GAQM ISO Certifications ISO-IEC-LI Questions & Answers

• Question 1:

  What is the objective of classifying information?

  A. Authorizing the use of an information system

  B. Creating a label that indicates how confidential the information is

  C. Defining different levels of sensitivity into which information may be arranged

  D. Displaying on the document who is permitted access

  Correct Answer: C

• Question 2:

  An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?

  A. Availability measure

  B. Integrity measure

  C. Organizational measure

  D. Technical measure

  Correct Answer: D

• Question 3:

  What is the greatest risk for an organization if no information security policy has been defined?

  A. If everyone works with the same account, it is impossible to find out who worked on what.

  B. Information security activities are carried out by only a few people.

  C. Too many measures are implemented.

  D. It is not possible for an organization to implement information security in a consistent manner.

  Correct Answer: D

• Question 4:

  We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

  A. Availability, Information Value and Confidentiality

  B. Availability, Integrity and Confidentiality

  C. Availability, Integrity and Completeness

  D. Timeliness, Accuracy and Completeness

  Correct Answer: B

• Question 5:

  What is an example of a security incident?

  A. The lighting in the department no longer works.

  B. A member of staff loses a laptop.

  C. You cannot set the correct fonts in your word processing software.

  D. A file is saved under an incorrect name.

  Correct Answer: B

• Question 6:

  Who is authorized to change the classification of a document?

  A. The author of the document

  B. The administrator of the document

  C. The owner of the document

  D. The manager of the owner of the document

  Correct Answer: C

• Question 7:

  Which of the following measures is a preventive measure?

  A. Installing a logging system that enables changes in a system to be recognized

  B. Shutting down all internet traffic after a hacker has gained access to the company systems

  C. Putting sensitive information in a safe

  D. Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk

  Correct Answer: C

• Question 8:

  Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

  A. The recipient, Rachel

  B. The person who drafted the insurance terms and conditions

  C. The manager, Linda

  D. The sender, Peter

  Correct Answer: A

• Question 9:

  You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

  A. Risk bearing

  B. Risk avoiding

  C. Risk neutral

  D. Risk passing

  Correct Answer: C

• Question 10:

  You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of threats and risks. What is the relation between a threat, risk and risk analysis?

  A. A risk analysis identifies threats from the known risks.

  B. A risk analysis is used to clarify which threats are relevant and what risks they involve.

  C. A risk analysis is used to remove the risk of a threat.

  D. Risk analyses help to find a balance between threats and risks.

  Correct Answer: B