:text "In a scenario where a company is implementing an ISMS, which of the following actions would demonstrate commitment to the system according to ISO 27001?" ;
schema:suggestedAnswer :answer-36-A ,
:answer-36-B ,
:answer-36-C ,
:answer-36-D ,
:answer-36-E ;
schema:acceptedAnswer :answer-36-E ;
schema:isPartOf :dataset .
:answer-36-A a schema:Answer ;
schema:position "A" ;
schema:text "Allocating a budget for the ISMS implementation" ;
schema:isPartOf :question-36 .
:answer-36-B a schema:Answer ;
schema:position "B" ;
schema:text "Assigning a dedicated team to handle the ISMS implementation" ;
schema:isPartOf :question-36 .
:answer-36-C a schema:Answer ;
schema:position "C" ;
schema:text "Regularly reviewing and updating the ISMS documentation" ;
schema:isPartOf :question-36 .
:answer-36-D a schema:Answer ;
schema:position "D" ;
schema:text "Providing the ISMS team with necessary resources" ;
schema:isPartOf :question-36 .
:answer-36-E a schema:Answer ;
schema:position "E" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-36 .
:question-37 a schema:Question ;
schema:name "Question 37" ;
schema:text "A company is in the process of creating an Information Security Policy as part of their implementation of an ISMS according to ISO 27001. Which of the following elements should be included in the policy to ensure its effectiveness?" ;
schema:suggestedAnswer :answer-37-A ,
:answer-37-B ,
:answer-37-C ,
:answer-37-D ;
schema:acceptedAnswer :answer-37-C ;
schema:isPartOf :dataset .
:answer-37-A a schema:Answer ;
schema:position "A" ;
schema:text "A list of all employees and their job titles" ;
schema:isPartOf :question-37 .
:answer-37-B a schema:Answer ;
schema:position "B" ;
schema:text "Detailed instructions for how to handle security incidents" ;
schema:isPartOf :question-37 .
:answer-37-C a schema:Answer ;
schema:position "C" ;
schema:text "A clear statement of the company's commitment to maintaining the confidentiality, integrity, and availability of information" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-37 .
:answer-37-D a schema:Answer ;
schema:position "D" ;
schema:text "A list of all software and hardware used by the company" ;
schema:isPartOf :question-37 .
:question-38 a schema:Question ;
schema:name "Question 38" ;
schema:text "Who is responsible for ensuring the effectiveness of the Information Security Management System" ;
schema:suggestedAnswer :answer-38-A ,
:answer-38-B ,
:answer-38-C ,
:answer-38-D ;
schema:acceptedAnswer :answer-38-B ;
schema:isPartOf :dataset .
:answer-38-A a schema:Answer ;
schema:position "A" ;
schema:text "The Chief Information Security Officer (CISO)" ;
schema:isPartOf :question-38 .
:answer-38-B a schema:Answer ;
schema:position "B" ;
schema:text "The Top Management Representative" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-38 .
:answer-38-C a schema:Answer ;
schema:position "C" ;
schema:text "The Information Security Officer" ;
schema:isPartOf :question-38 .
:answer-38-D a schema:Answer ;
schema:position "D" ;
schema:text "The Chief Executive Officer" ;
schema:isPartOf :question-38 .
:question-39 a schema:Question ;
schema:name "Question 39" ;
schema:text "Who is responsible for providing the necessary resources for the Information Security Management System?" ;
schema:suggestedAnswer :answer-39-A ,
:answer-39-B ,
:answer-39-C ,
:answer-39-D ;
schema:acceptedAnswer :answer-39-A ;
schema:isPartOf :dataset .
:answer-39-A a schema:Answer ;
schema:position "A" ;
schema:text "The Chief Executive Officer" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-39 .
:answer-39-B a schema:Answer ;
schema:position "B" ;
schema:text "The Chief Information Security Officer" ;
schema:isPartOf :question-39 .
:answer-39-C a schema:Answer ;
schema:position "C" ;
schema:text "The Management Representative" ;
schema:isPartOf :question-39 .
:answer-39-D a schema:Answer ;
schema:position "D" ;
schema:text "The Information Security Officer" ;
schema:isPartOf :question-39 .
:question-40 a schema:Question ;
schema:name "Question 40" ;
schema:text "In Company X, the risk methodology used for their ISMS includes identifying and evaluating risks, but they are unsure if they should also include a risk treatment plan. Which of the following options best aligns with the requirements of ISO 27001 for risk methodology?" ;
schema:suggestedAnswer :answer-40-A ,
:answer-40-B ,
:answer-40-C ,
:answer-40-D ;
schema:acceptedAnswer :answer-40-B ;
schema:isPartOf :dataset .
:answer-40-A a schema:Answer ;
schema:position "A" ;
schema:text "Identifying and evaluating risks only" ;
schema:isPartOf :question-40 .
:answer-40-B a schema:Answer ;
schema:position "B" ;
schema:text "Identifying and evaluating risks, and implementing a risktreatment plan" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-40 .
:answer-40-C a schema:Answer ;
schema:position "C" ;
schema:text "Identifying risks only, and leaving evaluation and treatment to the discretion of individual departments" ;
schema:isPartOf :question-40 .
:answer-40-D a schema:Answer ;
schema:position "D" ;
schema:text "Outsourcing risk management to a third-party vendor" ;
schema:isPartOf :question-40 .
:question-41 a schema:Question ;
schema:name "Question 41" ;
schema:text "Risks and opportunities need to be addressed in order to:" ;
schema:suggestedAnswer :answer-41-A ,
:answer-41-B ,
:answer-41-C ,
:answer-41-D ;
schema:acceptedAnswer :answer-41-B ;
schema:isPartOf :dataset .
:answer-41-A a schema:Answer ;
schema:position "A" ;
schema:text "Demonstrate management commitment" ;
schema:isPartOf :question-41 .
:answer-41-B a schema:Answer ;
schema:position "B" ;
schema:text "Ensure achievement of the ISMS outcomes" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-41 .
:answer-41-C a schema:Answer ;
schema:position "C" ;
schema:text "Prevent or reduce the financial and operational losses" ;
schema:isPartOf :question-41 .
:answer-41-D a schema:Answer ;
schema:position "D" ;
schema:text "Ensure all employees are aware of the risks and opportunities" ;
schema:isPartOf :question-41 .
:question-42 a schema:Question ;
schema:name "Question 42" ;
schema:text "What is the appropriate order for the steps from the Risk Management Process?" ;
schema:suggestedAnswer :answer-42-A ,
:answer-42-B ,
:answer-42-C ,
:answer-42-D ;
schema:acceptedAnswer :answer-42-A ;
schema:isPartOf :dataset .
:answer-42-A a schema:Answer ;
schema:position "A" ;
schema:text "Identify, Assess, Analyze, Mitigate" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-42 .
:answer-42-B a schema:Answer ;
schema:position "B" ;
schema:text "Assess, Identify, Mitigate, Analyze" ;
schema:isPartOf :question-42 .
:answer-42-C a schema:Answer ;
schema:position "C" ;
schema:text "Analyze, Mitigate, Assess, Identify" ;
schema:isPartOf :question-42 .
:answer-42-D a schema:Answer ;
schema:position "D" ;
schema:text "Mitigate, Identify, Assess, Analyze" ;
schema:isPartOf :question-42 .
:question-43 a schema:Question ;
schema:name "Question 43" ;
schema:text "Which of the following represents assets from an information security perspective?" ;
schema:suggestedAnswer :answer-43-A ,
:answer-43-B ,
:answer-43-C ,
:answer-43-D ;
schema:acceptedAnswer :answer-43-C ;
schema:isPartOf :dataset .
:answer-43-A a schema:Answer ;
schema:position "A" ;
schema:text "Bathroom" ;
schema:isPartOf :question-43 .
:answer-43-B a schema:Answer ;
schema:position "B" ;
schema:text "Unauthorized modification" ;
schema:isPartOf :question-43 .
:answer-43-C a schema:Answer ;
schema:position "C" ;
schema:text "Software" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-43 .
:answer-43-D a schema:Answer ;
schema:position "D" ;
schema:text "Low awareness of information security" ;
schema:isPartOf :question-43 .
:question-44 a schema:Question ;
schema:name "Question 44" ;
schema:text "What is the primary outcome of a risk analysis related to ISO 27001?" ;
schema:suggestedAnswer :answer-44-A ,
:answer-44-B ,
:answer-44-C ,
:answer-44-D ;
schema:acceptedAnswer :answer-44-A ;
schema:isPartOf :dataset .
:answer-44-A a schema:Answer ;
schema:position "A" ;
schema:text "Identification of risks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-44 .
:answer-44-B a schema:Answer ;
schema:position "B" ;
schema:text "Prioritizing of risk management activities" ;
schema:isPartOf :question-44 .
:answer-44-C a schema:Answer ;
schema:position "C" ;
schema:text "Development of action plans" ;
schema:isPartOf :question-44 .
:answer-44-D a schema:Answer ;
schema:position "D" ;
schema:text "Written statement of compliance" ;
schema:isPartOf :question-44 .
:question-45 a schema:Question ;
schema:name "Question 45" ;
schema:text "Who is responsible for managing the risks identified in an ISO 27001 audit?" ;
schema:suggestedAnswer :answer-45-A ,
:answer-45-B ,
:answer-45-C ,
:answer-45-D ;
schema:acceptedAnswer :answer-45-B ;
schema:isPartOf :dataset .
:answer-45-A a schema:Answer ;
schema:position "A" ;
schema:text "The Auditor" ;
schema:isPartOf :question-45 .
:answer-45-B a schema:Answer ;
schema:position "B" ;
schema:text "The Risk Owner" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-45 .
:answer-45-C a schema:Answer ;
schema:position "C" ;
schema:text "The Risk Assessor" ;
schema:isPartOf :question-45 .
:answer-45-D a schema:Answer ;
schema:position "D" ;
schema:text "The Risk Manager" ;
schema:isPartOf :question-45 .
:question-46 a schema:Question ;
schema:name "Question 46" ;
schema:text "What is the risk impact if an organization fails to implement appropriate technical and organizational measures to protect confidential data?" ;
schema:suggestedAnswer :answer-46-A ,
:answer-46-B ,
:answer-46-C ,
:answer-46-D ,
:answer-46-E ;
schema:acceptedAnswer :answer-46-E ;
schema:isPartOf :dataset .
:answer-46-A a schema:Answer ;
schema:position "A" ;
schema:text "Loss of customer trust" ;
schema:isPartOf :question-46 .
:answer-46-B a schema:Answer ;
schema:position "B" ;
schema:text "Compromise of confidential data" ;
schema:isPartOf :question-46 .
:answer-46-C a schema:Answer ;
schema:position "C" ;
schema:text "Potential legal action" ;
schema:isPartOf :question-46 .
:answer-46-D a schema:Answer ;
schema:position "D" ;
schema:text "Damage to the organization's reputation" ;
schema:isPartOf :question-46 .
:answer-46-E a schema:Answer ;
schema:position "E" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-46 .
:question-47 a schema:Question ;
schema:name "Question 47" ;
schema:text "Which of the following actions are accepted as good risk treatment practices?" ;
schema:suggestedAnswer :answer-47-A ,
:answer-47-B ,
:answer-47-C ,
:answer-47-D ;
schema:acceptedAnswer :answer-47-C ;
schema:isPartOf :dataset .
:answer-47-A a schema:Answer ;
schema:position "A" ;
schema:text "Ignoring the risk" ;
schema:isPartOf :question-47 .
:answer-47-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk sharing" ;
schema:isPartOf :question-47 .
:answer-47-C a schema:Answer ;
schema:position "C" ;
schema:text "Risk acceptance" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-47 .
:answer-47-D a schema:Answer ;
schema:position "D" ;
schema:text "Doubling the risk" ;
schema:isPartOf :question-47 .
:question-48 a schema:Question ;
schema:name "Question 48" ;
schema:text "The Statement of Applicability document should include:" ;
schema:suggestedAnswer :answer-48-A ,
:answer-48-B ,
:answer-48-C ,
:answer-48-D ;
schema:acceptedAnswer :answer-48-B ;
schema:isPartOf :dataset .
:answer-48-A a schema:Answer ;
schema:position "A" ;
schema:text "Only the controls from Annex A" ;
schema:isPartOf :question-48 .
:answer-48-B a schema:Answer ;
schema:position "B" ;
schema:text "All the controls from Annex A and any additional controls that might be identified in the risk treatment process" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-48 .
:answer-48-C a schema:Answer ;
schema:position "C" ;
schema:text "Only additional controls that might be identified in the risk treatment process" ;
schema:isPartOf :question-48 .
:answer-48-D a schema:Answer ;
schema:position "D" ;
schema:text "The risk owner" ;
schema:isPartOf :question-48 .
:question-49 a schema:Question ;
schema:name "Question 49" ;
schema:text "What is the purpose of the Statement of Applicability according to ISO 27001?" ;
schema:suggestedAnswer :answer-49-A ,
:answer-49-B ,
:answer-49-C ,
:answer-49-D ,
:answer-49-E ;
schema:acceptedAnswer :answer-49-E ;
schema:isPartOf :dataset .
:answer-49-A a schema:Answer ;
schema:position "A" ;
schema:text "To identify the security controls implemented within an organization." ;
schema:isPartOf :question-49 .
:answer-49-B a schema:Answer ;
schema:position "B" ;
schema:text "To document the risk assessment and risk treatment process." ;
schema:isPartOf :question-49 .
:answer-49-C a schema:Answer ;
schema:position "C" ;
schema:text "To demonstrate an organization’s commitment to information security." ;
schema:isPartOf :question-49 .
:answer-49-D a schema:Answer ;
schema:position "D" ;
schema:text "To identify assets and the associated risks." ;
schema:isPartOf :question-49 .
:answer-49-E a schema:Answer ;
schema:position "E" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-49 .
:question-50 a schema:Question ;
schema:name "Question 50" ;
schema:text "Which one of the following is a step in the risk management process:" ;
schema:suggestedAnswer :answer-50-A ,
:answer-50-B ,
:answer-50-C ,
:answer-50-D ;
schema:acceptedAnswer :answer-50-B ;
schema:isPartOf :dataset .
:answer-50-A a schema:Answer ;
schema:position "A" ;
schema:text "Define the information Security Policy" ;
schema:isPartOf :question-50 .
:answer-50-B a schema:Answer ;
schema:position "B" ;
schema:text "Create the risk treatment plan" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-50 .
:answer-50-C a schema:Answer ;
schema:position "C" ;
schema:text "Understand the organization and its context" ;
schema:isPartOf :question-50 .
:answer-50-D a schema:Answer ;
schema:position "D" ;
schema:text "Report the incidents to the top management" ;
schema:isPartOf :question-50 .
:question-51 a schema:Question ;
schema:name "Question 51" ;
schema:text "According to ISO 27001, the risk assessment must include which one of the following elements:" ;
schema:suggestedAnswer :answer-51-A ,
:answer-51-B ,
:answer-51-C ;
schema:acceptedAnswer :answer-51-A ;
schema:isPartOf :dataset .
:answer-51-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk evaluation" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-51 .
:answer-51-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk transfer" ;
schema:isPartOf :question-51 .
:answer-51-C a schema:Answer ;
schema:position "C" ;
schema:text "Defining the risk assessment methodology" ;
schema:isPartOf :question-51 .
:question-52 a schema:Question ;
schema:name "Question 52" ;
schema:text "In a scenario where a company is evaluating potential risks to their information security, which of the following is NOT a valid method for risk evaluation according to ISO 27001?" ;
schema:suggestedAnswer :answer-52-A ,
:answer-52-B ,
:answer-52-C ,
:answer-52-D ;
schema:acceptedAnswer :answer-52-D ;
schema:isPartOf :dataset .
:answer-52-A a schema:Answer ;
schema:position "A" ;
schema:text "Assessing likelihood and impact of each identified risk" ;
schema:isPartOf :question-52 .
:answer-52-B a schema:Answer ;
schema:position "B" ;
schema:text "Comparing risks to a pre-determined set of criteria" ;
schema:isPartOf :question-52 .
:answer-52-C a schema:Answer ;
schema:position "C" ;
schema:text "Consulting with industry experts to determine potential risks" ;
schema:isPartOf :question-52 .
:answer-52-D a schema:Answer ;
schema:position "D" ;
schema:text "Ignoring risks that have a low likelihood of occurrence" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-52 .
:question-53 a schema:Question ;
schema:name "Question 53" ;
schema:text "Risk analysis includes assessment of the impact the risk can have on the company and assessment of the likelihood that the identified risk could really happen. The assessment scale for the impact and the likelihood must vary between the values of 1 and 10." ;
schema:suggestedAnswer :answer-53-A ,
:answer-53-B ;
schema:acceptedAnswer :answer-53-B ;
schema:isPartOf :dataset .
:answer-53-A a schema:Answer ;
schema:position "A" ;
schema:text "Yes" ;
schema:isPartOf :question-53 .
:answer-53-B a schema:Answer ;
schema:position "B" ;
schema:text "No" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-53 .
:question-54 a schema:Question ;
schema:name "Question 54" ;
schema:text "During the risk evaluation process according to ISO 27001, which of the following is NOT a recommended approach for identifying potential risks?" ;
schema:suggestedAnswer :answer-54-A ,
:answer-54-B ,
:answer-54-C ,
:answer-54-D ;
schema:acceptedAnswer :answer-54-C ;
schema:isPartOf :dataset .
:answer-54-A a schema:Answer ;
schema:position "A" ;
schema:text "Reviewing past incidents and near-misses" ;
schema:isPartOf :question-54 .
:answer-54-B a schema:Answer ;
schema:position "B" ;
schema:text "Conducting a threat analysis" ;
schema:isPartOf :question-54 .
:answer-54-C a schema:Answer ;
schema:position "C" ;
schema:text "Implementing a new software system without testing" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-54 .
:answer-54-D a schema:Answer ;
schema:position "D" ;
schema:text "Consulting external experts and industry standards" ;
schema:isPartOf :question-54 .
:question-55 a schema:Question ;
schema:name "Question 55" ;
schema:text "After formulating a risk treatment plan, the Statement of Applicability must be documented." ;
schema:suggestedAnswer :answer-55-A ,
:answer-55-B ;
schema:acceptedAnswer :answer-55-B ;
schema:isPartOf :dataset .
:answer-55-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-55 .
:answer-55-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-55 .
:question-56 a schema:Question ;
schema:name "Question 56" ;
schema:text "The Statement of Applicability must include the following information:" ;
schema:suggestedAnswer :answer-56-A ,
:answer-56-B ,
:answer-56-C ,
:answer-56-D ;
schema:acceptedAnswer :answer-56-B ;
schema:isPartOf :dataset .
:answer-56-A a schema:Answer ;
schema:position "A" ;
schema:text "The risk treatment option associated with each control from Annex A and any additional controls that might be identified in the risk treatment process" ;
schema:isPartOf :question-56 .
:answer-56-B a schema:Answer ;
schema:position "B" ;
schema:text "Information regarding whether the listed controls are implemented in the organization" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-56 .
:answer-56-C a schema:Answer ;
schema:position "C" ;
schema:text "The risk owner" ;
schema:isPartOf :question-56 .
:answer-56-D a schema:Answer ;
schema:position "D" ;
schema:text "The value of the risk" ;
schema:isPartOf :question-56 .
:question-57 a schema:Question ;
schema:name "Question 57" ;
schema:text "Choose which of the following statements can be documented as results for the follow-up from the implementation of a control-card-controlled access to the server room:" ;
schema:suggestedAnswer :answer-57-A ,
:answer-57-B ,
:answer-57-C ,
:answer-57-D ;
schema:acceptedAnswer :answer-57-C ;
schema:isPartOf :dataset .
:answer-57-A a schema:Answer ;
schema:position "A" ;
schema:text "The internal audit is conducted" ;
schema:isPartOf :question-57 .
:answer-57-B a schema:Answer ;
schema:position "B" ;
schema:text "Half of the people who work in the server room are trained in the use of the card readers" ;
schema:isPartOf :question-57 .
