매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
Certified ISO/IEC 27001:2022 Foundation 온라인 연습
최종 업데이트 시간: 2026년03월30일
당신은 온라인 연습 문제를 통해 CertiProf I27001F 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 I27001F 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 40개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
ISO/IEC 27001:2022 requires the information security policy to be available as documented information, communicated within the organization, and available to interested parties as appropriate. In practical terms, this means the policy must be communicated to relevant persons in the organization so they understand the direction and expectations related to information security. Among the options provided, the best and correct answer is D, because the policy is intended to be known broadly across the organization, not restricted to a single role or department.
정답:
Explanation:
The standard requires top management to review the ISMS at planned intervals. This review is intended to confirm the continuing suitability, adequacy, and effectiveness of the ISMS. While auditors, process owners, and certification bodies may provide inputs or findings, the management review itself is a responsibility of top management.
Therefore, option D is the correct answer.
정답:
Explanation:
ISO/IEC 27001:2022 assigns leadership and accountability for the ISMS to top management. One of the specific responsibilities of top management is to ensure that the ISMS requirements are integrated into the organization’s processes. This demonstrates that information security is not treated as an isolated activity, but as part of the overall governance and operation of the organization.
Therefore, option D is correct.
정답:
Explanation:
Annex A of ISO/IEC 27001:2022 contains the reference set of information security controls used to support risk treatment decisions. In the 2022 edition, these controls are organized into four themes: organizational, people, physical, and technological controls. Annex A is not a set of ISMS implementation steps and it is not a risk management guideline. Its role is to provide a structured set of control objectives and controls that may be selected as part of risk treatment.
Therefore, option B is the correct answer.
정답:
Explanation:
ISO/IEC 27001:2022 requires the organization to define and apply an information security risk treatment process and to prepare a risk treatment plan. This is a mandatory requirement within clause 6 on planning. The purpose of the plan is to define how identified information security risks will be treated, which controls will be selected, and how the treatment decisions will be implemented. Therefore, it is not optional guidance or an audit note, but a formal requirement. For that reason, option B is correct.
정답:
Explanation:
A successful ISMS depends heavily on awareness, competence, and engagement across the organization. ISO/IEC 27001:2022 emphasizes competence, awareness, communication, leadership, and operational discipline. An effective awareness, education, and training program helps ensure that people understand their information security responsibilities and contribute to the effectiveness of the ISMS. Hiring consultants or buying specific tools may help in some cases, but they are not critical success factors defined by the standard itself.
Therefore, option B is the correct answer.
정답:
Explanation:
The three fundamental properties of information security are confidentiality, integrity, and availability, often referred to as the CIA triad. Confidentiality means information is accessible only to authorized persons or entities. Integrity means safeguarding the accuracy and completeness of information. Availability means information and associated assets are accessible and usable when required. These principles are foundational within ISO/IEC 27001 and ISO/IEC 27002. Therefore, option B is correct.
정답:
Explanation:
ISO/IEC 27001:2022 places strong leadership obligations on top management. These include ensuring that the resources needed for the ISMS are available, promoting continual improvement, supporting persons to contribute to the effectiveness of the ISMS, and communicating the importance of effective information security management. Because all the listed activities are aligned with top management responsibilities, the correct answer is D.
정답:
Explanation:
ISO/IEC 27001:2022 requires top management to review the organization’s ISMS at planned intervals to ensure its continuing suitability, adequacy, and effectiveness. Management review is a formal requirement under performance evaluation and is intended to confirm that the ISMS continues to support the organization’s objectives and strategic direction. It is broader than policy review alone and is not limited to communication or Annex A coverage.
Therefore, option C is correct.
정답:
Explanation:
The PDCA cycle stands for Plan, Do, Check, Act. It is a management model commonly associated with management systems, including the implementation and continual improvement of an ISMS. In the context of ISO/IEC 27001:2022, this logic supports planning the ISMS, implementing and operating it, monitoring and reviewing performance, and taking actions for continual improvement.
Therefore, option B is correct.
정답:
Explanation:
ISO/IEC 27001:2022 requires the organization to establish and maintain information security risk criteria, identify information security risks, and identify risk owners as part of the risk assessment process. These activities are core elements of clause 6 on planning and risk assessment. Since all of the listed options are required parts of the process, the correct answer is D.
정답:
Explanation:
Under ISO/IEC 27001:2022, the information security policy must be appropriate to the purpose of the organization, include information security objectives or provide the framework for setting them, and include a commitment to satisfy applicable requirements and to continual improvement of the ISMS. The standard does not require technical product names, company history, or prior audit results to appear in the policy.
Therefore, option C is the best and correct answer.
정답:
Explanation:
ISO/IEC 27001:2022 requires documented information to be controlled so that it is available and suitable for use where and when needed, and adequately protected. The standard does not require purchasing software, hiring consultants, or assigning external validation as mandatory conditions for compliance. Those may be organizational choices, but they are not requirements of the standard.
Therefore, option A is the correct answer.
정답:
Explanation:
ISO/IEC 27001:2022 requires the organization to define and apply an information security risk assessment process that produces consistent, valid, and comparable results. This is not optional guidance and not merely an auditing suggestion. It is a formal requirement within the planning and risk assessment requirements of the standard.
Therefore, option B is correct.
정답:
Explanation:
In ISO/IEC 27001:2022, the Statement of Applicability is a required documented output of the information security risk treatment process. It must contain the necessary controls, including whether they are implemented, and the justification for their inclusion. It must also include justification for excluding controls from Annex A when they are not applicable. Therefore, all three elements listed in options A, B, and C are part of a proper Statement of Applicability, making option D the correct answer