Multiple Choice Questions:
1. Which of the following is not a possible information system security deliverable?
a. Software.
b. Hardware.
c. Personnel.
d. None of the above.
e. All of the above.

2. Which is an information security management system (ISMS) that ensures the three objectives of integrity, confidentiality, and availability in relation to data and information within the organization?
a. Security system.
b. Deliverable specification.
c. Organizational process.
d. None of the above.

3. Which of the following is the most accurate statement?
a. Management’s ERM is part of the company’s control processes.
b. Management’s ERM is part of the company’s ISMS.
c. The ISMS is part of the ERM.
d. None of the above is true.

4. What are the three objectives of information security?
a. Integrity, efficiency, and effectiveness.
b. Integrity, confidentiality, and availability.
c. Integrity, confidentiality, and efficiency.
d. None of the above.

5. Which of these are weaknesses in the ISMS that result in exposures to threats?
a. Threats
b. Vulnerabilities.
c. Both a and b.
d. None of the above.