Practice PECB ISO-IEC-27005-Risk-Manager Exam Questions
Page: 1/12 Total 60 Questions
Question No 1
Can organizations obtain certification against ISO 31000?
Question No 2
Which of the following statements best defines information security risk?
Question No 3
Scenario 1
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took
was identifying the company’s assets. Afterward, Henry created various potential incident scenarios.
One of the main concerns regarding the use of the application was the possibility of being targeted
by cyber attackers, as a great number of organizations were experiencing cyberattacks during that
time. After analyzing the identified risks, Henry evaluated them and concluded that new controls
must be implemented if the company wants to use the application. Among others, he stated that
training should be provided to personnel regarding the use of the application and that awareness
sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that
the application will be used only after treating the identified risks.
Based on the scenario above, answer the following question
Bontton established a risk management process based on ISO/IEC 27005, to systematically manage
information security threats. Is this a good practice?
Question No 4
Scenario 1
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took
was identifying the company’s assets. Afterward, Henry created various potential incident scenarios.
One of the main concerns regarding the use of the application was the possibility of being targeted
by cyber attackers, as a great number of organizations were experiencing cyberattacks during that
time. After analyzing the identified risks, Henry evaluated them and concluded that new controls
must be implemented if the company wants to use the application. Among others, he stated that
training should be provided to personnel regarding the use of the application and that awareness
sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that
the application will be used only after treating the identified risks.
Based on scenario 1, Bontton used ISO/IEC 27005 to ensure effective implementation of all ISO/IEC
27001 requirements. Is this appropriate?
Question No 5
Scenario 1
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took
was identifying the company’s assets. Afterward, Henry created various potential incident scenarios.
One of the main concerns regarding the use of the application was the possibility of being targeted
by cyber attackers, as a great number of organizations were experiencing cyberattacks during that
time. After analyzing the identified risks, Henry evaluated them and concluded that new controls
must be implemented if the company wants to use the application. Among others, he stated that
training should be provided to personnel regarding the use of the application and that awareness
sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that
the application will be used only after treating the identified risks.
According to scenario 1, what type of controls did Henry suggest?