:answer-57-C a schema:Answer ;
schema:position "C" ;
schema:text "Analysis of the log and the video surveillance show that the card- controlled access to the server room is very effective" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-57 .
:answer-57-D a schema:Answer ;
schema:position "D" ;
schema:text "Cheaper equipment for card-controlled access than the one implemented is available on the market" ;
schema:isPartOf :question-57 .
:question-58 a schema:Question ;
schema:name "Question 58" ;
schema:text "ISO 27001 requires that every aspect of the ISMS should be documented." ;
schema:suggestedAnswer :answer-58-A ,
:answer-58-B ;
schema:acceptedAnswer :answer-58-B ;
schema:isPartOf :dataset .
:answer-58-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-58 .
:answer-58-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-58 .
:question-59 a schema:Question ;
schema:name "Question 59" ;
schema:text "It is mandatory to change the ISMS documentation (modify, update, delete, add new documents, etc.) at least once per year:" ;
schema:suggestedAnswer :answer-59-A ,
:answer-59-B ;
schema:acceptedAnswer :answer-59-B ;
schema:isPartOf :dataset .
:answer-59-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-59 .
:answer-59-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-59 .
:question-60 a schema:Question ;
schema:name "Question 60" ;
schema:text "Companies that have implemented ISO 27001 are not allowed to outsource critical operations, because that can have a negative impact on the information security." ;
schema:suggestedAnswer :answer-60-A ,
:answer-60-B ;
schema:acceptedAnswer :answer-60-B ;
schema:isPartOf :dataset .
:answer-60-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-60 .
:answer-60-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-60 .
:question-61 a schema:Question ;
schema:name "Question 61" ;
schema:text "Changes in an organization can be planned and unplanned. Both types of changes should be controlled and their consequences reviewed." ;
schema:suggestedAnswer :answer-61-A ,
:answer-61-B ;
schema:acceptedAnswer :answer-61-A ;
schema:isPartOf :dataset .
:answer-61-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-61 .
:answer-61-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-61 .
:question-62 a schema:Question ;
schema:name "Question 62" ;
schema:text "According to you, which of the listed changes that can happen in a company may require conducting a re-assessment of risks?" ;
schema:suggestedAnswer :answer-62-A ,
:answer-62-B ,
:answer-62-C ,
:answer-62-D ;
schema:acceptedAnswer :answer-62-B ;
schema:isPartOf :dataset .
:answer-62-A a schema:Answer ;
schema:position "A" ;
schema:text "Hiring a new employee" ;
schema:isPartOf :question-62 .
:answer-62-B a schema:Answer ;
schema:position "B" ;
schema:text "Outsourcing the IT maintenance process to an IT company" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-62 .
:answer-62-C a schema:Answer ;
schema:position "C" ;
schema:text "Buying new furniture" ;
schema:isPartOf :question-62 .
:answer-62-D a schema:Answer ;
schema:position "D" ;
schema:text "Buying a new laptop for the office manager" ;
schema:isPartOf :question-62 .
:question-63 a schema:Question ;
schema:name "Question 63" ;
schema:text "What are the key components that should be included in the risk treatment plan, according to ISO 27001?" ;
schema:suggestedAnswer :answer-63-A ,
:answer-63-B ,
:answer-63-C ,
:answer-63-D ;
schema:acceptedAnswer :answer-63-B ;
schema:isPartOf :dataset .
:answer-63-A a schema:Answer ;
schema:position "A" ;
schema:text "The likelihood of the identified risks" ;
schema:isPartOf :question-63 .
:answer-63-B a schema:Answer ;
schema:position "B" ;
schema:text "The impact of the identified risks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-63 .
:answer-63-C a schema:Answer ;
schema:position "C" ;
schema:text "The proposed controls to mitigate the identified risks" ;
schema:isPartOf :question-63 .
:answer-63-D a schema:Answer ;
schema:position "D" ;
schema:text "The cost of implementing the proposed controls" ;
schema:isPartOf :question-63 .
:question-64 a schema:Question ;
schema:name "Question 64" ;
schema:text "In a scenario where a company is implementing an ISMS, what is the most important factor to consider when formulating a risk treatment plan according to ISO 27001?" ;
schema:suggestedAnswer :answer-64-A ,
:answer-64-B ,
:answer-64-C ,
:answer-64-D ;
schema:acceptedAnswer :answer-64-B ;
schema:isPartOf :dataset .
:answer-64-A a schema:Answer ;
schema:position "A" ;
schema:text "The cost of implementing the controls" ;
schema:isPartOf :question-64 .
:answer-64-B a schema:Answer ;
schema:position "B" ;
schema:text "The likelihood and potential impact of the identified risks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-64 .
:answer-64-C a schema:Answer ;
schema:position "C" ;
schema:text "The company's compliance with other regulatory standards" ;
schema:isPartOf :question-64 .
:answer-64-D a schema:Answer ;
schema:position "D" ;
schema:text "The ease of implementation for the IT department" ;
schema:isPartOf :question-64 .
:question-65 a schema:Question ;
schema:name "Question 65" ;
schema:text "A company is in the process of implementing the risk treatment plan identified during their risk assessment. Which of the following is the most important factor to consider when implementing controls to mitigate identified risks?" ;
schema:suggestedAnswer :answer-65-A ,
:answer-65-B ,
:answer-65-C ,
:answer-65-D ;
schema:acceptedAnswer :answer-65-C ;
schema:isPartOf :dataset .
:answer-65-A a schema:Answer ;
schema:position "A" ;
schema:text "The cost of the controls" ;
schema:isPartOf :question-65 .
:answer-65-B a schema:Answer ;
schema:position "B" ;
schema:text "The ease of implementing the controls" ;
schema:isPartOf :question-65 .
:answer-65-C a schema:Answer ;
schema:position "C" ;
schema:text "The effectiveness of the controls in mitigating the identified risks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-65 .
:answer-65-D a schema:Answer ;
schema:position "D" ;
schema:text "The ability to monitor and measure the controls" ;
schema:isPartOf :question-65 .
:question-66 a schema:Question ;
schema:name "Question 66" ;
schema:text "When implementing the information security risk treatment plan, one must:" ;
schema:suggestedAnswer :answer-66-A ,
:answer-66-B ,
:answer-66-C ,
:answer-66-D ;
schema:acceptedAnswer :answer-66-A ;
schema:isPartOf :dataset .
:answer-66-A a schema:Answer ;
schema:position "A" ;
schema:text "Take into consideration available resources" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-66 .
:answer-66-B a schema:Answer ;
schema:position "B" ;
schema:text "Document the information security risk treatment plan" ;
schema:isPartOf :question-66 .
:answer-66-C a schema:Answer ;
schema:position "C" ;
schema:text "Re-assess the risks" ;
schema:isPartOf :question-66 .
:answer-66-D a schema:Answer ;
schema:position "D" ;
schema:text "Implement all controls from Annex A" ;
schema:isPartOf :question-66 .
:question-67 a schema:Question ;
schema:name "Question 67" ;
schema:text "ISO 27001 requires companies to document the results of the risk treatment." ;
schema:suggestedAnswer :answer-67-A ,
:answer-67-B ;
schema:acceptedAnswer :answer-67-A ;
schema:isPartOf :dataset .
:answer-67-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-67 .
:answer-67-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-67 .
:question-68 a schema:Question ;
schema:name "Question 68" ;
schema:text "The Do phase moves companies from a stage where they plan information security to a stage where they implement information security and protect the information." ;
schema:suggestedAnswer :answer-68-A ,
:answer-68-B ;
schema:acceptedAnswer :answer-68-A ;
schema:isPartOf :dataset .
:answer-68-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-68 .
:answer-68-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-68 .
:question-69 a schema:Question ;
schema:name "Question 69" ;
schema:text "ISO 27001 requires the change management procedure to be documented." ;
schema:suggestedAnswer :answer-69-A ,
:answer-69-B ;
schema:acceptedAnswer :answer-69-B ;
schema:isPartOf :dataset .
:answer-69-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-69 .
:answer-69-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-69 .
:question-70 a schema:Question ;
schema:name "Question 70" ;
schema:text "Operating an Information Security Management System (ISMS) means:" ;
schema:suggestedAnswer :answer-70-A ,
:answer-70-B ,
:answer-70-C ,
:answer-70-D ;
schema:acceptedAnswer :answer-70-B ;
schema:isPartOf :dataset .
:answer-70-A a schema:Answer ;
schema:position "A" ;
schema:text "Auditing all of the activities described in the ISMS policies and procedures" ;
schema:isPartOf :question-70 .
:answer-70-B a schema:Answer ;
schema:position "B" ;
schema:text "Producing ISMS records" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-70 .
:answer-70-C a schema:Answer ;
schema:position "C" ;
schema:text "Certifying the ISMS" ;
schema:isPartOf :question-70 .
:answer-70-D a schema:Answer ;
schema:position "D" ;
schema:text "Maintaining highly detailed ISMS documentation" ;
schema:isPartOf :question-70 .
:question-71 a schema:Question ;
schema:name "Question 71" ;
schema:text "In a scenario where a company is undergoing an ISO 27001 certification audit, which of the following documents would the auditor typically request to review as part of the ISMS documentation requirement?" ;
schema:suggestedAnswer :answer-71-A ,
:answer-71-B ,
:answer-71-C ,
:answer-71-D ;
schema:acceptedAnswer :answer-71-C ;
schema:isPartOf :dataset .
:answer-71-A a schema:Answer ;
schema:position "A" ;
schema:text "Employee handbook" ;
schema:isPartOf :question-71 .
:answer-71-B a schema:Answer ;
schema:position "B" ;
schema:text "Emergency evacuation plan" ;
schema:isPartOf :question-71 .
:answer-71-C a schema:Answer ;
schema:position "C" ;
schema:text "Risk assessment report" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-71 .
:answer-71-D a schema:Answer ;
schema:position "D" ;
schema:text "Sales forecast" ;
schema:isPartOf :question-71 .
:question-72 a schema:Question ;
schema:name "Question 72" ;
schema:text "What is the main goal of control implementation in an ISMS according to ISO 27001?" ;
schema:suggestedAnswer :answer-72-A ,
:answer-72-B ,
:answer-72-C ,
:answer-72-D ;
schema:acceptedAnswer :answer-72-B ;
schema:isPartOf :dataset .
:answer-72-A a schema:Answer ;
schema:position "A" ;
schema:text "To ensure the ISMS is functioning properly" ;
schema:isPartOf :question-72 .
:answer-72-B a schema:Answer ;
schema:position "B" ;
schema:text "To protect the organization's assets" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-72 .
:answer-72-C a schema:Answer ;
schema:position "C" ;
schema:text "To meet regulatory compliance requirements" ;
schema:isPartOf :question-72 .
:answer-72-D a schema:Answer ;
schema:position "D" ;
schema:text "To improve the organization's overall efficiency" ;
schema:isPartOf :question-72 .
:question-73 a schema:Question ;
schema:name "Question 73" ;
schema:text "In a scenario where a company has recently implemented an ISMS based on ISO 27001, which of the following is the MOST important step in the ongoing monitoring and review process?" ;
schema:suggestedAnswer :answer-73-A ,
:answer-73-B ,
:answer-73-C ,
:answer-73-D ;
schema:acceptedAnswer :answer-73-A ;
schema:isPartOf :dataset .
:answer-73-A a schema:Answer ;
schema:position "A" ;
schema:text "Conducting regular internal audits" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-73 .
:answer-73-B a schema:Answer ;
schema:position "B" ;
schema:text "Implementing new controls as needed" ;
schema:isPartOf :question-73 .
:answer-73-C a schema:Answer ;
schema:position "C" ;
schema:text "Documenting all incidents and their resolutions" ;
schema:isPartOf :question-73 .
:answer-73-D a schema:Answer ;
schema:position "D" ;
schema:text "Evaluating the effectiveness of the ISMS on a yearly basis" ;
schema:isPartOf :question-73 .
:question-74 a schema:Question ;
schema:name "Question 74" ;
schema:text "In the event of a security incident at Company X, which of the following actions should be taken first according to ISO 27001 guidelines?" ;
schema:suggestedAnswer :answer-74-A ,
:answer-74-B ,
:answer-74-C ,
:answer-74-D ;
schema:acceptedAnswer :answer-74-D ;
schema:isPartOf :dataset .
:answer-74-A a schema:Answer ;
schema:position "A" ;
schema:text "Notify the affected parties and the public" ;
schema:isPartOf :question-74 .
:answer-74-B a schema:Answer ;
schema:position "B" ;
schema:text "Conduct a thorough investigation to determine the root cause" ;
schema:isPartOf :question-74 .
:answer-74-C a schema:Answer ;
schema:position "C" ;
schema:text "Report the incident to the relevant regulatory bodies" ;
schema:isPartOf :question-74 .
:answer-74-D a schema:Answer ;
schema:position "D" ;
schema:text "Implement temporary countermeasures to contain the incident" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-74 .
:question-75 a schema:Question ;
schema:name "Question 75" ;
schema:text "In XYZ Company, what is the recommended process for reporting and recording incidents according to ISO 27001 guidelines?" ;
schema:suggestedAnswer :answer-75-A ,
:answer-75-B ,
:answer-75-C ,
:answer-75-D ;
schema:acceptedAnswer :answer-75-C ;
schema:isPartOf :dataset .
:answer-75-A a schema:Answer ;
schema:position "A" ;
schema:text "Employees should report incidents to their immediate supervisor and the IT department" ;
schema:isPartOf :question-75 .
:answer-75-B a schema:Answer ;
schema:position "B" ;
schema:text "Incidents should only be reported to the IT department and not shared with any other department" ;
schema:isPartOf :question-75 .
:answer-75-C a schema:Answer ;
schema:position "C" ;
schema:text "Incidents should be reported to the IT department and the incident management team for further investigation" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-75 .
:answer-75-D a schema:Answer ;
schema:position "D" ;
schema:text "Incidents should be reported to the IT department and the senior management team for review and analysis" ;
schema:isPartOf :question-75 .
:question-76 a schema:Question ;
schema:name "Question 76" ;
schema:text "Which of the following is NOT a best practice for incident management according to ISO 27001:" ;
schema:suggestedAnswer :answer-76-A ,
:answer-76-B ,
:answer-76-C ,
:answer-76-D ;
schema:acceptedAnswer :answer-76-C ;
schema:isPartOf :dataset .
:answer-76-A a schema:Answer ;
schema:position "A" ;
schema:text "Assign a specific team member to be in charge of managing incidents" ;
schema:isPartOf :question-76 .
:answer-76-B a schema:Answer ;
schema:position "B" ;
schema:text "Immediately notify all employees of an incident as soon as it occurs" ;
schema:isPartOf :question-76 .
:answer-76-C a schema:Answer ;
schema:position "C" ;
schema:text "Wait to see if an incident resolves itself before taking any action" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-76 .
:answer-76-D a schema:Answer ;
schema:position "D" ;
schema:text "Document all incidents and their resolution in a centralized incident log" ;
schema:isPartOf :question-76 .
:question-77 a schema:Question ;
schema:name "Question 77" ;
schema:text "The purpose of the management review is to evaluate the results of the measurements and analyses and make crucial decisions." ;
schema:suggestedAnswer :answer-77-A ,
:answer-77-B ;
schema:acceptedAnswer :answer-77-B ;
schema:isPartOf :dataset .
:answer-77-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-77 .
:answer-77-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-77 .
:question-78 a schema:Question ;
schema:name "Question 78" ;
schema:text "A nonconformity is when a certain incident happens in the organization." ;
schema:suggestedAnswer :answer-78-A ,
:answer-78-B ;
schema:acceptedAnswer :answer-78-B ;
schema:isPartOf :dataset .
:answer-78-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-78 .
:answer-78-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-78 .
:question-79 a schema:Question ;
schema:name "Question 79" ;
schema:text "ISO 27001 requires companies to continually improve:" ;
schema:suggestedAnswer :answer-79-A ,
:answer-79-B ,
:answer-79-C ;
schema:acceptedAnswer :answer-79-B ;
schema:isPartOf :dataset .
:answer-79-A a schema:Answer ;
schema:position "A" ;
schema:text "The ISO 27001 standard by publishing new versions of the standard" ;
schema:isPartOf :question-79 .
:answer-79-B a schema:Answer ;
schema:position "B" ;
schema:text "The suitability, adequacy, and effectiveness of the Information Security Management System" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-79 .
:answer-79-C a schema:Answer ;
schema:position "C" ;
schema:text "The quality of the company’s services" ;
schema:isPartOf :question-79 .
:question-80 a schema:Question ;
schema:name "Question 80" ;
schema:text "ISO 27001 requires companies to evaluate the information security performance and effectiveness of the ISMS through:" ;
schema:suggestedAnswer :answer-80-A ,
:answer-80-B ,
:answer-80-C ,
:answer-80-D ;
schema:acceptedAnswer :answer-80-C ;
schema:isPartOf :dataset .
:answer-80-A a schema:Answer ;
schema:position "A" ;
schema:text "Mentoring" ;
schema:isPartOf :question-80 .
:answer-80-B a schema:Answer ;
schema:position "B" ;
schema:text "Awareness raising" ;
schema:isPartOf :question-80 .
:answer-80-C a schema:Answer ;
schema:position "C" ;
schema:text "Measuring" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-80 .
:answer-80-D a schema:Answer ;
schema:position "D" ;
schema:text "Implementation" ;
schema:isPartOf :question-80 .
:question-81 a schema:Question ;
schema:name "Question 81" ;
schema:text "As part of the process for evaluating the information security performance and effectiveness of the ISMS, ISO 27001 requires companies to:" ;
schema:suggestedAnswer :answer-81-A ,
:answer-81-B ,
:answer-81-C ,
:answer-81-D ;
schema:acceptedAnswer :answer-81-B ;
schema:isPartOf :dataset .
:answer-81-A a schema:Answer ;
schema:position "A" ;
schema:text "Monitor and measure the incident management process" ;
schema:isPartOf :question-81 .
:answer-81-B a schema:Answer ;
schema:position "B" ;
schema:text "Determine the methods for monitoring" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-81 .
:answer-81-C a schema:Answer ;
schema:position "C" ;
schema:text "Document a procedure for the evaluation of ISMS effectiveness" ;
schema:isPartOf :question-81 .
:answer-81-D a schema:Answer ;
schema:position "D" ;
schema:text "Nominate at least three responsible persons for conducting monitoring and measurements, so data tampering risk is reduced" ;
schema:isPartOf :question-81 .
:question-82 a schema:Question ;
schema:name "Question 82" ;
schema:text "The objective of the internal audit is to identify who is responsible for the information security problems in the organization." ;
schema:suggestedAnswer :answer-82-A ,
:answer-82-B ;
schema:acceptedAnswer :answer-82-B ;
schema:isPartOf :dataset .
:answer-82-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-82 .
:answer-82-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-82 .
:question-83 a schema:Question ;
schema:name "Question 83" ;
schema:text "ISO 27001 requires the top management to conduct management review meetings for reviewing the ISMS of the company." ;
schema:suggestedAnswer :answer-83-A ,
:answer-83-B ;
schema:acceptedAnswer :answer-83-B ;
schema:isPartOf :dataset .
:answer-83-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-83 .
:answer-83-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-83 .
:question-84 a schema:Question ;
schema:name "Question 84" ;
schema:text "In order for top management to review the suitability, adequacy, and effectiveness of the ISMS of the company, which one of the following aspects should be covered:" ;
schema:suggestedAnswer :answer-84-A ,
:answer-84-B ,
:answer-84-C ,
:answer-84-D ;
schema:acceptedAnswer :answer-84-A ;
schema:isPartOf :dataset .
:answer-84-A a schema:Answer ;
schema:position "A" ;
schema:text "Opportunities for improvement" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-84 .
:answer-84-B a schema:Answer ;
schema:position "B" ;
schema:text "Feedback from employees regarding the new cafeteria" ;
schema:isPartOf :question-84 .
:answer-84-C a schema:Answer ;
schema:position "C" ;
schema:text "An overview of the configuration parameters of the network router" ;
schema:isPartOf :question-84 .
