Scribd Logo
Carica

Benvenuto in Scribd!

  • Post-Test (A) - 120714 - Final

    Caricato da

    Shantam
    23 visualizzazioni6 pagine
    Post Test

    Titolo originale

    Post-test (a) - 120714 - Final

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOC, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Post Test

    Copyright:

    © All Rights Reserved
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    23 visualizzazioni6 pagine

    Post-Test (A) - 120714 - Final

    Caricato da

    Shantam
    Post Test

    Copyright:

    © All Rights Reserved
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 6

    Post-Test

    Information Security Management


    System
    upon ISO/IEC 27001:2013 & 27002: 2013
    Watu: 30 menit
    !er"atian conto" sa#a" yg $i "a#aman tera"ir%
    1. The following are the elements of Information States from McCumber Cube, EXCEPT?
    (es1!"#
    a. Processing
    b. Storage
    c. Transmission
    $. Policy and procedures
    %. IS&'IEC %())1*%))+ has ,,,,, controls in ,,,,, sections. -hereas IS&'IEC
    %())1*%)1. has ,,,,, controls in ,,,,, sections. (es%!1"#
    a. 11/, 11, 11/, 1/
    b. 1.., 1/, 11/, 11
    c. 133, 11, 114, 14
    $. 11/, 11, 1.., 1/
    .. -hich one of the following IS& stan$ar$s that 0ro1i$es the gui$elines for au$itors on
    information securit2 management s2stems controls? (es.!/#
    a. IS&'IEC %())%*%)1.
    b. ISO/IEC 27008:2011
    c. IS&'IEC %())1*%)1.
    $. IS&'IEC %()).*%)11
    /. There are two IS&'IEC stan$ar$ a$o0tions for information securit2 im0lementation,
    choose all that a00l23 (es.!1%#
    a. ISO/IEC 27002:2013
    b. IS&'IEC %()))*%)1/
    c. ISO/IEC 27001:2013
    Post!est 1
    $. IS&'IEC %()).*%)11
    +. ,,,,, $efine controls for access control 0olic2, user access management, s2stem an$
    a00lication access control, an$ user res0onsibilities. (es.!%.#
    a. Information securit2 0olicies
    b. 4uman resource securit2
    c. 5sset management
    $. "ccess control
    6. S&5 is ,,,,, (es6!."#
    a. treatment 0rocess of selection an$ im0lementation of measures to mo$if2 ris7
    b. docu#ented state#ent descri$in% t&e control o$'ecti(es and controls t&at are
    rele(ant and applica$le to t&e or%ani)ation*s IS+S
    c. a list of can$i$ate Control &b8ecti1es an$ Controls
    $. a list of control measures
    (. ,,,,, is 0otential e1ent resulting in loss. (es6!/#
    a. 5sset
    b. !&reat
    c. 9ulnerabilit2
    $. E:0loit
    ;. ,,,,, is arrangement to re$uce li7elihoo$ an$'or im0act. (es6!/#
    a. 5sset
    b. +iti%ation
    c. 9ulnerabilit2
    $. 4ar$ening
    Post!est 2
    ". ,,,,, is a techni<ue that uses a 1ulnerabilit2 to 0ro1i$e s2stem access. (es6!/#
    a. 5sset
    b. E,ploit
    c. 9ulnerabilit2
    $. Im0act
    1). The following is the one of ris7 anal2sis metho$olog2, EXCEPT? (Choose Two# (es6!
    1.#
    a. O$'ecti(e -is. "nalysis
    b. "ssets -is. "nalysis
    c. =ualitati1e >is7 5nal2sis
    $. =uantitati1e >is7 5nal2sis
    11. -hich one of the following $oes ?&T inclu$e in Polic2 4ierarch2? (es+!"#
    a. @o1erning Polic2
    $/ 0usiness Processes
    c. Technical Polic2
    $. @ui$elines
