Question 1

What does ISO/IEC 27001:2022 require for information security risk assessment?

Options :

A : A person designated by top management

B : A consultancy to perform the information security risk assessment professionally

C : Acquisition of a set of information security tools to automate the assessment using artificialintelligence

D : Applying an information security risk assessment process that establishes and maintainsinformation security risk criteria

Answer: D

Question 2

According to ISO/IEC 27001:2022, is it necessary to ensure that successive information security riskassessments produce consistent, valid, and comparable results?

Options :

A : It is only an observation to keep in mind when auditing the management system

B : It is a requirement to be fulfilled

C : It is a recommendation, but not a requirement

D : None of the above

Answer: B

Question 3

In ISO/IEC 27001:2022, what does the information security risk assessment process refer to?

Options :

A : Identifying risk owners

B : Identifying information security risks

C : Establishing and maintaining information security risk criteria

D : All of the above

Answer: D

Question 4

What is the purpose of management review in ISO/IEC 27001:2022?

Options :

A : To ensure that the information security policy matches all identified risks

B : To ensure that employees receive information about updates to information security policies

C : To ensure the continuing suitability, adequacy, and effectiveness of the ISMS

D : To ensure that the information security policy covers all controls indicated in ISO/IEC 27001

Answer: C