:answer-84-D a schema:Answer ;
schema:position "D" ;
schema:text "The financial status of the company" ;
schema:isPartOf :question-84 .
:question-85 a schema:Question ;
schema:name "Question 85" ;
schema:text "In order to effectively monitor the performance and effectiveness of an ISMS, which of the following methods should be used according to ISO 27001?" ;
schema:suggestedAnswer :answer-85-A ,
:answer-85-B ,
:answer-85-C ,
:answer-85-D ;
schema:acceptedAnswer :answer-85-B ;
schema:isPartOf :dataset .
:answer-85-A a schema:Answer ;
schema:position "A" ;
schema:text "Surveys of employees" ;
schema:isPartOf :question-85 .
:answer-85-B a schema:Answer ;
schema:position "B" ;
schema:text "Review of security-related incidents and their causes" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-85 .
:answer-85-C a schema:Answer ;
schema:position "C" ;
schema:text "Analysis of ISMS-related costs and benefits" ;
schema:isPartOf :question-85 .
:answer-85-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isPartOf :question-85 .
:question-86 a schema:Question ;
schema:name "Question 86" ;
schema:text "What are the criteria to be used in an internal audit of an organization’s information security management system according to ISO 27001?" ;
schema:suggestedAnswer :answer-86-A ,
:answer-86-B ,
:answer-86-C ,
:answer-86-D ;
schema:acceptedAnswer :answer-86-A ;
schema:isPartOf :dataset .
:answer-86-A a schema:Answer ;
schema:position "A" ;
schema:text "Documentation, implementation, monitoring and review" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-86 .
:answer-86-B a schema:Answer ;
schema:position "B" ;
schema:text "Documentation, implementation and review" ;
schema:isPartOf :question-86 .
:answer-86-C a schema:Answer ;
schema:position "C" ;
schema:text "Documentation, implementation and maintenance" ;
schema:isPartOf :question-86 .
:answer-86-D a schema:Answer ;
schema:position "D" ;
schema:text "Documentation and review" ;
schema:isPartOf :question-86 .
:question-87 a schema:Question ;
schema:name "Question 87" ;
schema:text "What should an organization consider when carrying out an internal audit of its information security management system?" ;
schema:suggestedAnswer :answer-87-A ,
:answer-87-B ,
:answer-87-C ,
:answer-87-D ;
schema:acceptedAnswer :answer-87-D ;
schema:isPartOf :dataset .
:answer-87-A a schema:Answer ;
schema:position "A" ;
schema:text "Whether the system complies with the applicable laws and regulations" ;
schema:isPartOf :question-87 .
:answer-87-B a schema:Answer ;
schema:position "B" ;
schema:text "Whether the system is regularly monitored and updated" ;
schema:isPartOf :question-87 .
:answer-87-C a schema:Answer ;
schema:position "C" ;
schema:text "Whether the system is regularly tested" ;
schema:isPartOf :question-87 .
:answer-87-D a schema:Answer ;
schema:position "D" ;
schema:text "Whether the system meets the organization’s security objectives" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-87 .
:question-88 a schema:Question ;
schema:name "Question 88" ;
schema:text "What are the key components of an internal audit report according to ISO 27001?" ;
schema:suggestedAnswer :answer-88-A ,
:answer-88-B ,
:answer-88-C ,
:answer-88-D ,
:answer-88-E ;
schema:acceptedAnswer :answer-88-E ;
schema:isPartOf :dataset .
:answer-88-A a schema:Answer ;
schema:position "A" ;
schema:text "Audit objectives - this outlines the purpose of the audit, such as to evaluate the effectiveness of the organization's information security management system (ISMS)." ;
schema:isPartOf :question-88 .
:answer-88-B a schema:Answer ;
schema:position "B" ;
schema:text "Audit scope - this outlines the areas which were audited and any specific requirements that were not included in the scope." ;
schema:isPartOf :question-88 .
:answer-88-C a schema:Answer ;
schema:position "C" ;
schema:text "Audit findings - this outlines the issues identified during the audit and any recommendations for improvement." ;
schema:isPartOf :question-88 .
:answer-88-D a schema:Answer ;
schema:position "D" ;
schema:text "Audit conclusion - this is a summary of the audit findings and any recommendations for improvement." ;
schema:isPartOf :question-88 .
:answer-88-E a schema:Answer ;
schema:position "E" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-88 .
:question-89 a schema:Question ;
schema:name "Question 89" ;
schema:text "What is the purpose of an internal audit report according to ISO 27001?" ;
schema:suggestedAnswer :answer-89-A ,
:answer-89-B ,
:answer-89-C ,
:answer-89-D ;
schema:acceptedAnswer :answer-89-D ;
schema:isPartOf :dataset .
:answer-89-A a schema:Answer ;
schema:position "A" ;
schema:text "To evaluate the effectiveness of the organization's ISMS;" ;
schema:isPartOf :question-89 .
:answer-89-B a schema:Answer ;
schema:position "B" ;
schema:text "To identify any areas for improvement." ;
schema:isPartOf :question-89 .
:answer-89-C a schema:Answer ;
schema:position "C" ;
schema:text "To provide evidence of the organization's compliance with the standard." ;
schema:isPartOf :question-89 .
:answer-89-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-89 .
:question-90 a schema:Question ;
schema:name "Question 90" ;
schema:text "What are the three stages of a nonconformity according to ISO 27001?" ;
schema:suggestedAnswer :answer-90-A ,
:answer-90-B ,
:answer-90-C ,
:answer-90-D ;
schema:acceptedAnswer :answer-90-A ;
schema:isPartOf :dataset .
:answer-90-A a schema:Answer ;
schema:position "A" ;
schema:text "Identification, investigation, and resolution" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-90 .
:answer-90-B a schema:Answer ;
schema:position "B" ;
schema:text "Assessment, investigation, and corrective action" ;
schema:isPartOf :question-90 .
:answer-90-C a schema:Answer ;
schema:position "C" ;
schema:text "Assessment, correction, and closure" ;
schema:isPartOf :question-90 .
:answer-90-D a schema:Answer ;
schema:position "D" ;
schema:text "Identification, correction, and closure" ;
schema:isPartOf :question-90 .
:question-91 a schema:Question ;
schema:name "Question 91" ;
schema:text "What should an organization do when a nonconformity is identified?" ;
schema:suggestedAnswer :answer-91-A ,
:answer-91-B ,
:answer-91-C ,
:answer-91-D ;
schema:acceptedAnswer :answer-91-A ;
schema:isPartOf :dataset .
:answer-91-A a schema:Answer ;
schema:position "A" ;
schema:text "Investigate the nonconformity and implement corrective action" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-91 .
:answer-91-B a schema:Answer ;
schema:position "B" ;
schema:text "Investigate the nonconformity and report it" ;
schema:isPartOf :question-91 .
:answer-91-C a schema:Answer ;
schema:position "C" ;
schema:text "Identify the nonconformity and report it" ;
schema:isPartOf :question-91 .
:answer-91-D a schema:Answer ;
schema:position "D" ;
schema:text "Identify the nonconformity and implement corrective action" ;
schema:isPartOf :question-91 .
:question-92 a schema:Question ;
schema:name "Question 92" ;
schema:text "What are the four types of nonconformities associated with ISO 27001?" ;
schema:suggestedAnswer :answer-92-A ,
:answer-92-B ,
:answer-92-C ,
:answer-92-D ,
:answer-92-E ;
schema:acceptedAnswer :answer-92-E ;
schema:isPartOf :dataset .
:answer-92-A a schema:Answer ;
schema:position "A" ;
schema:text "Minor nonconformity: A minor nonconformity is a noncompliance with one or more requirements of the ISO 27001 standard that has no significant impact on the security of the system or the implementation of the ISMS." ;
schema:isPartOf :question-92 .
:answer-92-B a schema:Answer ;
schema:position "B" ;
schema:text "Major nonconformity: A major nonconformity is a noncompliance with one or more requirements of the ISO 27001 standard that has a significant impact on the security of the system or the implementation of the ISMS." ;
schema:isPartOf :question-92 .
:answer-92-C a schema:Answer ;
schema:position "C" ;
schema:text "Critical nonconformity: A critical nonconformity is a noncompliance with one or more requirements of the ISO 27001 standard that has a severe impact on the security of the system or the implementation of the ISMS." ;
schema:isPartOf :question-92 .
:answer-92-D a schema:Answer ;
schema:position "D" ;
schema:text "Observation: An observation is a noncompliance with one or more requirements of the ISO 27001 standard that does not have an impact on the security of the system or the implementation of the ISMS, but could lead to a nonconformity if it is not rectified." ;
schema:isPartOf :question-92 .
:answer-92-E a schema:Answer ;
schema:position "E" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-92 .
:question-93 a schema:Question ;
schema:name "Question 93" ;
schema:text "What are the necessary steps when responding to a corrective action request according to the ISO 27001 standard?" ;
schema:suggestedAnswer :answer-93-A ,
:answer-93-B ,
:answer-93-C ,
:answer-93-D ,
:answer-93-E ;
schema:acceptedAnswer :answer-93-E ;
schema:isPartOf :dataset .
:answer-93-A a schema:Answer ;
schema:position "A" ;
schema:text "Identify the root cause of the problem and take steps to address it." ;
schema:isPartOf :question-93 .
:answer-93-B a schema:Answer ;
schema:position "B" ;
schema:text "Document the corrective action taken to remedy the issue." ;
schema:isPartOf :question-93 .
:answer-93-C a schema:Answer ;
schema:position "C" ;
schema:text "Monitor and evaluate the effectiveness of the corrective action." ;
schema:isPartOf :question-93 .
:answer-93-D a schema:Answer ;
schema:position "D" ;
schema:text "Implement preventive measures to reduce the likelihood of recurrence." ;
schema:isPartOf :question-93 .
:answer-93-E a schema:Answer ;
schema:position "E" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-93 .
:question-94 a schema:Question ;
schema:name "Question 94" ;
schema:text "What is the best way to ensure continual improvement within the ISO 27001 framework?" ;
schema:suggestedAnswer :answer-94-A ,
:answer-94-B ,
:answer-94-C ,
:answer-94-D ;
schema:acceptedAnswer :answer-94-A ;
schema:isPartOf :dataset .
:answer-94-A a schema:Answer ;
schema:position "A" ;
schema:text "Regularly review and update the information security management system" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-94 .
:answer-94-B a schema:Answer ;
schema:position "B" ;
schema:text "Implement additional security controls" ;
schema:isPartOf :question-94 .
:answer-94-C a schema:Answer ;
schema:position "C" ;
schema:text "Monitor and audit the security system" ;
schema:isPartOf :question-94 .
:answer-94-D a schema:Answer ;
schema:position "D" ;
schema:text "Train employees on security policies" ;
schema:isPartOf :question-94 .
:question-95 a schema:Question ;
schema:name "Question 95" ;
schema:text "ISO 27001 requires the chief information security manager to be responsible for monitoring and measurement of the ISMS." ;
schema:suggestedAnswer :answer-95-A ,
:answer-95-B ;
schema:acceptedAnswer :answer-95-B ;
schema:isPartOf :dataset .
:answer-95-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-95 .
:answer-95-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-95 .
:question-96 a schema:Question ;
schema:name "Question 96" ;
schema:text "The main purpose of the internal audit is to help identify problems in the company and to identify who is responsible for those problems in order to initiate appropriate disciplinary actions." ;
schema:suggestedAnswer :answer-96-A ,
:answer-96-B ;
schema:acceptedAnswer :answer-96-B ;
schema:isPartOf :dataset .
:answer-96-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-96 .
:answer-96-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-96 .
:question-97 a schema:Question ;
schema:name "Question 97" ;
schema:text "All 93 controls listed in ISO 27001 Annex A must be implemented." ;
schema:suggestedAnswer :answer-97-A ,
:answer-97-B ;
schema:acceptedAnswer :answer-97-B ;
schema:isPartOf :dataset .
:answer-97-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-97 .
:answer-97-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-97 .
:question-98 a schema:Question ;
schema:name "Question 98" ;
schema:text "The purpose of the A.6 People controls section of Annex A is:" ;
schema:suggestedAnswer :answer-98-A ,
:answer-98-B ,
:answer-98-C ,
:answer-98-D ;
schema:acceptedAnswer :answer-98-C ;
schema:isPartOf :dataset .
:answer-98-A a schema:Answer ;
schema:position "A" ;
schema:text "To punish people who don’t follow the rules" ;
schema:isPartOf :question-98 .
:answer-98-B a schema:Answer ;
schema:position "B" ;
schema:text "To help the company to employ high-quality people" ;
schema:isPartOf :question-98 .
:answer-98-C a schema:Answer ;
schema:position "C" ;
schema:text "To ensure that people working under the company understand and fulfill their information security responsibilities" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-98 .
:answer-98-D a schema:Answer ;
schema:position "D" ;
schema:text "To prevent information disclosure by employees" ;
schema:isPartOf :question-98 .
:question-99 a schema:Question ;
schema:name "Question 99" ;
schema:text "Which of the following information security controls represent physical security controls?" ;
schema:suggestedAnswer :answer-99-A ,
:answer-99-B ,
:answer-99-C ,
:answer-99-D ;
schema:acceptedAnswer :answer-99-C ;
schema:isPartOf :dataset .
:answer-99-A a schema:Answer ;
schema:position "A" ;
schema:text "Public and private encryption keys" ;
schema:isPartOf :question-99 .
:answer-99-B a schema:Answer ;
schema:position "B" ;
schema:text "Ensuring the proper return of assets" ;
schema:isPartOf :question-99 .
:answer-99-C a schema:Answer ;
schema:position "C" ;
schema:text "Securing equipment against theft when used outside of offices" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-99 .
:answer-99-D a schema:Answer ;
schema:position "D" ;
schema:text "Defining guidelines for classification of information" ;
schema:isPartOf :question-99 .
:question-100 a schema:Question ;
schema:name "Question 100" ;
schema:text "The technological controls from ISO 27001 Annex A are focused on the direct protection of data and information systems used." ;
schema:suggestedAnswer :answer-100-A ,
:answer-100-B ;
schema:acceptedAnswer :answer-100-A ;
schema:isPartOf :dataset .
:answer-100-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-100 .
:answer-100-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-100 .
:question-101 a schema:Question ;
schema:name "Question 101" ;
schema:text "To ensure that information security is integrated into the new information systems, companies should conduct the following activities:" ;
schema:suggestedAnswer :answer-101-A ,
:answer-101-B ,
:answer-101-C ,
:answer-101-D ;
schema:acceptedAnswer :answer-101-A ;
schema:isPartOf :dataset .
:answer-101-A a schema:Answer ;
schema:position "A" ;
schema:text "Test the security features of the new systems" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-101 .
:answer-101-B a schema:Answer ;
schema:position "B" ;
schema:text "Document a Change Management Policy" ;
schema:isPartOf :question-101 .
:answer-101-C a schema:Answer ;
schema:position "C" ;
schema:text "Make updates on information systems as soon as vulnerabilities are identified" ;
schema:isPartOf :question-101 .
:answer-101-D a schema:Answer ;
schema:position "D" ;
schema:text "Identifying information security requirements for application services transactions is the job of the company that produces the information system, not the company that buys it" ;
schema:isPartOf :question-101 .
:question-102 a schema:Question ;
schema:name "Question 102" ;
schema:text "Technological controls from ISO 27001 Annex A are those controls that are essential for ensuring secure operations of the IT infrastructure of the company." ;
schema:suggestedAnswer :answer-102-A ,
:answer-102-B ;
schema:acceptedAnswer :answer-102-A ;
schema:isPartOf :dataset .
:answer-102-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-102 .
:answer-102-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-102 .
:question-103 a schema:Question ;
schema:name "Question 103" ;
schema:text "Information security should be addressed in every project, regardless of its type." ;
schema:suggestedAnswer :answer-103-A ,
:answer-103-B ;
schema:acceptedAnswer :answer-103-A ;
schema:isPartOf :dataset .
:answer-103-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-103 .
:answer-103-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-103 .
:question-104 a schema:Question ;
schema:name "Question 104" ;
schema:text "According to ISO 27001, Annex A, information and assets should be managed by:" ;
schema:suggestedAnswer :answer-104-A ,
:answer-104-B ,
:answer-104-C ,
:answer-104-D ;
schema:acceptedAnswer :answer-104-B ;
schema:isPartOf :dataset .
:answer-104-A a schema:Answer ;
schema:position "A" ;
schema:text "Defining a classification framework considering the levels Public, Internal, Confidential, and Top Secret" ;
schema:isPartOf :question-104 .
:answer-104-B a schema:Answer ;
schema:position "B" ;
schema:text "Defining expected behavior on the use of assets" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-104 .
:answer-104-C a schema:Answer ;
schema:position "C" ;
schema:text "Implementing an asset management software" ;
schema:isPartOf :question-104 .
:answer-104-D a schema:Answer ;
schema:position "D" ;
schema:text "By ensuring the former employee signs the Return of Asset form when leaving the organization" ;
schema:isPartOf :question-104 .
:question-105 a schema:Question ;
schema:name "Question 105" ;
schema:text "According to ISO 27001, Annex A, operational security should be managed by:" ;
schema:suggestedAnswer :answer-105-A ,
:answer-105-B ,
:answer-105-C ,
:answer-105-D ;
schema:acceptedAnswer :answer-105-B ;
schema:isPartOf :dataset .
:answer-105-A a schema:Answer ;
schema:position "A" ;
schema:text "Defining rules that will forbid access by third parties" ;
schema:isPartOf :question-105 .
:answer-105-B a schema:Answer ;
schema:position "B" ;
schema:text "Defining how information can be transferred between organizations" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-105 .
:answer-105-C a schema:Answer ;
schema:position "C" ;
schema:text "Documenting procedures focusing only on employees from the IT department" ;
schema:isPartOf :question-105 .
:answer-105-D a schema:Answer ;
schema:position "D" ;
schema:text "Having security documents not related to regular IT processes" ;
schema:isPartOf :question-105 .
:question-106 a schema:Question ;
schema:name "Question 106" ;
schema:text "Security requirements can be agreed upon verbally with suppliers." ;
schema:suggestedAnswer :answer-106-A ,
:answer-106-B ;
schema:acceptedAnswer :answer-106-B ;
schema:isPartOf :dataset .
:answer-106-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-106 .
:answer-106-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-106 .
:question-107 a schema:Question ;
schema:name "Question 107" ;
schema:text "Management of information security incidents includes learning from the incidents." ;
schema:suggestedAnswer :answer-107-A ,
:answer-107-B ;
schema:acceptedAnswer :answer-107-A ;
schema:isPartOf :dataset .
:answer-107-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-107 .
:answer-107-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-107 .
:question-108 a schema:Question ;
schema:name "Question 108" ;
schema:text "The controls related to compliance are focused primarily on avoiding breaches of intellectual property rights." ;
schema:suggestedAnswer :answer-108-A ,
:answer-108-B ;
schema:acceptedAnswer :answer-108-B ;
schema:isPartOf :dataset .
:answer-108-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-108 .
:answer-108-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-108 .
:question-109 a schema:Question ;
schema:name "Question 109" ;
schema:text "Controls related to information security policies require documenting a set of policies for defining information security rules. These policies are:" ;
schema:suggestedAnswer :answer-109-A ,
:answer-109-B ,
:answer-109-C ,
:answer-109-D ;
schema:acceptedAnswer :answer-109-C ;
schema:isPartOf :dataset .
:answer-109-A a schema:Answer ;
schema:position "A" ;
schema:text "High-level policies that set the basic approach of the company for information security" ;
schema:isPartOf :question-109 .
:answer-109-B a schema:Answer ;
schema:position "B" ;
schema:text "Mandatory" ;
schema:isPartOf :question-109 .
:answer-109-C a schema:Answer ;
schema:position "C" ;
schema:text "Topic-specific policies" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-109 .
:answer-109-D a schema:Answer ;
schema:position "D" ;
schema:text "Updated at least once per year" ;
schema:isPartOf :question-109 .
