CertiProf I27001F Exam - Topic 3 Question 8 Discussion

Actual exam question for CertiProf's I27001F exam

Question #: 8
Topic #: 3

Which statement describes the difference between ISO/IEC 27001:2022 and ISO/IEC 27002:2022?

AISO/IEC 27002:2022 provides guidance on measurement, and ISO/IEC 27001:2022 provides guidance on information security controls

BISO/IEC 27002:2022 provides mandatory requirements for a risk management approach, and ISO/IEC 27001:2022 contains mandatory requirements for an ISMS

CISO/IEC 27001:2022 contains mandatory requirements, while ISO/IEC 27002:2022 provides guidance on information security controls

DISO/IEC 27002:2022 contains mandatory requirements, while ISO/IEC 27001:2022 provides guidance on information security controls

Show Suggested Answer

Suggested Answer: C

ISO/IEC 27001:2022 is the certifiable standard that contains requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System. ISO/IEC 27002:2022 is not a certifiable requirements standard. It provides guidance for selecting, implementing, and managing information security controls, including the controls referenced in Annex A of ISO/IEC 27001:2022. Therefore, option C is correct.

=======

by Markus at May 07, 2026, 07:15 AM

Limited Time Offer

25%

Off

Get Premium I27001F Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!