Exam Questions and Answers for ISO-IEC-27001-Lead-Implementer Study Guide Questions and Answers! [Q10-Q32]

Share

Exam Questions and Answers for  ISO-IEC-27001-Lead-Implementer Study Guide Questions and Answers!

PECB Certified ISO/IEC 27001 Lead Implementer exam Certification Sample Questions and Practice Exam

NEW QUESTION 10
It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 11
The identified owner of an asset is always an individual

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 12
What is the best description of a risk analysis?

  • A. A risk analysis calculates the exact financial consequences of damages.
  • B. A risk analysis helps to estimate the risks and develop the appropriate security measures.
  • C. A risk analysis is a method of mapping risks without looking at company processes.

Answer: B

 

NEW QUESTION 13
What is the greatest risk for an organization ifno information security policy has been defined?

  • A. It is not possible for an organization to implement information security in a consistent manner.
  • B. Information security activities are carried out by only a few people.
  • C. Too many measures areimplemented.
  • D. If everyone works with the same account, it is impossible to find out who worked on what.

Answer: A

 

NEW QUESTION 14
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

  • A. If the riskanalysis has not been carried out.
  • B. When the organization is located near a river.
  • C. When the computer systems are not insured.
  • D. When computer systems are kept in a cellar below ground level.

Answer: D

 

NEW QUESTION 15
Why is compliance important forthe reliability of the information?

  • A. By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
  • B. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.
  • C. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
  • D. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.

Answer: A

 

NEW QUESTION 16
In the context ofcontact with special interest groups, any information-sharing agreements should identify requirements for the protection of _________ information.

  • A. Authorization
  • B. Authentic
  • C. Availability
  • D. Confidential

Answer: D

 

NEW QUESTION 17
What do employees need to know to report a security incident?

  • A. Whether the incident has occurred before and what was the resulting damage.
  • B. Who is responsible for the incident and whether it was intentional.
  • C. How to report an incident and to whom.
  • D. The measures that should have been taken to prevent the incident in the first place.

Answer: C

 

NEW QUESTION 18
We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

  • A. Availability, Information Value and Confidentiality
  • B. Availability, Integrity and Completeness
  • C. Timeliness, Accuracy and Completeness
  • D. Availability, Integrity and Confidentiality

Answer: D

 

NEW QUESTION 19
What is the most important reason for applying the segregation of duties?

  • A. Segregation of duties makes it clear who is responsible for what.
  • B. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.
  • C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

Answer: C

 

NEW QUESTION 20
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

  • A. A code of conduct is a standard part of a labor contract.
  • B. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
  • C. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.

Answer: B

 

NEW QUESTION 21
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

  • A. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.
  • B. A determination can be made as to which report should be printed firstand which ones can wait a little longer.
  • C. The costs for automating are easier to charge to the responsible departments.
  • D. Reports can be developed more easily and with fewer errors.

Answer: A

 

NEW QUESTION 22
What is the objective of classifying information?

  • A. Displaying on the document who is permitted access
  • B. Creating alabel that indicates how confidential the information is
  • C. Defining different levels of sensitivity into which information may be arranged
  • D. Authorizing the use of an information system

Answer: C

 

NEW QUESTION 23
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

  • A. Encryption ofinformation
  • B. Validation of input and output data in applications
  • C. The use of tokens to gain access to information systems
  • D. Information Security Management System

Answer: D

 

NEW QUESTION 24
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?

  • A. Integrity measure
  • B. Availability measure
  • C. Technical measure
  • D. Organizational measure

Answer: C

 

NEW QUESTION 25
One of the ways Internet of Things (IoT) devices can communicate with each other (or 'the outside world') is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?

  • A. Radio Frequency Identification (RFID)
  • B. The 4G protocol
  • C. Bluetooth
  • D. Near Field Communication (NFC)

Answer: D

 

NEW QUESTION 26
Which of the following measures is a preventive measure?

  • A. Shutting down all internet traffic after a hacker has gained access to thecompany systems
  • B. Putting sensitive information in a safe
  • C. Installing a logging system that enables changes in a system to be recognized
  • D. Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk

Answer: B

 

NEW QUESTION 27
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

  • A. The person who drafted the insurance terms and conditions
  • B. The manager, Linda
  • C. The recipient, Rachel
  • D. The sender, Peter

Answer: C

 

NEW QUESTION 28
Select the controls that correspond to thedomain "9. ACCESS CONTROL" of ISO / 27002 (Choose three)

  • A. Restriction of access to information
  • B. Return of assets
  • C. Withdrawal or adaptation of access rights
  • D. Management of access rights with special privileges

Answer: A,B,C

 

NEW QUESTION 29
Companies use 27002 for compliance for which of the following reasons:

  • A. Compliance with ISO 27002 is sufficient to comply with all regulations
  • B. A structured program that helps with security and compliance
  • C. Explicit requirements for all regulations

Answer: B

 

NEW QUESTION 30
......

ISO-IEC-27001-Lead-Implementer certification dumps - ISO 27001 ISO-IEC-27001-Lead-Implementer guides - 100% valid: https://www.real4prep.com/ISO-IEC-27001-Lead-Implementer-exam.html

100% Pass Your ISO-IEC-27001-Lead-Implementer at First Attempt with Real4Prep: https://drive.google.com/open?id=10sVGtZ9Hmvc6FVgNVJ3X7Ez9PYBhBVxg