:question-110 a schema:Question ;
schema:name "Question 110" ;
schema:text "The physical controls from section A.7 cover two sub-topics: controls for securing the area, and controls for securing the equipment." ;
schema:suggestedAnswer :answer-110-A ,
:answer-110-B ;
schema:acceptedAnswer :answer-110-A ;
schema:isPartOf :dataset .
:answer-110-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-110 .
:answer-110-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-110 .
:question-111 a schema:Question ;
schema:name "Question 111" ;
schema:text "Section A.5 Organizational controls requires documenting operational procedures that will be available to everyone in the organization who needs them." ;
schema:suggestedAnswer :answer-111-A ,
:answer-111-B ;
schema:acceptedAnswer :answer-111-A ;
schema:isPartOf :dataset .
:answer-111-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-111 .
:answer-111-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-111 .
:question-112 a schema:Question ;
schema:name "Question 112" ;
schema:text "Section A.6 People controls aims to ensure that people are aware of their responsibilities regarding information security, have the necessary training, and will take proper measures to protect the information." ;
schema:suggestedAnswer :answer-112-A ,
:answer-112-B ;
schema:acceptedAnswer :answer-112-A ;
schema:isPartOf :dataset .
:answer-112-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-112 .
:answer-112-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-112 .
:question-113 a schema:Question ;
schema:name "Question 113" ;
schema:text "Section A.5 defines controls related to supplier management. These controls aim:" ;
schema:suggestedAnswer :answer-113-A ,
:answer-113-B ,
:answer-113-C ,
:answer-113-D ;
schema:acceptedAnswer :answer-113-C ;
schema:isPartOf :dataset .
:answer-113-A a schema:Answer ;
schema:position "A" ;
schema:text "To ensure that failure to deliver reports as defined in agreements’ clauses is properly handled" ;
schema:isPartOf :question-113 .
:answer-113-B a schema:Answer ;
schema:position "B" ;
schema:text "To ensure that suppliers exceed the agreed levels of performance" ;
schema:isPartOf :question-113 .
:answer-113-C a schema:Answer ;
schema:position "C" ;
schema:text "To ensure that controls to treat risks related to suppliers are properly identified, agreed, monitored, and reviewed" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-113 .
:answer-113-D a schema:Answer ;
schema:position "D" ;
schema:text "To force suppliers to pay out damages that are incurred as a consequence of incidents" ;
schema:isPartOf :question-113 .
:question-114 a schema:Question ;
schema:name "Question 114" ;
schema:text "What is the purpose of people controls in ISO 27001?" ;
schema:suggestedAnswer :answer-114-A ,
:answer-114-B ,
:answer-114-C ,
:answer-114-D ;
schema:acceptedAnswer :answer-114-A ;
schema:isPartOf :dataset .
:answer-114-A a schema:Answer ;
schema:position "A" ;
schema:text "To ensure that only authorized individuals have access to sensitive information" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-114 .
:answer-114-B a schema:Answer ;
schema:position "B" ;
schema:text "To track the amount of time employees spend on specific tasks" ;
schema:isPartOf :question-114 .
:answer-114-C a schema:Answer ;
schema:position "C" ;
schema:text "To monitor employee internet usage" ;
schema:isPartOf :question-114 .
:answer-114-D a schema:Answer ;
schema:position "D" ;
schema:text "To implement background checks for new hires" ;
schema:isPartOf :question-114 .
:question-115 a schema:Question ;
schema:name "Question 115" ;
schema:text "Which of the following is considered a physical control in an ISO 27001 compliant environment?" ;
schema:suggestedAnswer :answer-115-A ,
:answer-115-B ,
:answer-115-C ,
:answer-115-D ;
schema:acceptedAnswer :answer-115-C ;
schema:isPartOf :dataset .
:answer-115-A a schema:Answer ;
schema:position "A" ;
schema:text "Employee background checks" ;
schema:isPartOf :question-115 .
:answer-115-B a schema:Answer ;
schema:position "B" ;
schema:text "Firewall implementation" ;
schema:isPartOf :question-115 .
:answer-115-C a schema:Answer ;
schema:position "C" ;
schema:text "Biometric access controls" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-115 .
:answer-115-D a schema:Answer ;
schema:position "D" ;
schema:text "Encryption of sensitive data" ;
schema:isPartOf :question-115 .
:question-116 a schema:Question ;
schema:name "Question 116" ;
schema:text "A company is concerned about the security of their data center. Which of the following is a physical control that can be implemented to secure the data center?" ;
schema:suggestedAnswer :answer-116-A ,
:answer-116-B ,
:answer-116-C ,
:answer-116-D ;
schema:acceptedAnswer :answer-116-B ;
schema:isPartOf :dataset .
:answer-116-A a schema:Answer ;
schema:position "A" ;
schema:text "Employee background checks" ;
schema:isPartOf :question-116 .
:answer-116-B a schema:Answer ;
schema:position "B" ;
schema:text "Fire suppression system" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-116 .
:answer-116-C a schema:Answer ;
schema:position "C" ;
schema:text "Access controls on network devices" ;
schema:isPartOf :question-116 .
:answer-116-D a schema:Answer ;
schema:position "D" ;
schema:text "Anti-virus software" ;
schema:isPartOf :question-116 .
:question-117 a schema:Question ;
schema:name "Question 117" ;
schema:text "Which of the following is an example of a technological control that can be implemented to protect an organization's information assets according to ISO 27001?" ;
schema:suggestedAnswer :answer-117-A ,
:answer-117-B ,
:answer-117-C ,
:answer-117-D ;
schema:acceptedAnswer :answer-117-C ;
schema:isPartOf :dataset .
:answer-117-A a schema:Answer ;
schema:position "A" ;
schema:text "Security cameras" ;
schema:isPartOf :question-117 .
:answer-117-B a schema:Answer ;
schema:position "B" ;
schema:text "Background checks on employees" ;
schema:isPartOf :question-117 .
:answer-117-C a schema:Answer ;
schema:position "C" ;
schema:text "Firewall" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-117 .
:answer-117-D a schema:Answer ;
schema:position "D" ;
schema:text "Regularly scheduled employee trainings" ;
schema:isPartOf :question-117 .
:question-118 a schema:Question ;
schema:name "Question 118" ;
schema:text "An organization is concerned about unauthorized access to their network. Which of the following would be considered a technological control to mitigate this risk?" ;
schema:suggestedAnswer :answer-118-A ,
:answer-118-B ,
:answer-118-C ;
schema:acceptedAnswer :answer-118-B ;
schema:isPartOf :dataset .
:answer-118-A a schema:Answer ;
schema:position "A" ;
schema:text "Background checks for employees" ;
schema:isPartOf :question-118 .
:answer-118-B a schema:Answer ;
schema:position "B" ;
schema:text "Installing a firewall" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-118 .
:answer-118-C a schema:Answer ;
schema:position "C" ;
schema:text "Conducting regular security training for employees" ;
schema:isPartOf :question-118 .
:question-119 a schema:Question ;
schema:name "Question 119" ;
schema:text "What is an example of an organizational control in accordance with ISO 27001?" ;
schema:suggestedAnswer :answer-119-A ,
:answer-119-B ,
:answer-119-C ,
:answer-119-D ;
schema:acceptedAnswer :answer-119-B ;
schema:isPartOf :dataset .
:answer-119-A a schema:Answer ;
schema:position "A" ;
schema:text "Encryption of sensitive data" ;
schema:isPartOf :question-119 .
:answer-119-B a schema:Answer ;
schema:position "B" ;
schema:text "Background checks for new employees" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-119 .
:answer-119-C a schema:Answer ;
schema:position "C" ;
schema:text "Regularly scheduled backups of important data" ;
schema:isPartOf :question-119 .
:answer-119-D a schema:Answer ;
schema:position "D" ;
schema:text "Installation of firewalls on network devices" ;
schema:isPartOf :question-119 .
:question-120 a schema:Question ;
schema:name "Question 120" ;
schema:text "In ISO/IEC 27000:2018 what is \"fulfilment of a requirement\"?" ;
schema:suggestedAnswer :answer-120-A ,
:answer-120-B ;
schema:acceptedAnswer :answer-120-A ;
schema:isPartOf :dataset .
:answer-120-A a schema:Answer ;
schema:position "A" ;
schema:text "Conformity" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-120 .
:answer-120-B a schema:Answer ;
schema:position "B" ;
schema:text "Compliance" ;
schema:isPartOf :question-120 .
:question-121 a schema:Question ;
schema:name "Question 121" ;
schema:text "ISO/IEC 27001:2022 requires which of the following to be documented (in Clause 6)? Select as many as you think apply" ;
schema:suggestedAnswer :answer-121-A ,
:answer-121-B ;
schema:acceptedAnswer :answer-121-B ;
schema:isPartOf :dataset .
:answer-121-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk assessment" ;
schema:isPartOf :question-121 .
:answer-121-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk treatment" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-121 .
:question-122 a schema:Question ;
schema:name "Question 122" ;
schema:text "Where in the standard will you find a reference for controls?" ;
schema:suggestedAnswer :answer-122-A ,
:answer-122-B ,
:answer-122-C ;
schema:acceptedAnswer :answer-122-B ;
schema:isPartOf :dataset .
:answer-122-A a schema:Answer ;
schema:position "A" ;
schema:text "Clause 9 Performance evaluation" ;
schema:isPartOf :question-122 .
:answer-122-B a schema:Answer ;
schema:position "B" ;
schema:text "Annex A" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-122 .
:answer-122-C a schema:Answer ;
schema:position "C" ;
schema:text "Annex SL" ;
schema:isPartOf :question-122 .
:question-123 a schema:Question ;
schema:name "Question 123" ;
schema:text "ISO/IEC 27001:2022 requires defined rules for which of the following? Select as many as you think apply" ;
schema:suggestedAnswer :answer-123-A ,
:answer-123-B ;
schema:acceptedAnswer :answer-123-A ;
schema:isPartOf :dataset .
:answer-123-A a schema:Answer ;
schema:position "A" ;
schema:text "Clear desk" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-123 .
:answer-123-B a schema:Answer ;
schema:position "B" ;
schema:text "Clear screen" ;
schema:isPartOf :question-123 .
:question-124 a schema:Question ;
schema:name "Question 124" ;
schema:text "\"ISO/IEC 27001:2022 uses the same Annex SL 10-clause framework as ISO 9001:2015 and ISO 14001:2015.\" Is this statement 'true' or 'false'?" ;
schema:suggestedAnswer :answer-124-A ,
:answer-124-B ;
schema:acceptedAnswer :answer-124-A ;
schema:isPartOf :dataset .
:answer-124-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-124 .
:answer-124-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-124 .
:question-125 a schema:Question ;
schema:name "Question 125" ;
schema:text "Where would you find the Terms and Definitions for ISO/IEC 27001:2022?" ;
schema:suggestedAnswer :answer-125-A ,
:answer-125-B ,
:answer-125-C ;
schema:acceptedAnswer :answer-125-A ;
schema:isPartOf :dataset .
:answer-125-A a schema:Answer ;
schema:position "A" ;
schema:text "ISO 27000" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-125 .
:answer-125-B a schema:Answer ;
schema:position "B" ;
schema:text "ISO 9000" ;
schema:isPartOf :question-125 .
:answer-125-C a schema:Answer ;
schema:position "C" ;
schema:text "Oxford English Dictionary" ;
schema:isPartOf :question-125 .
:question-126 a schema:Question ;
schema:name "Question 126" ;
schema:text "\"The scope [of the management system] shall be available as documented information\"." ;
schema:suggestedAnswer :answer-126-A ,
:answer-126-B ;
schema:acceptedAnswer :answer-126-A ;
schema:isPartOf :dataset .
:answer-126-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-126 .
:answer-126-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isPartOf :question-126 .
:question-127 a schema:Question ;
schema:name "Question 127" ;
schema:text "What does the C in the CIA of Information Security stand for?" ;
schema:suggestedAnswer :answer-127-A ,
:answer-127-B ,
:answer-127-C ;
schema:acceptedAnswer :answer-127-A ;
schema:isPartOf :dataset .
:answer-127-A a schema:Answer ;
schema:position "A" ;
schema:text "Confidentiality" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-127 .
:answer-127-B a schema:Answer ;
schema:position "B" ;
schema:text "Context" ;
schema:isPartOf :question-127 .
:answer-127-C a schema:Answer ;
schema:position "C" ;
schema:text "Conformity" ;
schema:isPartOf :question-127 .
:question-128 a schema:Question ;
schema:name "Question 128" ;
schema:text "With regards to the controls, what must the organisation produce?" ;
schema:suggestedAnswer :answer-128-A ,
:answer-128-B ,
:answer-128-C ;
schema:acceptedAnswer :answer-128-A ;
schema:isPartOf :dataset .
:answer-128-A a schema:Answer ;
schema:position "A" ;
schema:text "Statement of applicability" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-128 .
:answer-128-B a schema:Answer ;
schema:position "B" ;
schema:text "Statement of implementation" ;
schema:isPartOf :question-128 .
:answer-128-C a schema:Answer ;
schema:position "C" ;
schema:text "Statement of control" ;
schema:isPartOf :question-128 .
:question-129 a schema:Question ;
schema:name "Question 129" ;
schema:text "ISO/IEC 27001:2022 is focussed solely on the protection of personal information." ;
schema:suggestedAnswer :answer-129-A ,
:answer-129-B ;
schema:acceptedAnswer :answer-129-B ;
schema:isPartOf :dataset .
:answer-129-A a schema:Answer ;
schema:position "A" ;
schema:text "True" ;
schema:isPartOf :question-129 .
:answer-129-B a schema:Answer ;
schema:position "B" ;
schema:text "False" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-129 .
:question-130 a schema:Question ;
schema:name "Question 130" ;
schema:text "Fundamentals and Context of ISO 27001:2022 - Which of the following is NOT a key characteristic of information security according to ISO 27001?" ;
schema:suggestedAnswer :answer-130-A ,
:answer-130-B ,
:answer-130-C ,
:answer-130-D ;
schema:acceptedAnswer :answer-130-D ;
schema:isPartOf :dataset .
:answer-130-A a schema:Answer ;
schema:position "A" ;
schema:text "Confidentiality" ;
schema:isPartOf :question-130 .
:answer-130-B a schema:Answer ;
schema:position "B" ;
schema:text "Integrity" ;
schema:isPartOf :question-130 .
:answer-130-C a schema:Answer ;
schema:position "C" ;
schema:text "Availability" ;
schema:isPartOf :question-130 .
:answer-130-D a schema:Answer ;
schema:position "D" ;
schema:text "Profitability" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-130 .
:question-131 a schema:Question ;
schema:name "Question 131" ;
schema:text "Planning the ISMS - The primary objective of an information security risk assessment is to:" ;
schema:suggestedAnswer :answer-131-A ,
:answer-131-B ,
:answer-131-C ,
:answer-131-D ;
schema:acceptedAnswer :answer-131-B ;
schema:isPartOf :dataset .
:answer-131-A a schema:Answer ;
schema:position "A" ;
schema:text "Eliminate all information security risks." ;
schema:isPartOf :question-131 .
:answer-131-B a schema:Answer ;
schema:position "B" ;
schema:text "Identify, analyze, and evaluate information security risks." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-131 .
:answer-131-C a schema:Answer ;
schema:position "C" ;
schema:text "Implement security controls." ;
schema:isPartOf :question-131 .
:answer-131-D a schema:Answer ;
schema:position "D" ;
schema:text "Achieve ISO 27001 certification." ;
schema:isPartOf :question-131 .
:question-132 a schema:Question ;
schema:name "Question 132" ;
schema:text "Planning the ISMS - When establishing the ISMS scope, it is crucial to:" ;
schema:suggestedAnswer :answer-132-A ,
:answer-132-B ,
:answer-132-C ,
:answer-132-D ;
schema:acceptedAnswer :answer-132-B ;
schema:isPartOf :dataset .
:answer-132-A a schema:Answer ;
schema:position "A" ;
schema:text "Make it as broad as possible to cover all potential risks." ;
schema:isPartOf :question-132 .
:answer-132-B a schema:Answer ;
schema:position "B" ;
schema:text "Define clear boundaries and limitations of the ISMS." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-132 .
:answer-132-C a schema:Answer ;
schema:position "C" ;
schema:text "Focus only on IT infrastructure." ;
schema:isPartOf :question-132 .
:answer-132-D a schema:Answer ;
schema:position "D" ;
schema:text "Exclude any areas that are difficult to manage." ;
schema:isPartOf :question-132 .
:question-133 a schema:Question ;
schema:name "Question 133" ;
schema:text "Planning the ISMS - The 'Statement of Applicability' (So" ;
schema:suggestedAnswer :answer-133-A ,
:answer-133-B ,
:answer-133-C ,
:answer-133-D ;
schema:acceptedAnswer :answer-133-B ;
schema:isPartOf :dataset .
:answer-133-A a schema:Answer ;
schema:position "A" ;
schema:text "Lists all mandatory controls from Annex A that must be implemented." ;
schema:isPartOf :question-133 .
:answer-133-B a schema:Answer ;
schema:position "B" ;
schema:text "Documents the selected controls from Annex A and justifies their inclusion or exclusion." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-133 .
:answer-133-C a schema:Answer ;
schema:position "C" ;
schema:text "Is a summary of the risk assessment report." ;
schema:isPartOf :question-133 .
:answer-133-D a schema:Answer ;
schema:position "D" ;
schema:text "Is only required for organizations seeking certification." ;
schema:isPartOf :question-133 .
:question-134 a schema:Question ;
schema:name "Question 134" ;
schema:text "Support and Operation of the ISMS - Documented information in ISO 27001:2022 includes:" ;
schema:suggestedAnswer :answer-134-A ,
:answer-134-B ,
:answer-134-C ,
:answer-134-D ;
schema:acceptedAnswer :answer-134-B ;
schema:isPartOf :dataset .
:answer-134-A a schema:Answer ;
schema:position "A" ;
schema:text "Only policies and procedures." ;
schema:isPartOf :question-134 .
:answer-134-B a schema:Answer ;
schema:position "B" ;
schema:text "Any information required to be controlled and maintained by the organization and the standard." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-134 .
:answer-134-C a schema:Answer ;
schema:position "C" ;
schema:text "Only electronic documents." ;
schema:isPartOf :question-134 .
:answer-134-D a schema:Answer ;
schema:position "D" ;
schema:text "Only paper-based documents." ;
schema:isPartOf :question-134 .
:question-135 a schema:Question ;
schema:name "Question 135" ;
schema:text "Performance Evaluation and Improvement - Internal audits of the ISMS are conducted to:" ;
schema:suggestedAnswer :answer-135-A ,
:answer-135-B ,
:answer-135-C ,
:answer-135-D ;
schema:acceptedAnswer :answer-135-B ;
schema:isPartOf :dataset .
:answer-135-A a schema:Answer ;
schema:position "A" ;
schema:text "Identify all security vulnerabilities." ;
schema:isPartOf :question-135 .
:answer-135-B a schema:Answer ;
schema:position "B" ;
schema:text "Verify whether the ISMS conforms to the organization's own requirements and the requirements of ISO 27001:2022." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-135 .
:answer-135-C a schema:Answer ;
schema:position "C" ;
schema:text "Replace external certification audits." ;
schema:isPartOf :question-135 .
:answer-135-D a schema:Answer ;
schema:position "D" ;
schema:text "Punish employees who violate security policies." ;
schema:isPartOf :question-135 .
:question-136 a schema:Question ;
schema:name "Question 136" ;
schema:text "Performance Evaluation and Improvement - Management review of the ISMS should be conducted at planned intervals to:" ;
schema:suggestedAnswer :answer-136-A ,
:answer-136-B ,
:answer-136-C ,
:answer-136-D ;
schema:acceptedAnswer :answer-136-B ;
schema:isPartOf :dataset .
:answer-136-A a schema:Answer ;
schema:position "A" ;
schema:text "Only review incident reports." ;
schema:isPartOf :question-136 .
:answer-136-B a schema:Answer ;
schema:position "B" ;
schema:text "Ensure the continuing suitability, adequacy, and effectiveness of the ISMS." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-136 .
