21 Sep Practice Test Question-ISO Standards
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Gavin is looking for guidance on how his organization should approach the evaluation of cloud service providers. What ISO document can help him with this work?
A. ISO 27001
B. ISO 27701
C. ISO 27017
D. ISO 17789
Correct Answer: C
ISO 27001 is a general description of controls appropriate for a cybersecurity program, while ISO 27701 provides control guidance for privacy programs neither of which are what we are looking for here. ISO 27017 provides guidance on the security controls that should be implemented by cloud service providers and would be useful to Gavin in evaluating such a provider. ISO 17789 provides a cloud reference architecture and does not offer specific security guidance, so that makes it another incorrect answer.