    1%. -hich one of the following o0tions that $escribe the $efinition of >is7 5ssessment?
    (es6!"#
    a/ Identi1ies, 2uanti1ies, and prioriti)es ris.s
    b. Mitigate i$entifie$ ris7s
    c. Subset of the ris7 management 0rocess
    $. Combination of Threat, i7elihoo$ an$ Im0act
    1.. -hich one of the following o0tions that $escribe the $efinition of >is7 Treatment? (es6!
    "#
    a. I$entifies, <uantifies, an$ 0rioritiAes ris7s
    b. Subset of the ris7 management 0rocess
    c. Combination of Threat, i7elihoo$ an$ Im0act
    d/ +iti%ate identi1ied ris.s
    Post!est 3
    1/. Calculate the 5E for the following case3 (es6!1/#
    >is7 of 0ower surge $estro2ing ser1er*
    Cost of ser1er B+))) (inclu$ing im0act on re0utation, lost business, etc.#
    Power surge once e1er2 % 2ears
    a. B%.)))
    $/ 32/400
    c. B%.(+)
    $. B..)))
    1+. The following are the >is7 5ssessment 0rocesses, EXCEPT? (es6!%%#
    a. 5ssets i$entif2ing
    b. Threats an$ 1ulnerabilities i$entif2ing
    c. Combination of Threat, i7elihoo$ an$ Im0act
    d/ Produce t&e -!Ps
    16. The following are the information com0onents of IS&'IEC %())%*%)1. $ocument
    structure, EXCEPT* (es.!%+#
    a. Control
    b. Im0lementation gui$ance
    c. "ssets 5ist
    $. &ther Info
    1(. The following are stages of em0lo2ment base$ on IS&'IEC%())%*%)1., EXCEPT? (es;!
    .#
    a. Prior to em0lo2ment
    b. Curing em0lo2ment
    c. 6ser responsi$ilities a7areness
    $. Termination or change of em0lo2ment
    1;. ,,,,, is the onl2 one control that use$ to manage the user res0onsibilities. (es"!1(#
    a. 6se o1 secret aut&entication in1or#ation
    b. Dser registration an$ $e!registration
    c. Dser access 0ro1isioning
    $. Management of 0ri1ilege$ access rights
    Post!est 4
    1". The following are outcomes of the au$it, EXCEPT? (es1+!+#
    a. -ritten au$it re0ort
    b. ?on!conformances an$ obser1ations
    c. -is. !reate#ent Plan
    $. 5gree$ time!frames
    %). The following are the generic au$it 0rocesses of IS& 1")11, EXCEPT? (Choose two#
    (es1+!1+#
    a. Sco0ing E 0re!au$it sur1e2
    b. Planning E 0re0aration
    c. -is. assess#ent
    $. >e0orting
    e. -is. treat#ent
    Conto& y% sala&:
    Ini7an salah ri. Perhati7an 0erubahan 2g merahn2a3
    %1. There are two IS&'IEC stan$ar$s a$o0tion for information securit2 im0lementation,
    choose all that a00l23 (es.!1%#
    a. ISO/IEC 27002:2013
    b. IS&'IEC %()))*%)1/
    c. ISO/IEC 27001:2013
    $. IS&'IEC %()).*%)11
    4arusn2a 7an gini3
    %%. There are two IS&'IEC stan$ar$ a$o0tions for information securit2 im0lementation,
    choose all that a00l23 (es.!1%#
    a. ISO/IEC 27002:2013
    b. IS&'IEC %()))*%)1/
    c. ISO/IEC 27001:2013
    $. IS&'IEC %()).*%)11
    Post!est 4
    Ini7an salah 8uga 2a ri. Perhati7an 0erubahan 2g merahn2a3
    %.. -hich one of the following is ?&T inclu$e in Polic2 4ierarch2? (es+!"#
    a. @o1erning Polic2
    $/ 0usiness Processes
    c. Technical Polic2
    $. @ui$elines
    4arusn2a
    %/. -hich one of the following $oes ?&T inclu$e in Polic2 4ierarch2? (es+!"#
    a/ @o1erning Polic2
    $/ 0usiness Processes
    c/ Technical Polic2
    d/ @ui$elines
    Post!est 8

    Potrebbero piacerti anche