:answer-136-C a schema:Answer ;
schema:position "C" ;
schema:text "Prepare for external certification audits." ;
schema:isPartOf :question-136 .
:answer-136-D a schema:Answer ;
schema:position "D" ;
schema:text "Only focus on financial aspects of the ISMS." ;
schema:isPartOf :question-136 .
:question-137 a schema:Question ;
schema:name "Question 137" ;
schema:text "Performance Evaluation and Improvement - Continual improvement of the ISMS is a:" ;
schema:suggestedAnswer :answer-137-A ,
:answer-137-B ,
:answer-137-C ,
:answer-137-D ;
schema:acceptedAnswer :answer-137-B ;
schema:isPartOf :dataset .
:answer-137-A a schema:Answer ;
schema:position "A" ;
schema:text "One-time project at the start of implementation." ;
schema:isPartOf :question-137 .
:answer-137-B a schema:Answer ;
schema:position "B" ;
schema:text "Recurring activity to enhance the suitability, adequacy, and effectiveness of the ISMS." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-137 .
:answer-137-C a schema:Answer ;
schema:position "C" ;
schema:text "Optional activity after achieving certification." ;
schema:isPartOf :question-137 .
:answer-137-D a schema:Answer ;
schema:position "D" ;
schema:text "Focus solely on technological upgrades." ;
schema:isPartOf :question-137 .
:question-138 a schema:Question ;
schema:name "Question 138" ;
schema:text "Annex A Controls (High-Level Understanding) - Annex A of ISO 27001:2022 provides:" ;
schema:suggestedAnswer :answer-138-A ,
:answer-138-B ,
:answer-138-C ,
:answer-138-D ;
schema:acceptedAnswer :answer-138-B ;
schema:isPartOf :dataset .
:answer-138-A a schema:Answer ;
schema:position "A" ;
schema:text "Mandatory security controls that all organizations must implement." ;
schema:isPartOf :question-138 .
:answer-138-B a schema:Answer ;
schema:position "B" ;
schema:text "A comprehensive list of information security controls and control objectives, serving as a reference set." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-138 .
:answer-138-C a schema:Answer ;
schema:position "C" ;
schema:text "Specific technical configurations for security technologies." ;
schema:isPartOf :question-138 .
:answer-138-D a schema:Answer ;
schema:position "D" ;
schema:text "A detailed risk assessment methodology." ;
schema:isPartOf :question-138 .
:question-139 a schema:Question ;
schema:name "Question 139" ;
schema:text "Annex A Controls (High-Level Understanding) - An example of a 'Technological control' from Annex A is:" ;
schema:suggestedAnswer :answer-139-A ,
:answer-139-B ,
:answer-139-C ,
:answer-139-D ;
schema:acceptedAnswer :answer-139-B ;
schema:isPartOf :dataset .
:answer-139-A a schema:Answer ;
schema:position "A" ;
schema:text "Background checks of employees." ;
schema:isPartOf :question-139 .
:answer-139-B a schema:Answer ;
schema:position "B" ;
schema:text "Intrusion detection systems." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-139 .
:answer-139-C a schema:Answer ;
schema:position "C" ;
schema:text "Security awareness training." ;
schema:isPartOf :question-139 .
:answer-139-D a schema:Answer ;
schema:position "D" ;
schema:text "Secure disposal of media." ;
schema:isPartOf :question-139 .
:question-140 a schema:Question ;
schema:name "Question 140" ;
schema:text "Annex A Controls (High-Level Understanding) - The selection of Annex A controls should be based on:" ;
schema:suggestedAnswer :answer-140-A ,
:answer-140-B ,
:answer-140-C ,
:answer-140-D ;
schema:acceptedAnswer :answer-140-B ;
schema:isPartOf :dataset .
:answer-140-A a schema:Answer ;
schema:position "A" ;
schema:text "Industry best practices only." ;
schema:isPartOf :question-140 .
:answer-140-B a schema:Answer ;
schema:position "B" ;
schema:text "The results of the information security risk assessment and the organization's risk treatment decisions." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-140 .
:answer-140-C a schema:Answer ;
schema:position "C" ;
schema:text "The recommendations of the certification body." ;
schema:isPartOf :question-140 .
:answer-140-D a schema:Answer ;
schema:position "D" ;
schema:text "The preference of the IT department." ;
schema:isPartOf :question-140 .
:question-141 a schema:Question ;
schema:name "Question 141" ;
schema:text "Lead Implementer Specific Responsibilities and Considerations - A Lead Implementer's primary role is to:" ;
schema:suggestedAnswer :answer-141-A ,
:answer-141-B ,
:answer-141-C ,
:answer-141-D ;
schema:acceptedAnswer :answer-141-B ;
schema:isPartOf :dataset .
:answer-141-A a schema:Answer ;
schema:position "A" ;
schema:text "Write all security policies and procedures." ;
schema:isPartOf :question-141 .
:answer-141-B a schema:Answer ;
schema:position "B" ;
schema:text "Manage the entire ISMS implementation project, guiding the organization through all phases." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-141 .
:answer-141-C a schema:Answer ;
schema:position "C" ;
schema:text "Conduct internal audits." ;
schema:isPartOf :question-141 .
:answer-141-D a schema:Answer ;
schema:position "D" ;
schema:text "Be the sole decision-maker for all ISMS related matters." ;
schema:isPartOf :question-141 .
:question-142 a schema:Question ;
schema:name "Question 142" ;
schema:text "Lead Implementer Specific Responsibilities and Considerations - Stakeholder engagement is crucial for a Lead Implementer. This involves:" ;
schema:suggestedAnswer :answer-142-A ,
:answer-142-B ,
:answer-142-C ,
:answer-142-D ;
schema:acceptedAnswer :answer-142-B ;
schema:isPartOf :dataset .
:answer-142-A a schema:Answer ;
schema:position "A" ;
schema:text "Only informing top management about the ISMS project." ;
schema:isPartOf :question-142 .
:answer-142-B a schema:Answer ;
schema:position "B" ;
schema:text "Identifying, communicating with, and involving relevant stakeholders throughout the ISMS implementation." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-142 .
:answer-142-C a schema:Answer ;
schema:position "C" ;
schema:text "Ignoring stakeholders who are resistant to change." ;
schema:isPartOf :question-142 .
:answer-142-D a schema:Answer ;
schema:position "D" ;
schema:text "Focusing only on technical stakeholders." ;
schema:isPartOf :question-142 .
:question-143 a schema:Question ;
schema:name "Question 143" ;
schema:text "Lead Implementer Specific Responsibilities and Considerations - When defining the ISMS scope, a Lead Implementer should:" ;
schema:suggestedAnswer :answer-143-A ,
:answer-143-B ,
:answer-143-C ,
:answer-143-D ;
schema:acceptedAnswer :answer-143-B ;
schema:isPartOf :dataset .
:answer-143-A a schema:Answer ;
schema:position "A" ;
schema:text "Impose a scope based on their own expertise." ;
schema:isPartOf :question-143 .
:answer-143-B a schema:Answer ;
schema:position "B" ;
schema:text "Collaborate with relevant stakeholders to ensure the scope is realistic, achievable, and aligned with organizational objectives." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-143 .
:answer-143-C a schema:Answer ;
schema:position "C" ;
schema:text "Make the scope as narrow as possible to simplify implementation." ;
schema:isPartOf :question-143 .
:answer-143-D a schema:Answer ;
schema:position "D" ;
schema:text "Let the IT department define the scope." ;
schema:isPartOf :question-143 .
:question-144 a schema:Question ;
schema:name "Question 144" ;
schema:text "Lead Implementer Specific Responsibilities and Considerations - During the ISMS implementation project, a Lead Implementer should:" ;
schema:suggestedAnswer :answer-144-A ,
:answer-144-B ,
:answer-144-C ,
:answer-144-D ;
schema:acceptedAnswer :answer-144-B ;
schema:isPartOf :dataset .
:answer-144-A a schema:Answer ;
schema:position "A" ;
schema:text "Work in isolation to maintain focus." ;
schema:isPartOf :question-144 .
:answer-144-B a schema:Answer ;
schema:position "B" ;
schema:text "Act as a project manager, facilitator, and subject matter expert, guiding the team and ensuring progress." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-144 .
:answer-144-C a schema:Answer ;
schema:position "C" ;
schema:text "Delegate all tasks to team members and only oversee progress." ;
schema:isPartOf :question-144 .
:answer-144-D a schema:Answer ;
schema:position "D" ;
schema:text "Focus solely on technical aspects and ignore organizational change management." ;
schema:isPartOf :question-144 .
:question-145 a schema:Question ;
schema:name "Question 145" ;
schema:text "Lead Implementer Specific Responsibilities and Considerations - A Lead Implementer contributes to the continual improvement of the ISMS by:" ;
schema:suggestedAnswer :answer-145-A ,
:answer-145-B ,
:answer-145-C ,
:answer-145-D ;
schema:acceptedAnswer :answer-145-B ;
schema:isPartOf :dataset .
:answer-145-A a schema:Answer ;
schema:position "A" ;
schema:text "Leaving the ISMS once certification is achieved." ;
schema:isPartOf :question-145 .
:answer-145-B a schema:Answer ;
schema:position "B" ;
schema:text "Establishing processes for monitoring, measurement, audit, management review, and corrective action, and promoting a culture of continuous improvement." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-145 .
:answer-145-C a schema:Answer ;
schema:position "C" ;
schema:text "Focusing only on implementing new technologies." ;
schema:isPartOf :question-145 .
:answer-145-D a schema:Answer ;
schema:position "D" ;
schema:text "Ignoring feedback from internal audits." ;
schema:isPartOf :question-145 .
:question-146 a schema:Question ;
schema:name "Question 146" ;
schema:text "What is the purpose of ICT readiness for business continuity?" ;
schema:suggestedAnswer :answer-146-A ,
:answer-146-B ,
:answer-146-C ,
:answer-146-D ;
schema:acceptedAnswer :answer-146-B ;
schema:isPartOf :dataset .
:answer-146-A a schema:Answer ;
schema:position "A" ;
schema:text "To reduce the likelihood or consequences of future incidents." ;
schema:isPartOf :question-146 .
:answer-146-B a schema:Answer ;
schema:position "B" ;
schema:text "To ensure the availability of the organization's information and other associated assets during disruption." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-146 .
:answer-146-C a schema:Answer ;
schema:position "C" ;
schema:text "To ensure a consistent and effective management of evidence related to information security incidents for the purposes of disciplinary and legal actions." ;
schema:isPartOf :question-146 .
:answer-146-D a schema:Answer ;
schema:position "D" ;
schema:text "To protect information and other associated assets during disruption." ;
schema:isPartOf :question-146 .
:question-147 a schema:Question ;
schema:name "Question 147" ;
schema:text "What is the purpose of Policies for information security?" ;
schema:suggestedAnswer :answer-147-A ,
:answer-147-B ,
:answer-147-C ,
:answer-147-D ;
schema:acceptedAnswer :answer-147-A ;
schema:isPartOf :dataset .
:answer-147-A a schema:Answer ;
schema:position "A" ;
schema:text "To establish a defined, approved and understood structure for the implementation, operation and management of information security within the organization." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-147 .
:answer-147-B a schema:Answer ;
schema:position "B" ;
schema:text "To ensure continuing suitability, adequacy, effectiveness of management direction and support for information security in accordance with business, legal, statutory, regulatory and contractual requirements." ;
schema:isPartOf :question-147 .
:answer-147-C a schema:Answer ;
schema:position "C" ;
schema:text "To ensure management understand their role in information security and undertake actions aiming to ensure all personnel are aware of and fulfill their information security responsibilities." ;
schema:isPartOf :question-147 .
:answer-147-D a schema:Answer ;
schema:position "D" ;
schema:text "To ensure appropriate flow of information takes places with respect to information security between the organization and relevant legal, regulatory and supervisory authorities." ;
schema:isPartOf :question-147 .
:question-148 a schema:Question ;
schema:name "Question 148" ;
schema:text "Which of the following best describes a policy, according to the ISO/IEC 27002:2022?" ;
schema:suggestedAnswer :answer-148-A ,
:answer-148-B ,
:answer-148-C ,
:answer-148-D ;
schema:acceptedAnswer :answer-148-B ;
schema:isPartOf :dataset .
:answer-148-A a schema:Answer ;
schema:position "A" ;
schema:text "A set of interrelated or interacting activities that uses or transforms inputs to deliver a result." ;
schema:isPartOf :question-148 .
:answer-148-B a schema:Answer ;
schema:position "B" ;
schema:text "Intentions and direction of an organization, as formally expressed by its top management." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-148 .
:answer-148-C a schema:Answer ;
schema:position "C" ;
schema:text "Accepted principle or institution that states the organization's expectations on what is required to be done, what is allowed or not allowed." ;
schema:isPartOf :question-148 .
:answer-148-D a schema:Answer ;
schema:position "D" ;
schema:text "A specified way to carry out an activity or a process." ;
schema:isPartOf :question-148 .
:question-149 a schema:Question ;
schema:name "Question 149" ;
schema:text "Which of the following refers to information that needs to be protected from unavailability, unauthorized access, modification or public disclosure because of potential adverse effects on an individual, organization, national security or public safety?" ;
schema:suggestedAnswer :answer-149-A ,
:answer-149-B ,
:answer-149-C ,
:answer-149-D ;
schema:acceptedAnswer :answer-149-B ;
schema:isPartOf :dataset .
:answer-149-A a schema:Answer ;
schema:position "A" ;
schema:text "Personally identifiable information" ;
schema:isPartOf :question-149 .
:answer-149-B a schema:Answer ;
schema:position "B" ;
schema:text "Sensitive information" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-149 .
:answer-149-C a schema:Answer ;
schema:position "C" ;
schema:text "Documented information" ;
schema:isPartOf :question-149 .
:answer-149-D a schema:Answer ;
schema:position "D" ;
schema:text "Encrypted information" ;
schema:isPartOf :question-149 .
:question-150 a schema:Question ;
schema:name "Question 150" ;
schema:text "Which of the following describes one or multiple related an identified information security events that can harm an organization's assets or compromise its operations?" ;
schema:suggestedAnswer :answer-150-A ,
:answer-150-B ,
:answer-150-C ,
:answer-150-D ;
schema:acceptedAnswer :answer-150-D ;
schema:isPartOf :dataset .
:answer-150-A a schema:Answer ;
schema:position "A" ;
schema:text "Information security event" ;
schema:isPartOf :question-150 .
:answer-150-B a schema:Answer ;
schema:position "B" ;
schema:text "Information security management" ;
schema:isPartOf :question-150 .
:answer-150-C a schema:Answer ;
schema:position "C" ;
schema:text "Information security breach" ;
schema:isPartOf :question-150 .
:answer-150-D a schema:Answer ;
schema:position "D" ;
schema:text "Information security incident" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-150 .
:question-151 a schema:Question ;
schema:name "Question 151" ;
schema:text "It is essential that an organization determines its information security requirements. Are three main sources of information security requirements:" ;
schema:suggestedAnswer :answer-151-A ,
:answer-151-B ,
:answer-151-C ,
:answer-151-D ;
schema:acceptedAnswer :answer-151-D ;
schema:isPartOf :dataset .
:answer-151-A a schema:Answer ;
schema:position "A" ;
schema:text "The assessment of risks to the organization, taking into account the organization's overall business strategy and objectives." ;
schema:isPartOf :question-151 .
:answer-151-B a schema:Answer ;
schema:position "B" ;
schema:text "The legal, statutory, regulatory and contractual requirements that an organization and its interested parties have to comply with and their socio-cultural environment." ;
schema:isPartOf :question-151 .
:answer-151-C a schema:Answer ;
schema:position "C" ;
schema:text "The set of principles, objectives and business requirements for all the steps of the life cycle of information that an organization has developed to support its operations." ;
schema:isPartOf :question-151 .
:answer-151-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-151 .
:question-152 a schema:Question ;
schema:name "Question 152" ;
schema:text "Which of the following best describe an attack, according to the ISO/IEC 27002:2022?" ;
schema:suggestedAnswer :answer-152-A ,
:answer-152-B ,
:answer-152-C ,
:answer-152-D ;
schema:acceptedAnswer :answer-152-A ;
schema:isPartOf :dataset .
:answer-152-A a schema:Answer ;
schema:position "A" ;
schema:text "A successful or unsuccessful unauthorized attempt to destroy, alter, disable, gain access to an asset or any attempt to expose, steal, or make unauthorized use of an asset." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-152 .
:answer-152-B a schema:Answer ;
schema:position "B" ;
schema:text "One or multiple related and identified information security events that can harm an organization's assets or compromise its operations." ;
schema:isPartOf :question-152 .
:answer-152-C a schema:Answer ;
schema:position "C" ;
schema:text "The weakness of an asset or control that can be exploited by one or more threats." ;
schema:isPartOf :question-152 .
:answer-152-D a schema:Answer ;
schema:position "D" ;
schema:text "The potential cause of an unwanted incident, which can result in harm to a system or organization." ;
schema:isPartOf :question-152 .
:question-153 a schema:Question ;
schema:name "Question 153" ;
schema:text "Which of the following is best defines as a measure that modifies or maintains risk?" ;
schema:suggestedAnswer :answer-153-A ,
:answer-153-B ,
:answer-153-C ,
:answer-153-D ;
schema:acceptedAnswer :answer-153-D ;
schema:isPartOf :dataset .
:answer-153-A a schema:Answer ;
schema:position "A" ;
schema:text "Procedure" ;
schema:isPartOf :question-153 .
:answer-153-B a schema:Answer ;
schema:position "B" ;
schema:text "Policy" ;
schema:isPartOf :question-153 .
:answer-153-C a schema:Answer ;
schema:position "C" ;
schema:text "Rule" ;
schema:isPartOf :question-153 .
:answer-153-D a schema:Answer ;
schema:position "D" ;
schema:text "Control" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-153 .
:question-154 a schema:Question ;
schema:name "Question 154" ;
schema:text "Which of the following best describes a threat?" ;
schema:suggestedAnswer :answer-154-A ,
:answer-154-B ,
:answer-154-C ,
:answer-154-D ;
schema:acceptedAnswer :answer-154-D ;
schema:isPartOf :dataset .
:answer-154-A a schema:Answer ;
schema:position "A" ;
schema:text "One or multiple related and identified information security events that can harm an organization's assets or compromise its operations." ;
schema:isPartOf :question-154 .
:answer-154-B a schema:Answer ;
schema:position "B" ;
schema:text "Successful or unsuccessful unauthorized attempt to destroy, alter, disable, gain access to an asset or any attempt to expose, steal, or make unauthorized use of an asset." ;
schema:isPartOf :question-154 .
:answer-154-C a schema:Answer ;
schema:position "C" ;
schema:text "The weakness of an asset or control that can be exploited by one or more threats." ;
schema:isPartOf :question-154 .
:answer-154-D a schema:Answer ;
schema:position "D" ;
schema:text "The potential cause of an unwanted incident, which can results in harm to a system or organization." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-154 .
:question-155 a schema:Question ;
schema:name "Question 155" ;
schema:text "Which of the following best describes the purpose of Application security requirements?" ;
schema:suggestedAnswer :answer-155-A ,
:answer-155-B ,
:answer-155-C ,
:answer-155-D ;
schema:acceptedAnswer :answer-155-D ;
schema:isPartOf :dataset .
:answer-155-A a schema:Answer ;
schema:position "A" ;
schema:text "To validate if information security requirements are met when applications or code are deployed to the production environment." ;
schema:isPartOf :question-155 .
:answer-155-B a schema:Answer ;
schema:position "B" ;
schema:text "To ensure information systems are securely designed, implemented and operated within the development life cycle." ;
schema:isPartOf :question-155 .
:answer-155-C a schema:Answer ;
schema:position "C" ;
schema:text "To ensure software is written securely thereby reducing the number of potential information security vulnerabilities in the software." ;
schema:isPartOf :question-155 .
:answer-155-D a schema:Answer ;
schema:position "D" ;
schema:text "To ensure all information security requirements are identified and addressed when developing or acquiring applications." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-155 .
