Main exam notes
- Exam Cues
- Common Exam Traps
- Quiz Review - Control Attributes and Compliance
- EXAM-034-Monitoring-Activities
- EXAM-035-Software-Installation-and-Network-Security
- EXAM-036-Network-Services-Segregation-and-Web-Filtering
- EXAM-037-Use-of-Cryptography
- EXAM-038-Secure-Development-and-Architecture
- EXAM-039-Secure-Coding-and-Security-Testing
- EXAM-040-Outsourced-Development-and-Environment-Separation
- EXAM-041-Change-Test-Information-and-Audit-Testing
High-risk distinctions
- ISO 27001 Clauses 4-10 vs Annex A
- Annex A and the Statement of Applicability
- ISO27002 Control Attributes
- A.5.2 vs A.5.4 Comparison
Fast review
| Concept | Key cue |
|---|---|
| Clauses 4-10 | Mandatory; cannot be excluded |
| Annex A | Risk-based controls |
| SoA | Applicability and justification |
| ISO 27002 attributes | Optional metadata |
| A.5.1 | Policy governance |
| A.5.2 | Who is responsible |
| A.5.3 | Separate conflicting duties |
| A.5.4 | Managers enforce security behavior |
- Exam
- Moc
- Iso27001
Note Metadata
Aliases: Exam Index
Source: 99 Indexes/Exam Cues Index.md
Related Notes
- Annex A and the Statement of Applicability
- ISO 27001 Clauses 4-10 vs Annex A
- ISO27002 Control Attributes
- A.5.2 vs A.5.4 Comparison
- Common Exam Traps
- Exam Cues
- Quiz Review - Control Attributes and Compliance
- EXAM-034 - Monitoring Activities
- EXAM-035 - Software Installation and Network Security
- EXAM-036 - Network Services, Segregation, and Web Filtering
- EXAM-037 - Use of Cryptography
- EXAM-038 - Secure Development and Architecture
- EXAM-039 - Secure Coding and Security Testing
- EXAM-040 - Outsourced Development and Environment Separation
- EXAM-041 - Change Test Information and Audit Testing