What are the data protection principles set out in the GDPR?

A. Purpose limitation, proportionality, availability, data minimisation

B. Purpose limitation, proportionality, data minimisation, transparency

C. Target group, proportionality, transparency, data minimisation

D. Purpose limitation, pudicity, transparency, data minimisation

What is the best way to comply with legislation and regulations for personal data protection?

A. Performing a threat analysis

B. Maintaining an incident register

C. Performing a vulnerability analysis

D. Appointing the responsibility to someone

What does the Information Security Policy describe?

A. how the InfoSec-objectives will be reached

B. which InfoSec-controls have been selected and taken

C. what the implementation-planning of the information security management system is

D. which Information Security-procedures are selected

It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")

A. True

B. False

The identified owner of an asset is always an individual

A. True

B. False

ISO 27002 provides guidance in the following area

A. PCI environment scoping

B. Information handling recommendations

C. Framework for an overall security and compliance program

D. Detailed lists of required policies and procedures

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

A. Information Security Management System

B. The use of tokens to gain access to information systems

C. Validation of input and output data in applications

D. Encryption of information

Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization.

What occurs during the first step of this process: identification?

A. The first step consists of checking if the user is using the correct certificate.

B. The first step consists of checking if the user appears on the list of authorized users.

C. The first step consists of comparing the password with the registered password.

D. The first step consists of granting access to the information to which the user is authorized.

You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

A. A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.

B. A code of conduct is a standard part of a labor contract.

C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

A. Risk bearing

B. Risk avoiding

C. Risk neutral

D. Risk passing