:question-156 a schema:Question ;
schema:name "Question 156" ;
schema:text "The title of ISO 27001:2022 includes following?" ;
schema:suggestedAnswer :answer-156-A ,
:answer-156-B ,
:answer-156-C ,
:answer-156-D ;
schema:acceptedAnswer :answer-156-A ;
schema:isPartOf :dataset .
:answer-156-A a schema:Answer ;
schema:position "A" ;
schema:text "Information Security, Cyber Security and Privacy Protection" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-156 .
:answer-156-B a schema:Answer ;
schema:position "B" ;
schema:text "Information Management System, Tools and Techniques" ;
schema:isPartOf :question-156 .
:answer-156-C a schema:Answer ;
schema:position "C" ;
schema:text "Information Security procedures and techniques" ;
schema:isPartOf :question-156 .
:answer-156-D a schema:Answer ;
schema:position "D" ;
schema:text "Information Security Management practices" ;
schema:isPartOf :question-156 .
:question-157 a schema:Question ;
schema:name "Question 157" ;
schema:text "ISO 27002:2022 is comprises of how many controls?" ;
schema:suggestedAnswer :answer-157-A ,
:answer-157-B ,
:answer-157-C ,
:answer-157-D ;
schema:acceptedAnswer :answer-157-C ;
schema:isPartOf :dataset .
:answer-157-A a schema:Answer ;
schema:position "A" ;
schema:text "128" ;
schema:isPartOf :question-157 .
:answer-157-B a schema:Answer ;
schema:position "B" ;
schema:text "97" ;
schema:isPartOf :question-157 .
:answer-157-C a schema:Answer ;
schema:position "C" ;
schema:text "93" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-157 .
:answer-157-D a schema:Answer ;
schema:position "D" ;
schema:text "79" ;
schema:isPartOf :question-157 .
:question-158 a schema:Question ;
schema:name "Question 158" ;
schema:text "Categories of control grouping in ISO 27002:2022 are" ;
schema:suggestedAnswer :answer-158-A ,
:answer-158-B ,
:answer-158-C ,
:answer-158-D ;
schema:acceptedAnswer :answer-158-D ;
schema:isPartOf :dataset .
:answer-158-A a schema:Answer ;
schema:position "A" ;
schema:text "Strategic, Tactical, Operational, BAU" ;
schema:isPartOf :question-158 .
:answer-158-B a schema:Answer ;
schema:position "B" ;
schema:text "Long term, Short term, Incidental, optional" ;
schema:isPartOf :question-158 .
:answer-158-C a schema:Answer ;
schema:position "C" ;
schema:text "Organizational, People, Process, Technological" ;
schema:isPartOf :question-158 .
:answer-158-D a schema:Answer ;
schema:position "D" ;
schema:text "Organizational, People, Technological, Physical" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-158 .
:question-159 a schema:Question ;
schema:name "Question 159" ;
schema:text "Cyber Security Concept is ___ in ISO 27002:2022" ;
schema:suggestedAnswer :answer-159-A ,
:answer-159-B ,
:answer-159-C ,
:answer-159-D ;
schema:acceptedAnswer :answer-159-C ;
schema:isPartOf :dataset .
:answer-159-A a schema:Answer ;
schema:position "A" ;
schema:text "Information Criterion" ;
schema:isPartOf :question-159 .
:answer-159-B a schema:Answer ;
schema:position "B" ;
schema:text "Fundamental concept" ;
schema:isPartOf :question-159 .
:answer-159-C a schema:Answer ;
schema:position "C" ;
schema:text "Attribute" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-159 .
:answer-159-D a schema:Answer ;
schema:position "D" ;
schema:text "Control concept" ;
schema:isPartOf :question-159 .
:question-160 a schema:Question ;
schema:name "Question 160" ;
schema:text "New added elements in control are:" ;
schema:suggestedAnswer :answer-160-A ,
:answer-160-B ,
:answer-160-C ,
:answer-160-D ;
schema:acceptedAnswer :answer-160-A ;
schema:isPartOf :dataset .
:answer-160-A a schema:Answer ;
schema:position "A" ;
schema:text "Attribute and Purpose" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-160 .
:answer-160-B a schema:Answer ;
schema:position "B" ;
schema:text "Reference and Definition" ;
schema:isPartOf :question-160 .
:answer-160-C a schema:Answer ;
schema:position "C" ;
schema:text "Summary and Purpose" ;
schema:isPartOf :question-160 .
:answer-160-D a schema:Answer ;
schema:position "D" ;
schema:text "Attribute and Reference" ;
schema:isPartOf :question-160 .
:question-161 a schema:Question ;
schema:name "Question 161" ;
schema:text "In ISO 27002:2022 controls are more based on" ;
schema:suggestedAnswer :answer-161-A ,
:answer-161-B ,
:answer-161-C ,
:answer-161-D ;
schema:acceptedAnswer :answer-161-A ;
schema:isPartOf :dataset .
:answer-161-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk and opportunity" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-161 .
:answer-161-B a schema:Answer ;
schema:position "B" ;
schema:text "Interested party requirements" ;
schema:isPartOf :question-161 .
:answer-161-C a schema:Answer ;
schema:position "C" ;
schema:text "Regulatory requirements" ;
schema:isPartOf :question-161 .
:answer-161-D a schema:Answer ;
schema:position "D" ;
schema:text "Business context and risks" ;
schema:isPartOf :question-161 .
:question-162 a schema:Question ;
schema:name "Question 162" ;
schema:text "New controls introduces in ISO 27002:2002 are:" ;
schema:suggestedAnswer :answer-162-A ,
:answer-162-B ,
:answer-162-C ,
:answer-162-D ;
schema:acceptedAnswer :answer-162-C ;
schema:isPartOf :dataset .
:answer-162-A a schema:Answer ;
schema:position "A" ;
schema:text "18" ;
schema:isPartOf :question-162 .
:answer-162-B a schema:Answer ;
schema:position "B" ;
schema:text "54" ;
schema:isPartOf :question-162 .
:answer-162-C a schema:Answer ;
schema:position "C" ;
schema:text "28" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-162 .
:answer-162-D a schema:Answer ;
schema:position "D" ;
schema:text "11" ;
schema:isPartOf :question-162 .
:question-163 a schema:Question ;
schema:name "Question 163" ;
schema:text "Merged controls in ISO 27002:2022 are:" ;
schema:suggestedAnswer :answer-163-A ,
:answer-163-B ,
:answer-163-C ,
:answer-163-D ;
schema:acceptedAnswer :answer-163-B ;
schema:isPartOf :dataset .
:answer-163-A a schema:Answer ;
schema:position "A" ;
schema:text "28" ;
schema:isPartOf :question-163 .
:answer-163-B a schema:Answer ;
schema:position "B" ;
schema:text "24" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-163 .
:answer-163-C a schema:Answer ;
schema:position "C" ;
schema:text "93" ;
schema:isPartOf :question-163 .
:answer-163-D a schema:Answer ;
schema:position "D" ;
schema:text "58" ;
schema:isPartOf :question-163 .
:question-164 a schema:Question ;
schema:name "Question 164" ;
schema:text "Data Leakage prevention is _____ in ISO 27002:2022" ;
schema:suggestedAnswer :answer-164-A ,
:answer-164-B ,
:answer-164-C ,
:answer-164-D ;
schema:acceptedAnswer :answer-164-A ;
schema:isPartOf :dataset .
:answer-164-A a schema:Answer ;
schema:position "A" ;
schema:text "New control" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-164 .
:answer-164-B a schema:Answer ;
schema:position "B" ;
schema:text "Updated control" ;
schema:isPartOf :question-164 .
:answer-164-C a schema:Answer ;
schema:position "C" ;
schema:text "Merged control" ;
schema:isPartOf :question-164 .
:answer-164-D a schema:Answer ;
schema:position "D" ;
schema:text "Deleted / removed control" ;
schema:isPartOf :question-164 .
:question-165 a schema:Question ;
schema:name "Question 165" ;
schema:text "Storage media is ____ in ISO 27002:2002" ;
schema:suggestedAnswer :answer-165-A ,
:answer-165-B ,
:answer-165-C ,
:answer-165-D ;
schema:acceptedAnswer :answer-165-B ;
schema:isPartOf :dataset .
:answer-165-A a schema:Answer ;
schema:position "A" ;
schema:text "New control" ;
schema:isPartOf :question-165 .
:answer-165-B a schema:Answer ;
schema:position "B" ;
schema:text "Updated control" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-165 .
:answer-165-C a schema:Answer ;
schema:position "C" ;
schema:text "Merged control" ;
schema:isPartOf :question-165 .
:answer-165-D a schema:Answer ;
schema:position "D" ;
schema:text "Deleted / removed control" ;
schema:isPartOf :question-165 .
:question-166 a schema:Question ;
schema:name "Question 166" ;
schema:text "The control “Conflicting duties and conflicting areas of responsibility should be segregated.” Is a:" ;
schema:suggestedAnswer :answer-166-A ,
:answer-166-B ,
:answer-166-C ,
:answer-166-D ;
schema:acceptedAnswer :answer-166-A ;
schema:isPartOf :dataset .
:answer-166-A a schema:Answer ;
schema:position "A" ;
schema:text "Preventive Control" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-166 .
:answer-166-B a schema:Answer ;
schema:position "B" ;
schema:text "Detective Control" ;
schema:isPartOf :question-166 .
:answer-166-C a schema:Answer ;
schema:position "C" ;
schema:text "Corrective Control" ;
schema:isPartOf :question-166 .
:answer-166-D a schema:Answer ;
schema:position "D" ;
schema:text "All of Above" ;
schema:isPartOf :question-166 .
:question-167 a schema:Question ;
schema:name "Question 167" ;
schema:text "Top Risks while working from home includes" ;
schema:suggestedAnswer :answer-167-A ,
:answer-167-B ,
:answer-167-C ,
:answer-167-D ;
schema:acceptedAnswer :answer-167-D ;
schema:isPartOf :dataset .
:answer-167-A a schema:Answer ;
schema:position "A" ;
schema:text "Phishing and ransomware" ;
schema:isPartOf :question-167 .
:answer-167-B a schema:Answer ;
schema:position "B" ;
schema:text "Employees can’t spot scams" ;
schema:isPartOf :question-167 .
:answer-167-C a schema:Answer ;
schema:position "C" ;
schema:text "Personal devices" ;
schema:isPartOf :question-167 .
:answer-167-D a schema:Answer ;
schema:position "D" ;
schema:text "All of Above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-167 .
:question-168 a schema:Question ;
schema:name "Question 168" ;
schema:text "The committee decides to either - Keep the standard as is, Withdraw the standard, Revise the standard, every" ;
schema:suggestedAnswer :answer-168-A ,
:answer-168-B ,
:answer-168-C ,
:answer-168-D ;
schema:acceptedAnswer :answer-168-A ;
schema:isPartOf :dataset .
:answer-168-A a schema:Answer ;
schema:position "A" ;
schema:text "Every 3 to 5 years" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-168 .
:answer-168-B a schema:Answer ;
schema:position "B" ;
schema:text "Every 1 to 2 years" ;
schema:isPartOf :question-168 .
:answer-168-C a schema:Answer ;
schema:position "C" ;
schema:text "Every 5 to 7 years" ;
schema:isPartOf :question-168 .
:answer-168-D a schema:Answer ;
schema:position "D" ;
schema:text "Any time" ;
schema:isPartOf :question-168 .
:question-169 a schema:Question ;
schema:name "Question 169" ;
schema:text "A ____ element has been applied to the controls within the 2022 version, as opposed to the use of a control objective for a group of controls." ;
schema:suggestedAnswer :answer-169-A ,
:answer-169-B ,
:answer-169-C ,
:answer-169-D ;
schema:acceptedAnswer :answer-169-C ;
schema:isPartOf :dataset .
:answer-169-A a schema:Answer ;
schema:position "A" ;
schema:text "“goal”" ;
schema:isPartOf :question-169 .
:answer-169-B a schema:Answer ;
schema:position "B" ;
schema:text "“Introduction”" ;
schema:isPartOf :question-169 .
:answer-169-C a schema:Answer ;
schema:position "C" ;
schema:text "“purpose”" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-169 .
:answer-169-D a schema:Answer ;
schema:position "D" ;
schema:text "“Expectation”" ;
schema:isPartOf :question-169 .
:question-170 a schema:Question ;
schema:name "Question 170" ;
schema:text "Control Type for “ICT Readiness for Business continuity should be planned, Implemented, maintained and tested based on business continuity objectives and ICT continuity requirements.“" ;
schema:suggestedAnswer :answer-170-A ,
:answer-170-B ,
:answer-170-C ,
:answer-170-D ;
schema:acceptedAnswer :answer-170-A ;
schema:isPartOf :dataset .
:answer-170-A a schema:Answer ;
schema:position "A" ;
schema:text "Preventive Control" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-170 .
:answer-170-B a schema:Answer ;
schema:position "B" ;
schema:text "Detective Control" ;
schema:isPartOf :question-170 .
:answer-170-C a schema:Answer ;
schema:position "C" ;
schema:text "Corrective Control" ;
schema:isPartOf :question-170 .
:answer-170-D a schema:Answer ;
schema:position "D" ;
schema:text "All of Above" ;
schema:isPartOf :question-170 .
:question-171 a schema:Question ;
schema:name "Question 171" ;
schema:text "What is the purpose of the ISO/IEC 27004 standard?" ;
schema:suggestedAnswer :answer-171-A ,
:answer-171-B ,
:answer-171-C ,
:answer-171-D ;
schema:acceptedAnswer :answer-171-A ;
schema:isPartOf :dataset .
:answer-171-A a schema:Answer ;
schema:position "A" ;
schema:text "To measure the effectiveness of security efforts." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-171 .
:answer-171-B a schema:Answer ;
schema:position "B" ;
schema:text "To explain the various roles in a security department." ;
schema:isPartOf :question-171 .
:answer-171-C a schema:Answer ;
schema:position "C" ;
schema:text "To detail what others in your industry are doing in security." ;
schema:isPartOf :question-171 .
:answer-171-D a schema:Answer ;
schema:position "D" ;
schema:text "To identify the major risks that security programs face." ;
schema:isPartOf :question-171 .
:question-172 a schema:Question ;
schema:name "Question 172" ;
schema:text "In order to effectively deliver security awareness training to specialized roles in the organization, which method is most appropriate?" ;
schema:suggestedAnswer :answer-172-A ,
:answer-172-B ,
:answer-172-C ,
:answer-172-D ;
schema:acceptedAnswer :answer-172-A ;
schema:isPartOf :dataset .
:answer-172-A a schema:Answer ;
schema:position "A" ;
schema:text "Small group sessions" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-172 .
:answer-172-B a schema:Answer ;
schema:position "B" ;
schema:text "Company-wide online learning" ;
schema:isPartOf :question-172 .
:answer-172-C a schema:Answer ;
schema:position "C" ;
schema:text "All-staff meetings" ;
schema:isPartOf :question-172 .
:answer-172-D a schema:Answer ;
schema:position "D" ;
schema:text "Handouts and PDFs" ;
schema:isPartOf :question-172 .
:question-173 a schema:Question ;
schema:name "Question 173" ;
schema:text "A new CEO has joined your organization and considers the spending on IT and IT security to be frivolous. As the leader of the IT division, what is your response?" ;
schema:suggestedAnswer :answer-173-A ,
:answer-173-B ,
:answer-173-C ,
:answer-173-D ;
schema:acceptedAnswer :answer-173-A ;
schema:isPartOf :dataset .
:answer-173-A a schema:Answer ;
schema:position "A" ;
schema:text "Implement a security awareness program and educate the CEO" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-173 .
:answer-173-B a schema:Answer ;
schema:position "B" ;
schema:text "Try to convince the board to approve new software to replace human resources" ;
schema:isPartOf :question-173 .
:answer-173-C a schema:Answer ;
schema:position "C" ;
schema:text "Accept the decision - it is the CEO" ;
schema:isPartOf :question-173 .
:answer-173-D a schema:Answer ;
schema:position "D" ;
schema:text "Reduce spending on anti-virus and malware, but keep firewalls" ;
schema:isPartOf :question-173 .
:question-174 a schema:Question ;
schema:name "Question 174" ;
schema:text "As a technical staff member in IT, what is your highest priority in cybersecurity?" ;
schema:suggestedAnswer :answer-174-A ,
:answer-174-B ,
:answer-174-C ,
:answer-174-D ;
schema:acceptedAnswer :answer-174-C ;
schema:isPartOf :dataset .
:answer-174-A a schema:Answer ;
schema:position "A" ;
schema:text "Software development" ;
schema:isPartOf :question-174 .
:answer-174-B a schema:Answer ;
schema:position "B" ;
schema:text "Environmental security" ;
schema:isPartOf :question-174 .
:answer-174-C a schema:Answer ;
schema:position "C" ;
schema:text "Data protection" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-174 .
:answer-174-D a schema:Answer ;
schema:position "D" ;
schema:text "Incident response" ;
schema:isPartOf :question-174 .
:question-175 a schema:Question ;
schema:name "Question 175" ;
schema:text "What is the main focus of ISO/IEC 27004:2016?" ;
schema:suggestedAnswer :answer-175-A ,
:answer-175-B ,
:answer-175-C ,
:answer-175-D ;
schema:acceptedAnswer :answer-175-C ;
schema:isPartOf :dataset .
:answer-175-A a schema:Answer ;
schema:position "A" ;
schema:text "Cybersecurity attacks prevention" ;
schema:isPartOf :question-175 .
:answer-175-B a schema:Answer ;
schema:position "B" ;
schema:text "Data encryption techniques" ;
schema:isPartOf :question-175 .
:answer-175-C a schema:Answer ;
schema:position "C" ;
schema:text "Performance assessment of ISO/IEC 27001" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-175 .
:answer-175-D a schema:Answer ;
schema:position "D" ;
schema:text "Information security monitoring" ;
schema:isPartOf :question-175 .
:question-176 a schema:Question ;
schema:name "Question 176" ;
schema:text "Why was ISO/IEC 27004:2016 updated and extended?" ;
schema:suggestedAnswer :answer-176-A ,
:answer-176-B ,
:answer-176-C ,
:answer-176-D ;
schema:acceptedAnswer :answer-176-D ;
schema:isPartOf :dataset .
:answer-176-A a schema:Answer ;
schema:position "A" ;
schema:text "To focus on cybersecurity hardware solutions" ;
schema:isPartOf :question-176 .
:answer-176-B a schema:Answer ;
schema:position "B" ;
schema:text "To enhance cloud security measures" ;
schema:isPartOf :question-176 .
:answer-176-C a schema:Answer ;
schema:position "C" ;
schema:text "To provide guidelines on data encryption processes" ;
schema:isPartOf :question-176 .
:answer-176-D a schema:Answer ;
schema:position "D" ;
schema:text "To align with the revised version of ISO/IEC 27001" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-176 .
:question-177 a schema:Question ;
schema:name "Question 177" ;
schema:text "What role did Edward Humphreys play in the development of ISO/IEC 27004:2016?" ;
schema:suggestedAnswer :answer-177-A ,
:answer-177-B ,
:answer-177-C ,
:answer-177-D ;
schema:acceptedAnswer :answer-177-A ;
schema:isPartOf :dataset .
:answer-177-A a schema:Answer ;
schema:position "A" ;
schema:text "He was the convenor of the working group developing the standard" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-177 .
:answer-177-B a schema:Answer ;
schema:position "B" ;
schema:text "He provided cybersecurity training to organizations" ;
schema:isPartOf :question-177 .
:answer-177-C a schema:Answer ;
schema:position "C" ;
schema:text "He led the organization implementing ISO/IEC 27001" ;
schema:isPartOf :question-177 .
:answer-177-D a schema:Answer ;
schema:position "D" ;
schema:text "He was the chief editor of the standard" ;
schema:isPartOf :question-177 .
