Multiple Choice Questions:

1.Which of the following is often the weakest link in the ISMS?

a. Employee supervision.

b. Employee training and awareness.

c. Employee procedures.

d. Employee policies and procedures.

2. Incident handling applies primarily to which phase in the PDAC methodology?

a. Plan.

b. Do.

c. Act.

d. Check.

3. Information security assurance (ISA) refers to a type of evidence-based assertion that does which of the following?

a. Increases certainty that a security-related deliverable is secure.

b. Increases certainty that a security-related deliverable is ISO compliant.

c. Increases certainty that a security-related deliverable can withstand specified security threats.

d. None of the above.

4. A security target is which of the following?

a. The deliverable for which security is desired.

b. The standards used to evaluate a security deliverable.

c. The same as the target of evaluation.

d. None of the above.

5. To which of these do security protection profiles apply?

a. Individuals.

b. Single targets of evaluation.

c. Multiple targets of evaluation.

d. None of the above.