Technological — ISO 27001 Practice Questions

Learning

Loading practice session...

Loading certificate…

Ready to learn

Sample questions — Technological

1. According to ISO 27001:2022 Annex A Control 8.1, which of the following would NOT be considered a user endpoint device requiring protection under this control?

A.Corporate-owned laptop assigned to a remote employee
B.Employee's personal smartphone used to access corporate email (BYOD)
C.Server located in the organization's primary data center✓ Correct
D.Tablet used by field service technicians to process customer data

Explanation

Control 8.1 applies to user endpoint devices such as laptops, tablets, and smartphones (including BYOD) where users process organizational information. Servers in data centers are not considered user endpoints; they typically fall under controls such as 8.6 (Capacity Management) or 8.9 (Configuration Management).

2. An organization implements standardized OS images (golden images), disables unnecessary USB ports, removes administrative rights from end users, and enforces automatic patch management. These measures primarily address which pillar of Control 8.1?

A.Physical Protection
B.Secure Configuration✓ Correct
C.Cryptographic Controls
D.User Responsibilities

Explanation

These are Secure Configuration measures (the 'L' in the LOCK mnemonic - Least privilege), involving hardening devices and maintaining baseline security settings. Physical Protection addresses theft/loss, Cryptographic Controls address encryption, and User Responsibilities address human behavior.

3. An employee attaches a privacy screen filter to their laptop when working in airports to prevent nearby travelers from viewing sensitive data. Under Control 8.1, this measure belongs to which protection pillar?

A.Cryptographic Controls
B.User Responsibilities
C.Secure Configuration
D.Physical Protection✓ Correct

Explanation

Privacy filters prevent shoulder surfing, which is part of Physical Protection (the 'O' in LOCK - Outside protection). This pillar includes not only theft prevention (cable locks, safes) but also protection from unauthorized viewing in public spaces and environmental hazards.

4. A company mandates Full Disk Encryption (FDE) using BitLocker on all laptops and requires VPN usage on public Wi-Fi. While encryption is defined in Control 10.1, the specific requirement to encrypt endpoint device storage primarily demonstrates which pillar of Control 8.1?

A.Secure Configuration
B.Physical Protection
C.Cryptographic Controls✓ Correct
D.Asset Management

Explanation

FDE and VPN usage represent Cryptographic Controls (the 'C' in LOCK) specific to endpoint devices. While 10.1 provides the overarching cryptographic framework and standards, 8.1 applies these controls to protect information stored on or transmitted by user endpoint devices.

5. An organization's policy requires employees to immediately report lost or stolen devices, prohibits sharing of device PINs/passwords, and mandates signed Acceptable Use Policies. This aligns with which pillar of Control 8.1?

A.Secure Configuration
B.Physical Protection
C.User Responsibilities✓ Correct
D.Information Security Event Management

Explanation

These requirements represent User Responsibilities (the 'K' in LOCK - Keep users informed), defining what users must do and know to protect endpoint devices. While reporting lost devices links to 6.8 (Information Security Event Reporting), the requirement for users to report promptly is part of 8.1's User Responsibilities pillar.

Practice all 416+ questions in this domain

Start free practice →

Frequently asked questions

How many ISO 27001 practice questions are there for Technological?↓

AnyCert has 416 ISO 27001 practice questions specifically for the Technological domain, each with a detailed AI-tutored explanation.

Is Technological heavily tested on the ISO 27001 exam?↓

Technological is one of the core domains in the ISO 27001 exam blueprint. Mastering this domain is essential for passing. AnyCert's practice questions cover the full scope of testable topics in this domain.

How should I study the Technological domain for ISO 27001?↓

Practice all 416 Technological questions in AnyCert, review every explanation for missed answers, and use the AI tutor to clarify any concept. Focus on understanding the reasoning behind each answer, not just memorizing the correct choice.

Sample questions — Technological

1. According to ISO 27001:2022 Annex A Control 8.1, which of the following would NOT be considered a user endpoint device requiring protection under this control?

A.Corporate-owned laptop assigned to a remote employee
B.Employee's personal smartphone used to access corporate email (BYOD)
C.Server located in the organization's primary data center✓ Correct
D.Tablet used by field service technicians to process customer data

Explanation

A.Physical Protection
B.Secure Configuration✓ Correct
C.Cryptographic Controls
D.User Responsibilities

Explanation

A.Cryptographic Controls
B.User Responsibilities
C.Secure Configuration
D.Physical Protection✓ Correct

Explanation

A.Secure Configuration
B.Physical Protection
C.Cryptographic Controls✓ Correct
D.Asset Management

Explanation

A.Secure Configuration
B.Physical Protection
C.User Responsibilities✓ Correct
D.Information Security Event Management

Explanation

Practice all 416+ questions in this domain

Start free practice →

Frequently asked questions

How many ISO 27001 practice questions are there for Technological?↓

AnyCert has 416 ISO 27001 practice questions specifically for the Technological domain, each with a detailed AI-tutored explanation.

Is Technological heavily tested on the ISO 27001 exam?↓

How should I study the Technological domain for ISO 27001?↓