:question-178 a schema:Question ;
schema:name "Question 178" ;
schema:text "Why does Edward Humphreys emphasize the importance of ISO/IEC 27004:2016?" ;
schema:suggestedAnswer :answer-178-A ,
:answer-178-B ,
:answer-178-C ,
:answer-178-D ;
schema:acceptedAnswer :answer-178-D ;
schema:isPartOf :dataset .
:answer-178-A a schema:Answer ;
schema:position "A" ;
schema:text "To encourage using open-source cybersecurity tools" ;
schema:isPartOf :question-178 .
:answer-178-B a schema:Answer ;
schema:position "B" ;
schema:text "To highlight common cybersecurity misconceptions" ;
schema:isPartOf :question-178 .
:answer-178-C a schema:Answer ;
schema:position "C" ;
schema:text "To promote his cybersecurity consultancy services" ;
schema:isPartOf :question-178 .
:answer-178-D a schema:Answer ;
schema:position "D" ;
schema:text "Because cyber attacks are a significant organizational risk" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-178 .
:question-179 a schema:Question ;
schema:name "Question 179" ;
schema:text "What does ISO/IEC 27004:2016 detail about information security measurement programs?" ;
schema:suggestedAnswer :answer-179-A ,
:answer-179-B ,
:answer-179-C ,
:answer-179-D ;
schema:acceptedAnswer :answer-179-D ;
schema:isPartOf :dataset .
:answer-179-A a schema:Answer ;
schema:position "A" ;
schema:text "How to avoid phishing attacks" ;
schema:isPartOf :question-179 .
:answer-179-B a schema:Answer ;
schema:position "B" ;
schema:text "How to efficiently use antivirus software" ;
schema:isPartOf :question-179 .
:answer-179-C a schema:Answer ;
schema:position "C" ;
schema:text "How to set up a secure network connection" ;
schema:isPartOf :question-179 .
:answer-179-D a schema:Answer ;
schema:position "D" ;
schema:text "How to construct a measurement program and select what to measure" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-179 .
:question-180 a schema:Question ;
schema:name "Question 180" ;
schema:text "In which areas does ISO/IEC 27004:2016 provide practical support?" ;
schema:suggestedAnswer :answer-180-A ,
:answer-180-B ,
:answer-180-C ,
:answer-180-D ;
schema:acceptedAnswer :answer-180-A ;
schema:isPartOf :dataset .
:answer-180-A a schema:Answer ;
schema:position "A" ;
schema:text "Assessing the effectiveness of information security measures" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-180 .
:answer-180-B a schema:Answer ;
schema:position "B" ;
schema:text "Developing artificial intelligence for cybersecurity" ;
schema:isPartOf :question-180 .
:answer-180-C a schema:Answer ;
schema:position "C" ;
schema:text "Data recovery after cyber attacks" ;
schema:isPartOf :question-180 .
:answer-180-D a schema:Answer ;
schema:position "D" ;
schema:text "Implementing cloud-based security measures" ;
schema:isPartOf :question-180 .
:question-181 a schema:Question ;
schema:name "Question 181" ;
schema:text "How does ISO/IEC 27004:2016 help organizations protect themselves?" ;
schema:suggestedAnswer :answer-181-A ,
:answer-181-B ,
:answer-181-C ,
:answer-181-D ;
schema:acceptedAnswer :answer-181-C ;
schema:isPartOf :dataset .
:answer-181-A a schema:Answer ;
schema:position "A" ;
schema:text "By developing advanced encryption algorithms" ;
schema:isPartOf :question-181 .
:answer-181-B a schema:Answer ;
schema:position "B" ;
schema:text "By offering free cybersecurity insurance policies" ;
schema:isPartOf :question-181 .
:answer-181-C a schema:Answer ;
schema:position "C" ;
schema:text "By giving essential and practical support in monitoring and measurement" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-181 .
:answer-181-D a schema:Answer ;
schema:position "D" ;
schema:text "By providing guidelines on software development practices" ;
schema:isPartOf :question-181 .
:question-182 a schema:Question ;
schema:name "Question 182" ;
schema:text "\"ISO/IEC 27004:2016 explains how to develop and operate ____ processes.\"" ;
schema:suggestedAnswer :answer-182-A ,
:answer-182-B ,
:answer-182-C ,
:answer-182-D ;
schema:acceptedAnswer :answer-182-C ;
schema:isPartOf :dataset .
:answer-182-A a schema:Answer ;
schema:position "A" ;
schema:text "cybersecurity training" ;
schema:isPartOf :question-182 .
:answer-182-B a schema:Answer ;
schema:position "B" ;
schema:text "network security" ;
schema:isPartOf :question-182 .
:answer-182-C a schema:Answer ;
schema:position "C" ;
schema:text "measurement" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-182 .
:answer-182-D a schema:Answer ;
schema:position "D" ;
schema:text "data encryption" ;
schema:isPartOf :question-182 .
:question-183 a schema:Question ;
schema:name "Question 183" ;
schema:text "\"ISO/IEC 27004:2016 includes examples of different types of ____.\"" ;
schema:suggestedAnswer :answer-183-A ,
:answer-183-B ,
:answer-183-C ,
:answer-183-D ;
schema:acceptedAnswer :answer-183-C ;
schema:isPartOf :dataset .
:answer-183-A a schema:Answer ;
schema:position "A" ;
schema:text "cyber attacks" ;
schema:isPartOf :question-183 .
:answer-183-B a schema:Answer ;
schema:position "B" ;
schema:text "network configurations" ;
schema:isPartOf :question-183 .
:answer-183-C a schema:Answer ;
schema:position "C" ;
schema:text "measures" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-183 .
:answer-183-D a schema:Answer ;
schema:position "D" ;
schema:text "data breaches" ;
schema:isPartOf :question-183 .
:question-184 a schema:Question ;
schema:name "Question 184" ;
schema:text "What is the purpose of ISO/IEC 27004:2016?" ;
schema:suggestedAnswer :answer-184-A ,
:answer-184-B ,
:answer-184-C ,
:answer-184-D ;
schema:acceptedAnswer :answer-184-D ;
schema:isPartOf :dataset .
:answer-184-A a schema:Answer ;
schema:position "A" ;
schema:text "To develop new security technologies" ;
schema:isPartOf :question-184 .
:answer-184-B a schema:Answer ;
schema:position "B" ;
schema:text "To create data encryption standards" ;
schema:isPartOf :question-184 .
:answer-184-C a schema:Answer ;
schema:position "C" ;
schema:text "To provide guidelines on cybersecurity protocols" ;
schema:isPartOf :question-184 .
:answer-184-D a schema:Answer ;
schema:position "D" ;
schema:text "To assess the performance of information security management systems" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-184 .
:question-185 a schema:Question ;
schema:name "Question 185" ;
schema:text "What has ISO/IEC 27004:2016 been updated and extended to align with?" ;
schema:suggestedAnswer :answer-185-A ,
:answer-185-B ,
:answer-185-C ,
:answer-185-D ;
schema:acceptedAnswer :answer-185-A ;
schema:isPartOf :dataset .
:answer-185-A a schema:Answer ;
schema:position "A" ;
schema:text "ISO/IEC 27001 standard" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-185 .
:answer-185-B a schema:Answer ;
schema:position "B" ;
schema:text "National Institute of Standards and Technology (NIST) guidelines" ;
schema:isPartOf :question-185 .
:answer-185-C a schema:Answer ;
schema:position "C" ;
schema:text "GDPR regulations" ;
schema:isPartOf :question-185 .
:answer-185-D a schema:Answer ;
schema:position "D" ;
schema:text "Cybersecurity Framework for Critical Infrastructure" ;
schema:isPartOf :question-185 .
:question-186 a schema:Question ;
schema:name "Question 186" ;
schema:text "Who emphasized the importance of ISO/IEC 27004:2016 due to cybersecurity risks?" ;
schema:suggestedAnswer :answer-186-A ,
:answer-186-B ,
:answer-186-C ,
:answer-186-D ;
schema:acceptedAnswer :answer-186-B ;
schema:isPartOf :dataset .
:answer-186-A a schema:Answer ;
schema:position "A" ;
schema:text "Julian Assange" ;
schema:isPartOf :question-186 .
:answer-186-B a schema:Answer ;
schema:position "B" ;
schema:text "Edward Humphreys" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-186 .
:answer-186-C a schema:Answer ;
schema:position "C" ;
schema:text "Chelsea Manning" ;
schema:isPartOf :question-186 .
:answer-186-D a schema:Answer ;
schema:position "D" ;
schema:text "Edward Snowden" ;
schema:isPartOf :question-186 .
:question-187 a schema:Question ;
schema:name "Question 187" ;
schema:text "In the context of ISO/IEC 27004:2016, what is meant by 'construct an information security measurement program'?" ;
schema:suggestedAnswer :answer-187-A ,
:answer-187-B ,
:answer-187-C ,
:answer-187-D ;
schema:acceptedAnswer :answer-187-D ;
schema:isPartOf :dataset .
:answer-187-A a schema:Answer ;
schema:position "A" ;
schema:text "Creating algorithms to detect cyber threats" ;
schema:isPartOf :question-187 .
:answer-187-B a schema:Answer ;
schema:position "B" ;
schema:text "Building a physical security system for data centers" ;
schema:isPartOf :question-187 .
:answer-187-C a schema:Answer ;
schema:position "C" ;
schema:text "Implementing network monitoring tools" ;
schema:isPartOf :question-187 .
:answer-187-D a schema:Answer ;
schema:position "D" ;
schema:text "Developing a framework to measure security performance" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-187 .
:question-188 a schema:Question ;
schema:name "Question 188" ;
schema:text "What is one of the key aspects detailed in ISO/IEC 27004:2016 regarding measurement processes?" ;
schema:suggestedAnswer :answer-188-A ,
:answer-188-B ,
:answer-188-C ,
:answer-188-D ;
schema:acceptedAnswer :answer-188-A ;
schema:isPartOf :dataset .
:answer-188-A a schema:Answer ;
schema:position "A" ;
schema:text "Assessing the effectiveness of different types of measures" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-188 .
:answer-188-B a schema:Answer ;
schema:position "B" ;
schema:text "Selecting the best encryption algorithm for data protection" ;
schema:isPartOf :question-188 .
:answer-188-C a schema:Answer ;
schema:position "C" ;
schema:text "Designing a firewall for network security" ;
schema:isPartOf :question-188 .
:answer-188-D a schema:Answer ;
schema:position "D" ;
schema:text "Creating a secure authentication system for users" ;
schema:isPartOf :question-188 .
:question-189 a schema:Question ;
schema:name "Question 189" ;
schema:text "How does ISO/IEC 27004:2016 contribute to organizations facing security threats?" ;
schema:suggestedAnswer :answer-189-A ,
:answer-189-B ,
:answer-189-C ,
:answer-189-D ;
schema:acceptedAnswer :answer-189-B ;
schema:isPartOf :dataset .
:answer-189-A a schema:Answer ;
schema:position "A" ;
schema:text "By creating a secure cloud computing architecture" ;
schema:isPartOf :question-189 .
:answer-189-B a schema:Answer ;
schema:position "B" ;
schema:text "By providing essential and practical support in information security management" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-189 .
:answer-189-C a schema:Answer ;
schema:position "C" ;
schema:text "By developing social engineering prevention techniques" ;
schema:isPartOf :question-189 .
:answer-189-D a schema:Answer ;
schema:position "D" ;
schema:text "By implementing advanced intrusion detection systems" ;
schema:isPartOf :question-189 .
:question-190 a schema:Question ;
schema:name "Question 190" ;
schema:text "What does ISO/IEC 27004:2016 help organizations select when it comes to measurement processes?" ;
schema:suggestedAnswer :answer-190-A ,
:answer-190-B ,
:answer-190-C ;
schema:acceptedAnswer :answer-190-B ;
schema:isPartOf :dataset .
:answer-190-A a schema:Answer ;
schema:position "A" ;
schema:text "The most effective employee training programs" ;
schema:isPartOf :question-190 .
:answer-190-B a schema:Answer ;
schema:position "B" ;
schema:text "What to measure" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-190 .
:answer-190-C a schema:Answer ;
schema:position "C" ;
schema:text "The best software development methodology" ;
schema:isPartOf :question-190 .
:question-191 a schema:Question ;
schema:name "Question 191" ;
schema:text "Why does Edward Humphreys mention that cyber attacks are significant risks?" ;
schema:suggestedAnswer :answer-191-A ,
:answer-191-B ;
schema:acceptedAnswer :answer-191-B ;
schema:isPartOf :dataset .
:answer-191-A a schema:Answer ;
schema:position "A" ;
schema:text "To highlight the importance of data backups" ;
schema:isPartOf :question-191 .
:answer-191-B a schema:Answer ;
schema:position "B" ;
schema:text "To point out the increasing diversity of security attacks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-191 .
:question-192 a schema:Question ;
schema:name "Question 192" ;
schema:text "How does ISO 27005 differ from other publications like NIST SP 800-30?" ;
schema:suggestedAnswer :answer-192-A ,
:answer-192-B ,
:answer-192-C ,
:answer-192-D ;
schema:acceptedAnswer :answer-192-B ;
schema:isPartOf :dataset .
:answer-192-A a schema:Answer ;
schema:position "A" ;
schema:text "It incorporates several standards into one document." ;
schema:isPartOf :question-192 .
:answer-192-B a schema:Answer ;
schema:position "B" ;
schema:text "It provides general guidelines, but no specific approach." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-192 .
:answer-192-C a schema:Answer ;
schema:position "C" ;
schema:text "It requires 100% adherence to management procedures." ;
schema:isPartOf :question-192 .
:answer-192-D a schema:Answer ;
schema:position "D" ;
schema:text "It provides a more detailed approach to risk management." ;
schema:isPartOf :question-192 .
:question-193 a schema:Question ;
schema:name "Question 193" ;
schema:text "The five-stage process for risk management as laid out in ISO 27005 begins with what step?" ;
schema:suggestedAnswer :answer-193-A ,
:answer-193-B ,
:answer-193-C ,
:answer-193-D ;
schema:acceptedAnswer :answer-193-A ;
schema:isPartOf :dataset .
:answer-193-A a schema:Answer ;
schema:position "A" ;
schema:text "Assessing risks, assets, and controls." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-193 .
:answer-193-B a schema:Answer ;
schema:position "B" ;
schema:text "Treatment high-priority risks first." ;
schema:isPartOf :question-193 .
:answer-193-C a schema:Answer ;
schema:position "C" ;
schema:text "Communicating with stakeholders." ;
schema:isPartOf :question-193 .
:answer-193-D a schema:Answer ;
schema:position "D" ;
schema:text "Accepting some risks without treatment." ;
schema:isPartOf :question-193 .
:question-194 a schema:Question ;
schema:name "Question 194" ;
schema:text "What significant action must be taken to complete the second stage of the risk management framework?" ;
schema:suggestedAnswer :answer-194-A ,
:answer-194-B ,
:answer-194-C ,
:answer-194-D ;
schema:acceptedAnswer :answer-194-C ;
schema:isPartOf :dataset .
:answer-194-A a schema:Answer ;
schema:position "A" ;
schema:text "Looking at risks from competitors." ;
schema:isPartOf :question-194 .
:answer-194-B a schema:Answer ;
schema:position "B" ;
schema:text "Talking to stakeholders about risks." ;
schema:isPartOf :question-194 .
:answer-194-C a schema:Answer ;
schema:position "C" ;
schema:text "Prioritizing the severity of the risk." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-194 .
:answer-194-D a schema:Answer ;
schema:position "D" ;
schema:text "Determining top business objectives." ;
schema:isPartOf :question-194 .
:question-195 a schema:Question ;
schema:name "Question 195" ;
schema:text "The penalty levied on a convict whose crime results in damage to a computer system or its data or property to the value of $5,000 or over is a _____" ;
schema:suggestedAnswer :answer-195-A ,
:answer-195-B ,
:answer-195-C ,
:answer-195-D ;
schema:acceptedAnswer :answer-195-C ;
schema:isPartOf :dataset .
:answer-195-A a schema:Answer ;
schema:position "A" ;
schema:text "Class B Felony" ;
schema:isPartOf :question-195 .
:answer-195-B a schema:Answer ;
schema:position "B" ;
schema:text "Class A Misdemeanor" ;
schema:isPartOf :question-195 .
:answer-195-C a schema:Answer ;
schema:position "C" ;
schema:text "Class C Felony" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-195 .
:answer-195-D a schema:Answer ;
schema:position "D" ;
schema:text "Class D Misdemeanor" ;
schema:isPartOf :question-195 .
:question-196 a schema:Question ;
schema:name "Question 196" ;
schema:text "What is the primary purpose of ISO/IEC 27005:2022?" ;
schema:suggestedAnswer :answer-196-A ,
:answer-196-B ,
:answer-196-C ,
:answer-196-D ;
schema:acceptedAnswer :answer-196-B ;
schema:isPartOf :dataset .
:answer-196-A a schema:Answer ;
schema:position "A" ;
schema:text "To provide guidelines for implementing ISO/IEC 27001 controls" ;
schema:isPartOf :question-196 .
:answer-196-B a schema:Answer ;
schema:position "B" ;
schema:text "To offer guidance on managing information security risks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-196 .
:answer-196-C a schema:Answer ;
schema:position "C" ;
schema:text "To define cybersecurity incident response procedures" ;
schema:isPartOf :question-196 .
:answer-196-D a schema:Answer ;
schema:position "D" ;
schema:text "To standardize encryption algorithms" ;
schema:isPartOf :question-196 .
:question-197 a schema:Question ;
schema:name "Question 197" ;
schema:text "Which ISO standard is most closely related to ISO/IEC 27005:2022?" ;
schema:suggestedAnswer :answer-197-A ,
:answer-197-B ,
:answer-197-C ,
:answer-197-D ;
schema:acceptedAnswer :answer-197-A ;
schema:isPartOf :dataset .
:answer-197-A a schema:Answer ;
schema:position "A" ;
schema:text "ISO/IEC 27001 (ISMS requirements)" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-197 .
:answer-197-B a schema:Answer ;
schema:position "B" ;
schema:text "ISO/IEC 27002 (Security controls)" ;
schema:isPartOf :question-197 .
:answer-197-C a schema:Answer ;
schema:position "C" ;
schema:text "ISO/IEC 27017 (Cloud security)" ;
schema:isPartOf :question-197 .
:answer-197-D a schema:Answer ;
schema:position "D" ;
schema:text "ISO/IEC 27031 (ICT disaster recovery)" ;
schema:isPartOf :question-197 .
:question-198 a schema:Question ;
schema:name "Question 198" ;
schema:text "Which of the following is NOT a key step in the ISO/IEC 27005 risk management process?" ;
schema:suggestedAnswer :answer-198-A ,
:answer-198-B ,
:answer-198-C ,
:answer-198-D ;
schema:acceptedAnswer :answer-198-C ;
schema:isPartOf :dataset .
:answer-198-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk identification" ;
schema:isPartOf :question-198 .
:answer-198-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk assessment" ;
schema:isPartOf :question-198 .
:answer-198-C a schema:Answer ;
schema:position "C" ;
schema:text "Risk transfer (insurance)" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-198 .
:answer-198-D a schema:Answer ;
schema:position "D" ;
schema:text "Risk treatment" ;
schema:isPartOf :question-198 .
:question-199 a schema:Question ;
schema:name "Question 199" ;
schema:text "What is the difference between \"inherent risk\" and \"residual risk\" in ISO/IEC 27005?" ;
schema:suggestedAnswer :answer-199-A ,
:answer-199-B ,
:answer-199-C ,
:answer-199-D ;
schema:acceptedAnswer :answer-199-A ;
schema:isPartOf :dataset .
:answer-199-A a schema:Answer ;
schema:position "A" ;
schema:text "Inherent risk is before controls, residual risk is after controls" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-199 .
:answer-199-B a schema:Answer ;
schema:position "B" ;
schema:text "Inherent risk is financial, residual risk is operational" ;
schema:isPartOf :question-199 .
:answer-199-C a schema:Answer ;
schema:position "C" ;
schema:text "Inherent risk is external, residual risk is internal" ;
schema:isPartOf :question-199 .
