True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

A. True

B. False

Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

A. Paul, therecipient of the information.

B. Paul and Susan, the sender and the recipient of the information.

C. Susan, the sender of the information.

What is the most important reason for applying the segregation of duties?

A. Segregation of duties makes it clear who is responsible for what.

B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

D. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.

Companies use 27002 for compliance for which of the following reasons:

A. A structured program that helps with security and compliance

B. Explicit requirements for all regulations

C. Compliance with ISO 27002 is sufficient to comply with all regulations

Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?

A. Thefirst step consists of checking if the user is using the correct certificate.

B. The first step consists of checking if the user appears on the list of authorized users.

C. The first step consists of comparing the password with the registered password.

D. The first step consists of granting access to the information to which the user is authorized.

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

A. Risk bearing

B. Risk avoiding

C. Risk neutral

D. Risk passing

Why is compliance important forthe reliability of the information?

A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.

B. By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.

C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.

D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.

Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

A. The recipient, Rachel

B. The person who drafted the insurance terms and conditions

C. The manager, Linda

D. The sender, Peter

One of the ways Internet of Things (IoT) devices can communicate with each other (or `the outside world') is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?

A. Near Field Communication (NFC)

B. Bluetooth

C. Radio Frequency Identification (RFID)

D. The 4G protocol

How many domains does ISO / IEC 27002: 2013 have?

A. 140

B. 14

C. 110

D. 114