Apr 16, 2023 Reliable Study Materials for ISO-IEC-27001-Lead-Implementer Exam Success For Sure
100% Latest Most updated ISO-IEC-27001-Lead-Implementer Questions and Answers
PECB ISO-IEC-27001-Lead-Implementer Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION 14
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?
- A. Technical measure
- B. Organizational measure
- C. Integrity measure
- D. Availability measure
Answer: A
NEW QUESTION 15
What is an example of a security incident?
- A. A file is saved under an incorrect name.
- B. You cannot set the correct fonts in your word processing software.
- C. A member of staff loses a laptop.
- D. The lighting in the department no longer works.
Answer: C
NEW QUESTION 16
Of the following, which is the best organization or set of organizations to contribute to compliance?
- A. IT,business management, HR and legal
- B. IT and legal
- C. IT only
- D. IT and management
Answer: A
NEW QUESTION 17
What is the best way to comply with legislation and regulations for personal data protection?
- A. Performing a threat analysis
- B. Performing a vulnerability analysis
- C. Maintaining an incident register
- D. Appointing the responsibility to someone
Answer: D
NEW QUESTION 18
Which of the following measures is a preventive measure?
- A. Shutting down all internet traffic after a hacker has gained access to thecompany systems
- B. Installing a logging system that enables changes in a system to be recognized
- C. Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk
- D. Putting sensitive information in a safe
Answer: D
NEW QUESTION 19
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?
- A. If the riskanalysis has not been carried out.
- B. When the organization is located near a river.
- C. When computer systems are kept in a cellar below ground level.
- D. When the computer systems are not insured.
Answer: C
NEW QUESTION 20
Who is authorized to change the classification of a document?
- A. The owner of the document
- B. The manager of the owner of the document
- C. The author of the document
- D. The administrator of the document
Answer: A
NEW QUESTION 21
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?
- A. Risk passing
- B. Risk avoiding
- C. Risk bearing
- D. Risk neutral
Answer: D
NEW QUESTION 22
It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")
- A. False
- B. True
Answer: B
NEW QUESTION 23
ISO 27002 provides guidance in the following area
- A. Detailed lists of required policies and procedures
- B. Information handling recommendations
- C. PCI environment scoping
- D. Framework for an overall security andcompliance program
Answer: D
NEW QUESTION 24
The identified owner of an asset is always an individual
- A. True
- B. False
Answer: B
NEW QUESTION 25
Responsibilities for information security in projects should be defined and allocated to:
- A. the InfoSec officer
- B. specified roles defined in the used project management method of the organization
- C. the project manager
- D. the owner of the involved asset
Answer: B
NEW QUESTION 26
What is the best description of a risk analysis?
- A. A risk analysis helps to estimate the risks and develop the appropriate security measures.
- B. A risk analysis calculates the exact financial consequences of damages.
- C. A risk analysis is a method of mapping risks without looking at company processes.
Answer: A
NEW QUESTION 27
Companies use 27002 for compliance for which of the following reasons:
- A. A structured program that helps with security and compliance
- B. Explicit requirements for all regulations
- C. Compliance with ISO 27002 is sufficient to comply with all regulations
Answer: A
NEW QUESTION 28
What does the Information Security Policy describe?
- A. which Information Security-procedures are selected
- B. how the InfoSec-objectives will be reached
- C. which InfoSec-controls have been selected and taken
- D. what the implementation-planning of the information security management system is
Answer: B
NEW QUESTION 29
What is an example of a non-human threat to the physical environment?
- A. Corrupted file
- B. Virus
- C. Storm
- D. Fraudulent transaction
Answer: C
NEW QUESTION 30
What sort of security does a Public Key Infrastructure (PKI) offer?
- A. By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.
- B. It provides digital certificates that can be used to digitally signdocuments. Such signatures irrefutably determine from whom a document was sent.
- C. A PKI ensures that backups of company data are made on a regular basis.
- D. Having a PKI shows customers that a web-based business is secure.
Answer: C
NEW QUESTION 31
You have juststarted working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?
- A. A code of conduct prevents a virus outbreak.
- B. A code of conduct helps to prevent the misuse of IT facilities.
- C. A code of conduct is alegal obligation that organizations have to meet.
- D. A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.
Answer: B
NEW QUESTION 32
Why is compliance important forthe reliability of the information?
- A. By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
- B. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
- C. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
- D. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.
Answer: A
NEW QUESTION 33
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
- A. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
- B. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
- C. A code of conduct is a standard part of a labor contract.
Answer: B
NEW QUESTION 34
......
New PECB ISO-IEC-27001-Lead-Implementer Dumps & Questions: https://testking.vceprep.com/ISO-IEC-27001-Lead-Implementer-latest-vce-prep.html