Question: ISO 27035 describes incident management.
- True
- False
Question: PCI DSS is a proprietary information security standard for organisations that handle cardholder data.
- True
- False
Question: What is the acronym of GDPR?
- Generic Description Protection Regulatory
- General Data Protection Regulation
- General Description Protection Regulation
- General Data Protective Regulation
Question: What does the Step 3 in NIST 800-30 Rev.1 clarifiy?
- Impact Analysis
- Control Analysis
- Threat Identification
- Vulnerability Identification
Question: Which of the following describes ISO 27003?
- Network Security
- Digital Forensics
- ISMS Implementation
- Risk Management
Question: What standard should you consult for managing incident response?
- ISO 27035
- NIST SP 800-35
- NIST SP 800-14
- ISO 27004
Question: NIST SP 800-30 Rev.1 is a standard for conducting risk assessments.
- True
- False
Question: Which standard defines Management System Auditing?
- ISO 27007
- NIST SP 800-30
- NIST SP 800-35
- ISO 27004
Question: Which U.S. standard should you consult to guide you in developing security policies?
- NIST SP 800-35
- NIST SP 800-14
- ISO 27004
- ISO 27008
Question: Which U.S. standard covers risk assessment?
- ISO 27037
- NIST SP 800-30
- ISO 27005
- NIST SP 800-14
