System upon ISO/IEC 27001:2013 & 27002: 2013 Watu: 30 menit !er"atian conto" sa#a" yg $i "a#aman tera"ir% 1. The following are the elements of Information States from McCumber Cube, EXCEPT? (es1!"# a. Processing b. Storage c. Transmission $. Policy and procedures %. IS&'IEC %())1*%))+ has ,,,,, controls in ,,,,, sections. -hereas IS&'IEC %())1*%)1. has ,,,,, controls in ,,,,, sections. (es%!1"# a. 11/, 11, 11/, 1/ b. 1.., 1/, 11/, 11 c. 133, 11, 114, 14 $. 11/, 11, 1.., 1/ .. -hich one of the following IS& stan$ar$s that 0ro1i$es the gui$elines for au$itors on information securit2 management s2stems controls? (es.!/# a. IS&'IEC %())%*%)1. b. ISO/IEC 27008:2011 c. IS&'IEC %())1*%)1. $. IS&'IEC %()).*%)11 /. There are two IS&'IEC stan$ar$ a$o0tions for information securit2 im0lementation, choose all that a00l23 (es.!1%# a. ISO/IEC 27002:2013 b. IS&'IEC %()))*%)1/ c. ISO/IEC 27001:2013 Post!est 1 $. IS&'IEC %()).*%)11 +. ,,,,, $efine controls for access control 0olic2, user access management, s2stem an$ a00lication access control, an$ user res0onsibilities. (es.!%.# a. Information securit2 0olicies b. 4uman resource securit2 c. 5sset management $. "ccess control 6. S&5 is ,,,,, (es6!."# a. treatment 0rocess of selection an$ im0lementation of measures to mo$if2 ris7 b. docu#ented state#ent descri$in% t&e control o$'ecti(es and controls t&at are rele(ant and applica$le to t&e or%ani)ation*s IS+S c. a list of can$i$ate Control &b8ecti1es an$ Controls $. a list of control measures (. ,,,,, is 0otential e1ent resulting in loss. (es6!/# a. 5sset b. !&reat c. 9ulnerabilit2 $. E:0loit ;. ,,,,, is arrangement to re$uce li7elihoo$ an$'or im0act. (es6!/# a. 5sset b. +iti%ation c. 9ulnerabilit2 $. 4ar$ening Post!est 2 ". ,,,,, is a techni<ue that uses a 1ulnerabilit2 to 0ro1i$e s2stem access. (es6!/# a. 5sset b. E,ploit c. 9ulnerabilit2 $. Im0act 1). The following is the one of ris7 anal2sis metho$olog2, EXCEPT? (Choose Two# (es6! 1.# a. O$'ecti(e -is. "nalysis b. "ssets -is. "nalysis c. =ualitati1e >is7 5nal2sis $. =uantitati1e >is7 5nal2sis 11. -hich one of the following $oes ?&T inclu$e in Polic2 4ierarch2? (es+!"# a. @o1erning Polic2 $/ 0usiness Processes c. Technical Polic2 $. @ui$elines 1%. -hich one of the following o0tions that $escribe the $efinition of >is7 5ssessment? (es6!"# a/ Identi1ies, 2uanti1ies, and prioriti)es ris.s b. Mitigate i$entifie$ ris7s c. Subset of the ris7 management 0rocess $. Combination of Threat, i7elihoo$ an$ Im0act 1.. -hich one of the following o0tions that $escribe the $efinition of >is7 Treatment? (es6! "# a. I$entifies, <uantifies, an$ 0rioritiAes ris7s b. Subset of the ris7 management 0rocess c. Combination of Threat, i7elihoo$ an$ Im0act d/ +iti%ate identi1ied ris.s Post!est 3 1/. Calculate the 5E for the following case3 (es6!1/# >is7 of 0ower surge $estro2ing ser1er* Cost of ser1er B+))) (inclu$ing im0act on re0utation, lost business, etc.# Power surge once e1er2 % 2ears a. B%.))) $/ 32/400 c. B%.(+) $. B..))) 1+. The following are the >is7 5ssessment 0rocesses, EXCEPT? (es6!%%# a. 5ssets i$entif2ing b. Threats an$ 1ulnerabilities i$entif2ing c. Combination of Threat, i7elihoo$ an$ Im0act d/ Produce t&e -!Ps 16. The following are the information com0onents of IS&'IEC %())%*%)1. $ocument structure, EXCEPT* (es.!%+# a. Control b. Im0lementation gui$ance c. "ssets 5ist $. &ther Info 1(. The following are stages of em0lo2ment base$ on IS&'IEC%())%*%)1., EXCEPT? (es;! .# a. Prior to em0lo2ment b. Curing em0lo2ment c. 6ser responsi$ilities a7areness $. Termination or change of em0lo2ment 1;. ,,,,, is the onl2 one control that use$ to manage the user res0onsibilities. (es"!1(# a. 6se o1 secret aut&entication in1or#ation b. Dser registration an$ $e!registration c. Dser access 0ro1isioning $. Management of 0ri1ilege$ access rights Post!est 4 1". The following are outcomes of the au$it, EXCEPT? (es1+!+# a. -ritten au$it re0ort b. ?on!conformances an$ obser1ations c. -is. !reate#ent Plan $. 5gree$ time!frames %). The following are the generic au$it 0rocesses of IS& 1")11, EXCEPT? (Choose two# (es1+!1+# a. Sco0ing E 0re!au$it sur1e2 b. Planning E 0re0aration c. -is. assess#ent $. >e0orting e. -is. treat#ent Conto& y% sala&: Ini7an salah ri. Perhati7an 0erubahan 2g merahn2a3 %1. There are two IS&'IEC stan$ar$s a$o0tion for information securit2 im0lementation, choose all that a00l23 (es.!1%# a. ISO/IEC 27002:2013 b. IS&'IEC %()))*%)1/ c. ISO/IEC 27001:2013 $. IS&'IEC %()).*%)11 4arusn2a 7an gini3 %%. There are two IS&'IEC stan$ar$ a$o0tions for information securit2 im0lementation, choose all that a00l23 (es.!1%# a. ISO/IEC 27002:2013 b. IS&'IEC %()))*%)1/ c. ISO/IEC 27001:2013 $. IS&'IEC %()).*%)11 Post!est 4 Ini7an salah 8uga 2a ri. Perhati7an 0erubahan 2g merahn2a3 %.. -hich one of the following is ?&T inclu$e in Polic2 4ierarch2? (es+!"# a. @o1erning Polic2 $/ 0usiness Processes c. Technical Polic2 $. @ui$elines 4arusn2a %/. -hich one of the following $oes ?&T inclu$e in Polic2 4ierarch2? (es+!"# a/ @o1erning Polic2 $/ 0usiness Processes c/ Technical Polic2 d/ @ui$elines Post!est 8