:answer-199-D a schema:Answer ;
schema:position "D" ;
schema:text "They are the same" ;
schema:isPartOf :question-199 .
:question-200 a schema:Question ;
schema:name "Question 200" ;
schema:text "Which risk assessment methodology is recommended by ISO/IEC 27005:2022?" ;
schema:suggestedAnswer :answer-200-A ,
:answer-200-B ,
:answer-200-C ,
:answer-200-D ;
schema:acceptedAnswer :answer-200-D ;
schema:isPartOf :dataset .
:answer-200-A a schema:Answer ;
schema:position "A" ;
schema:text "Only quantitative methods" ;
schema:isPartOf :question-200 .
:answer-200-B a schema:Answer ;
schema:position "B" ;
schema:text "Only qualitative methods" ;
schema:isPartOf :question-200 .
:answer-200-C a schema:Answer ;
schema:position "C" ;
schema:text "A combination of qualitative and quantitative methods" ;
schema:isPartOf :question-200 .
:answer-200-D a schema:Answer ;
schema:position "D" ;
schema:text "No specific method is prescribed" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-200 .
:question-201 a schema:Question ;
schema:name "Question 201" ;
schema:text "What is the purpose of a \"risk appetite\" in ISO/IEC 27005?" ;
schema:suggestedAnswer :answer-201-A ,
:answer-201-B ,
:answer-201-C ,
:answer-201-D ;
schema:acceptedAnswer :answer-201-B ;
schema:isPartOf :dataset .
:answer-201-A a schema:Answer ;
schema:position "A" ;
schema:text "To define the maximum budget for cybersecurity" ;
schema:isPartOf :question-201 .
:answer-201-B a schema:Answer ;
schema:position "B" ;
schema:text "To set the level of risk an organization is willing to accept" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-201 .
:answer-201-C a schema:Answer ;
schema:position "C" ;
schema:text "To measure employee awareness of risks" ;
schema:isPartOf :question-201 .
:answer-201-D a schema:Answer ;
schema:position "D" ;
schema:text "To determine insurance premiums" ;
schema:isPartOf :question-201 .
:question-202 a schema:Question ;
schema:name "Question 202" ;
schema:text "Which of the following is a valid risk treatment option per ISO/IEC 27005?" ;
schema:suggestedAnswer :answer-202-A ,
:answer-202-B ,
:answer-202-C ,
:answer-202-D ;
schema:acceptedAnswer :answer-202-D ;
schema:isPartOf :dataset .
:answer-202-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk avoidance (discontinuing the activity)" ;
schema:isPartOf :question-202 .
:answer-202-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk sharing (outsourcing)" ;
schema:isPartOf :question-202 .
:answer-202-C a schema:Answer ;
schema:position "C" ;
schema:text "Risk acceptance (tolerating the risk)" ;
schema:isPartOf :question-202 .
:answer-202-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-202 .
:question-203 a schema:Question ;
schema:name "Question 203" ;
schema:text "What role does \"risk communication\" play in ISO/IEC 27005?" ;
schema:suggestedAnswer :answer-203-A ,
:answer-203-B ,
:answer-203-C ,
:answer-203-D ;
schema:acceptedAnswer :answer-203-A ;
schema:isPartOf :dataset .
:answer-203-A a schema:Answer ;
schema:position "A" ;
schema:text "It ensures stakeholders understand the risks and controls" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-203 .
:answer-203-B a schema:Answer ;
schema:position "B" ;
schema:text "It is only needed for regulatory compliance" ;
schema:isPartOf :question-203 .
:answer-203-C a schema:Answer ;
schema:position "C" ;
schema:text "It replaces the need for risk assessments" ;
schema:isPartOf :question-203 .
:answer-203-D a schema:Answer ;
schema:position "D" ;
schema:text "It focuses only on IT department risks" ;
schema:isPartOf :question-203 .
:question-204 a schema:Question ;
schema:name "Question 204" ;
schema:text "How often should risk assessments be performed per ISO/IEC 27005?" ;
schema:suggestedAnswer :answer-204-A ,
:answer-204-B ,
:answer-204-C ,
:answer-204-D ;
schema:acceptedAnswer :answer-204-B ;
schema:isPartOf :dataset .
:answer-204-A a schema:Answer ;
schema:position "A" ;
schema:text "Only once during ISMS implementation" ;
schema:isPartOf :question-204 .
:answer-204-B a schema:Answer ;
schema:position "B" ;
schema:text "Annually or when significant changes occur" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-204 .
:answer-204-C a schema:Answer ;
schema:position "C" ;
schema:text "Only after a security breach" ;
schema:isPartOf :question-204 .
:answer-204-D a schema:Answer ;
schema:position "D" ;
schema:text "Every 5 years" ;
schema:isPartOf :question-204 .
:question-205 a schema:Question ;
schema:name "Question 205" ;
schema:text "Which document should record the outcomes of risk assessments per ISO/IEC 27005?" ;
schema:suggestedAnswer :answer-205-A ,
:answer-205-B ,
:answer-205-C ,
:answer-205-D ;
schema:acceptedAnswer :answer-205-D ;
schema:isPartOf :dataset .
:answer-205-A a schema:Answer ;
schema:position "A" ;
schema:text "Statement of Applicability (SoA)" ;
schema:isPartOf :question-205 .
:answer-205-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk Treatment Plan (RTP)" ;
schema:isPartOf :question-205 .
:answer-205-C a schema:Answer ;
schema:position "C" ;
schema:text "Risk Register" ;
schema:isPartOf :question-205 .
:answer-205-D a schema:Answer ;
schema:position "D" ;
schema:text "All of the above" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-205 .
:question-206 a schema:Question ;
schema:name "Question 206" ;
schema:text "How do ISO 27001 and ISO 27005 relate to each other?" ;
schema:suggestedAnswer :answer-206-A ,
:answer-206-B ,
:answer-206-C ,
:answer-206-D ;
schema:acceptedAnswer :answer-206-A ;
schema:isPartOf :dataset .
:answer-206-A a schema:Answer ;
schema:position "A" ;
schema:text "ISO 27001 is a standard for risk management, and ISO 27005 is for information security management" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-206 .
:answer-206-B a schema:Answer ;
schema:position "B" ;
schema:text "ISO 27005 is a subset of ISO 27001" ;
schema:isPartOf :question-206 .
:answer-206-C a schema:Answer ;
schema:position "C" ;
schema:text "ISO 27001 and ISO 27005 are unrelated standards" ;
schema:isPartOf :question-206 .
:answer-206-D a schema:Answer ;
schema:position "D" ;
schema:text "ISO 27001 is an older version of ISO 27005" ;
schema:isPartOf :question-206 .
:question-207 a schema:Question ;
schema:name "Question 207" ;
schema:text "Which standard provides guidelines for information security risk management processes?" ;
schema:suggestedAnswer :answer-207-A ,
:answer-207-B ,
:answer-207-C ,
:answer-207-D ;
schema:acceptedAnswer :answer-207-C ;
schema:isPartOf :dataset .
:answer-207-A a schema:Answer ;
schema:position "A" ;
schema:text "ISO 9001" ;
schema:isPartOf :question-207 .
:answer-207-B a schema:Answer ;
schema:position "B" ;
schema:text "ISO 27001" ;
schema:isPartOf :question-207 .
:answer-207-C a schema:Answer ;
schema:position "C" ;
schema:text "ISO 27005" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-207 .
:answer-207-D a schema:Answer ;
schema:position "D" ;
schema:text "ISO 14001" ;
schema:isPartOf :question-207 .
:question-208 a schema:Question ;
schema:name "Question 208" ;
schema:text "Which phase of the risk management process is emphasized by ISO 27005?" ;
schema:suggestedAnswer :answer-208-A ,
:answer-208-B ,
:answer-208-C ,
:answer-208-D ;
schema:acceptedAnswer :answer-208-C ;
schema:isPartOf :dataset .
:answer-208-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk acceptance" ;
schema:isPartOf :question-208 .
:answer-208-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk communication" ;
schema:isPartOf :question-208 .
:answer-208-C a schema:Answer ;
schema:position "C" ;
schema:text "Risk assessment" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-208 .
:answer-208-D a schema:Answer ;
schema:position "D" ;
schema:text "Risk celebration" ;
schema:isPartOf :question-208 .
:question-209 a schema:Question ;
schema:name "Question 209" ;
schema:text "How does ISO 27005 support ISO 27001 in the risk treatment process?" ;
schema:suggestedAnswer :answer-209-A ,
:answer-209-B ,
:answer-209-C ,
:answer-209-D ;
schema:acceptedAnswer :answer-209-B ;
schema:isPartOf :dataset .
:answer-209-A a schema:Answer ;
schema:position "A" ;
schema:text "By providing guidelines for risk assessment" ;
schema:isPartOf :question-209 .
:answer-209-B a schema:Answer ;
schema:position "B" ;
schema:text "By specifying security controls in the Statement of Applicability" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-209 .
:answer-209-C a schema:Answer ;
schema:position "C" ;
schema:text "By focusing on continuous improvement" ;
schema:isPartOf :question-209 .
:answer-209-D a schema:Answer ;
schema:position "D" ;
schema:text "By managing office supplies" ;
schema:isPartOf :question-209 .
:question-210 a schema:Question ;
schema:name "Question 210" ;
schema:text "What is the relationship between the Statement of Applicability (So" ;
schema:suggestedAnswer :answer-210-A ,
:answer-210-B ,
:answer-210-C ,
:answer-210-D ;
schema:acceptedAnswer :answer-210-A ;
schema:isPartOf :dataset .
:answer-210-A a schema:Answer ;
schema:position "A" ;
schema:text "The SoA lists controls to address identified risks" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-210 .
:answer-210-B a schema:Answer ;
schema:position "B" ;
schema:text "The SoA is irrelevant to risk management" ;
schema:isPartOf :question-210 .
:answer-210-C a schema:Answer ;
schema:position "C" ;
schema:text "The SoA is an alternative to risk assessments" ;
schema:isPartOf :question-210 .
:answer-210-D a schema:Answer ;
schema:position "D" ;
schema:text "The SoA outlines employee benefits" ;
schema:isPartOf :question-210 .
:question-211 a schema:Question ;
schema:name "Question 211" ;
schema:text "An organization decided to use nonnumerical categories, i.e., low, medium, and high for describing consequence and probability. Which risk analysis methodology is the organization using?" ;
schema:suggestedAnswer :answer-211-A ,
:answer-211-B ,
:answer-211-C ;
schema:acceptedAnswer :answer-211-C ;
schema:isPartOf :dataset .
:answer-211-A a schema:Answer ;
schema:position "A" ;
schema:text "Quantitative" ;
schema:isPartOf :question-211 .
:answer-211-B a schema:Answer ;
schema:position "B" ;
schema:text "Semi-quantitative" ;
schema:isPartOf :question-211 .
:answer-211-C a schema:Answer ;
schema:position "C" ;
schema:text "Qualitative" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-211 .
:question-212 a schema:Question ;
schema:name "Question 212" ;
schema:text "What type of process is risk management?" ;
schema:suggestedAnswer :answer-212-A ,
:answer-212-B ,
:answer-212-C ;
schema:acceptedAnswer :answer-212-A ;
schema:isPartOf :dataset .
:answer-212-A a schema:Answer ;
schema:position "A" ;
schema:text "Ongoing, which allows organizations to monitor risk and keep it at an acceptable level" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-212 .
:answer-212-B a schema:Answer ;
schema:position "B" ;
schema:text "Iterative, which is conducted simultaneously with internal audits to ensure the effectiveness of an organization's operations" ;
schema:isPartOf :question-212 .
:answer-212-C a schema:Answer ;
schema:position "C" ;
schema:text "Ongoing, which must be conducted annually and be consistent with the selection of security controls" ;
schema:isPartOf :question-212 .
:question-213 a schema:Question ;
schema:name "Question 213" ;
schema:text "After creating a plan for outsourcing to a cloud service provider to store their confidential information in cloud, OrgX decided to not pursue this business strategy since the risk of doing so was high. Which risk treatment option did OrgX use?" ;
schema:suggestedAnswer :answer-213-A ,
:answer-213-B ,
:answer-213-C ;
schema:acceptedAnswer :answer-213-A ;
schema:isPartOf :dataset .
:answer-213-A a schema:Answer ;
schema:position "A" ;
schema:text "Risk avoidance" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-213 .
:answer-213-B a schema:Answer ;
schema:position "B" ;
schema:text "Risk sharing" ;
schema:isPartOf :question-213 .
:answer-213-C a schema:Answer ;
schema:position "C" ;
schema:text "Risk modification" ;
schema:isPartOf :question-213 .
:question-214 a schema:Question ;
schema:name "Question 214" ;
schema:text "According to ISO 31000, which of the following is a principle of risk management?" ;
schema:suggestedAnswer :answer-214-A ,
:answer-214-B ,
:answer-214-C ;
schema:acceptedAnswer :answer-214-A ;
schema:isPartOf :dataset .
:answer-214-A a schema:Answer ;
schema:position "A" ;
schema:text "Dynamic" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-214 .
:answer-214-B a schema:Answer ;
schema:position "B" ;
schema:text "Qualitative" ;
schema:isPartOf :question-214 .
:answer-214-C a schema:Answer ;
schema:position "C" ;
schema:text "Reliability" ;
schema:isPartOf :question-214 .
:question-215 a schema:Question ;
schema:name "Question 215" ;
schema:text "What are opportunities?" ;
schema:suggestedAnswer :answer-215-A ,
:answer-215-B ,
:answer-215-C ;
schema:acceptedAnswer :answer-215-B ;
schema:isPartOf :dataset .
:answer-215-A a schema:Answer ;
schema:position "A" ;
schema:text "Occurrence or change of a particular set of circumstances" ;
schema:isPartOf :question-215 .
:answer-215-B a schema:Answer ;
schema:position "B" ;
schema:text "Combination of circumstances expected to be favorable to objectives" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-215 .
:answer-215-C a schema:Answer ;
schema:position "C" ;
schema:text "Outcome of an event affecting objectives" ;
schema:isPartOf :question-215 .
:question-216 a schema:Question ;
schema:name "Question 216" ;
schema:text "What should an organization do after it has established the risk communication plan?" ;
schema:suggestedAnswer :answer-216-A ,
:answer-216-B ,
:answer-216-C ;
schema:acceptedAnswer :answer-216-C ;
schema:isPartOf :dataset .
:answer-216-A a schema:Answer ;
schema:position "A" ;
schema:text "Change the communication approach and tools" ;
schema:isPartOf :question-216 .
:answer-216-B a schema:Answer ;
schema:position "B" ;
schema:text "Update the information security policy" ;
schema:isPartOf :question-216 .
:answer-216-C a schema:Answer ;
schema:position "C" ;
schema:text "Establish internal and external communication" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-216 .
:question-217 a schema:Question ;
schema:name "Question 217" ;
schema:text "According to CRAMM methodology, how is risk assessment initiated?" ;
schema:suggestedAnswer :answer-217-A ,
:answer-217-B ,
:answer-217-C ;
schema:acceptedAnswer :answer-217-A ;
schema:isPartOf :dataset .
:answer-217-A a schema:Answer ;
schema:position "A" ;
schema:text "By gathering information on the system and identifying assets within the scope" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-217 .
:answer-217-B a schema:Answer ;
schema:position "B" ;
schema:text "By identifying the security risks" ;
schema:isPartOf :question-217 .
:answer-217-C a schema:Answer ;
schema:position "C" ;
schema:text "By determining methods and procedures for managing risks" ;
schema:isPartOf :question-217 .
:question-218 a schema:Question ;
schema:name "Question 218" ;
schema:text "According to ISO/IEC 27005, what is the output of the documentation of risk management processes?" ;
schema:suggestedAnswer :answer-218-A ,
:answer-218-B ,
:answer-218-C ;
schema:acceptedAnswer :answer-218-B ;
schema:isPartOf :dataset .
:answer-218-A a schema:Answer ;
schema:position "A" ;
schema:text "Knowledge on the information security risk assessment and treatment processes in accordance with clauses 7 and 8 of the standard" ;
schema:isPartOf :question-218 .
:answer-218-B a schema:Answer ;
schema:position "B" ;
schema:text "Documented information about the information security risk assessment and treatment results" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-218 .
:answer-218-C a schema:Answer ;
schema:position "C" ;
schema:text "Documented information that is necessary for the effectiveness of the information security risk assessment or risk treatment processes" ;
schema:isPartOf :question-218 .
:question-219 a schema:Question ;
schema:name "Question 219" ;
schema:text "Based on the EBIOS RM method, which of the following is one of the four attack sequence phases?" ;
schema:suggestedAnswer :answer-219-A ,
:answer-219-B ,
:answer-219-C ;
schema:acceptedAnswer :answer-219-A ;
schema:isPartOf :dataset .
:answer-219-A a schema:Answer ;
schema:position "A" ;
schema:text "Exploiting" ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-219 .
:answer-219-B a schema:Answer ;
schema:position "B" ;
schema:text "Treating" ;
schema:isPartOf :question-219 .
:answer-219-C a schema:Answer ;
schema:position "C" ;
schema:text "Attacking" ;
schema:isPartOf :question-219 .
:question-220 a schema:Question ;
schema:name "Question 220" ;
schema:text "Who can utilize the ISO/IEC 27000 series?" ;
schema:suggestedAnswer :answer-220-A ,
:answer-220-B ,
:answer-220-C ,
:answer-220-D ;
schema:acceptedAnswer :answer-220-D ;
schema:isPartOf :dataset .
:answer-220-A a schema:Answer ;
schema:position "A" ;
schema:text "Religious institutions." ;
schema:isPartOf :question-220 .
:answer-220-B a schema:Answer ;
schema:position "B" ;
schema:text "Small businesses." ;
schema:isPartOf :question-220 .
:answer-220-C a schema:Answer ;
schema:position "C" ;
schema:text "Large companies." ;
schema:isPartOf :question-220 .
:answer-220-D a schema:Answer ;
schema:position "D" ;
schema:text "All types of companies." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-220 .
:question-221 a schema:Question ;
schema:name "Question 221" ;
schema:text "What is the ISO/IEC 27000 series used for?" ;
schema:suggestedAnswer :answer-221-A ,
:answer-221-B ,
:answer-221-C ,
:answer-221-D ;
schema:acceptedAnswer :answer-221-C ;
schema:isPartOf :dataset .
:answer-221-A a schema:Answer ;
schema:position "A" ;
schema:text "Providing measurements for industry comparison." ;
schema:isPartOf :question-221 .
:answer-221-B a schema:Answer ;
schema:position "B" ;
schema:text "Providing a blueprint for purchasing hardware." ;
schema:isPartOf :question-221 .
:answer-221-C a schema:Answer ;
schema:position "C" ;
schema:text "Providing a framework for information security." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-221 .
:answer-221-D a schema:Answer ;
schema:position "D" ;
schema:text "Providing an outline for detailing business plans." ;
schema:isPartOf :question-221 .
:question-222 a schema:Question ;
schema:name "Question 222" ;
schema:text "What does it mean to adopt a ''risk-based approach'' as recommended in the ISO/IEC 27000 series?" ;
schema:suggestedAnswer :answer-222-A ,
:answer-222-B ,
:answer-222-C ,
:answer-222-D ;
schema:acceptedAnswer :answer-222-B ;
schema:isPartOf :dataset .
:answer-222-A a schema:Answer ;
schema:position "A" ;
schema:text "To approach your security program without fear of unknown risks." ;
schema:isPartOf :question-222 .
:answer-222-B a schema:Answer ;
schema:position "B" ;
schema:text "To make security decisions based on evaluating potential risks." ;
schema:isAccepted "true"^^xsd:boolean ;
schema:isPartOf :question-222 .
:answer-222-C a schema:Answer ;
schema:position "C" ;
schema:text "To make risky security decisions if you hope to accomplish great things." ;
schema:isPartOf :question-222 .
:answer-222-D a schema:Answer ;
schema:position "D" ;
schema:text "To approach risks slowly and cautiously outside the security program." ;
schema:isPartOf :question-222 .