New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

APMG-International ISO-IEC-27001-Foundation Exam - Topic 3 Question 5 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 5
Topic #: 3
[All ISO-IEC-27001-Foundation Questions]

What is the name of the control clause used to control information security breaches within Annex A of ISO/IEC 27001?

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive and Detailed Explanation From Exact Extract ISO/IEC 27002:2022 standards:

Annex A in ISO/IEC 27001 refers directly to ISO/IEC 27002 for control guidance. In ISO/IEC 27002:2022, Clause 6.8 is titled:

''Information security event reporting -- Information security events should be reported through appropriate management channels as quickly as possible.''

This control ensures breaches, incidents, or suspected issues are reported for action. The other options (B, C, D) are not the exact titles in Annex A. The official title is Information security event reporting, confirming Answer: A.


by Bettye at Oct 01, 2025, 07:02 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Foundation Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Keena
2 months ago
A) Information security event reporting sounds right too!
upvoted 0 times
...
Elbert
2 months ago
Totally agree with C!
upvoted 0 times
...
Dortha
3 months ago
It's C) Response to information security events.
upvoted 0 times
...
Dierdre
3 months ago
Wait, are we sure about that?
upvoted 0 times
...
Mignon
3 months ago
I thought it was D) Reporting information security incidents!
upvoted 0 times
...
Jeanice
3 months ago
I'm not entirely sure, but I remember "information security event management" being mentioned in our study materials.
upvoted 0 times
...
Tayna
3 months ago
I practiced a similar question, and I think the answer was about managing events rather than just reporting them.
upvoted 0 times
...
Norah
4 months ago
I feel like it might be "Response to information security events," but I also remember something about reporting incidents.
upvoted 0 times
...
Louann
4 months ago
I think the control clause is related to how we manage security events, but I can't remember the exact wording.
upvoted 0 times
...
Raina
4 months ago
This is a tricky one. The options are all related to incident response, but I'm not sure which one corresponds to the exact wording used in the standard. I'll have to make an educated guess on this one.
upvoted 0 times
...
Brittni
4 months ago
I'm pretty confident that the answer is D) Reporting information security incidents. That control is specifically focused on the reporting aspect of incident management, which seems to be what this question is asking about.
upvoted 0 times
...
Armanda
4 months ago
Okay, I've reviewed the Annex A controls in the standard, and I believe the correct answer is C) Response to information security events. That control covers the overall process for identifying and responding to security incidents.
upvoted 0 times
...
Belen
5 months ago
Hmm, I'm a bit unsure about this one. The options seem to be getting at different aspects of incident response, but I'm not totally clear on the exact terminology used in the standard. I'll have to think this through carefully.
upvoted 0 times
...
Virgina
5 months ago
I think this is asking about the specific control clause in the ISO/IEC 27001 standard that deals with reporting and managing information security incidents. I'll need to review that section of the standard to be sure.
upvoted 0 times
...

Save Cancel