Exam ISO-IEC-27001-Foundation Topic 6 Question 40 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 40
Topic #: 6
Which statement describes a requirement for information security objectives?

Suggested Answer: A Vote an answer

Clause 6.2 (Information security objectives) requires that objectives:
* "be consistent with the information security policy"
* "be measurable (if practicable)"
* "take into account applicable information security requirements"
* "be monitored, communicated, and updated as appropriate."
From this, option A is correct since consistency with policy is an explicit requirement. Option B is incorrect because the standard allows objectives to be measurable "if practicable" (not mandatory for all). Option C is incorrect-objectives are not transferred contractually to third parties, though third-party agreements may include security requirements. Option D is incorrect because the standard requires regular review "as appropriate," not a fixed annual cycle.
Thus, the verified requirement isA: They shall be consistent with the information security policy.

by Astrid at May 27, 2026, 08:54 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10