100% Updated PECB ISO-IEC-27001-Lead-Implementer Enterprise PDF Dumps [Q15-Q31]

Topic	Details
Topic 1	Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO IEC 27001
Topic 2	Prepare an organization to undergo a third-party certification audit Fundamental principles and concepts of an information security management system (ISMS)
Topic 3	Interpret the ISO IEC 27001 requirements for an ISMS from the perspective of an implementer Information security management system (ISMS)

NEW QUESTION 15
What is the best description of a risk analysis?

A risk analysis is a method of mapping risks without looking at company processes.

A risk analysis helps to estimate the risks and develop the appropriate security measures.

A risk analysis calculates the exact financial consequences of damages.

NEW QUESTION 16
Which of the following measures is a preventive measure?

Installing a logging system that enables changes in a system to be recognized

Shutting down all internet traffic after a hacker has gained access to thecompany systems

Putting sensitive information in a safe

Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk

NEW QUESTION 17
Select the controls that correspond to thedomain “9. ACCESS CONTROL” of ISO / 27002 (Choose three)

Restriction of access to information

Return of assets

Management of access rights with special privileges

Withdrawal or adaptation of access rights

NEW QUESTION 18
What is the most important reason for applying the segregation of duties?

Segregation of duties makes it clear who is responsible for what.

Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.

NEW QUESTION 19
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

If the riskanalysis has not been carried out.

When computer systems are kept in a cellar below ground level.

When the computer systems are not insured.

When the organization is located near a river.

NEW QUESTION 20
Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO
27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

screening

authorizing

controlling

flexing

NEW QUESTION 21
You have juststarted working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?

A code of conduct helps to prevent the misuse of IT facilities.

A code of conduct is alegal obligation that organizations have to meet.

A code of conduct prevents a virus outbreak.

A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.

NEW QUESTION 22
The identified owner of an asset is always an individual

True

False

NEW QUESTION 23
Companies use 27002 for compliance for which of the following reasons:

A structured program that helps with security and compliance

Explicit requirements for all regulations

Compliance with ISO 27002 is sufficient to comply with all regulations

NEW QUESTION 24
Which of these reliability aspects is “completeness” a part of?

Availability

Exclusivity

Integrity

Confidentiality

NEW QUESTION 25
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

The costs for automating are easier to charge to the responsible departments.

A determination can be made as to which report should be printed firstand which ones can wait a little longer.

Everyone can easily see how sensitive the reports’ contents are by consulting the grading label.

Reports can be developed more easily and with fewer errors.

NEW QUESTION 26
Of the following, which is the best organization or set of organizations to contribute to compliance?

IT only

IT,business management, HR and legal

IT and management

IT and legal

NEW QUESTION 27
What is an example of a non-human threat to the physical environment?

Fraudulent transaction

Corrupted file

Storm

Virus

NEW QUESTION 28
What is an example of a good physical security measure?

All employees and visitors carry an access pass.

Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.

Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

NEW QUESTION 29
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

Risk bearing

Risk avoiding

Risk neutral

Risk passing

NEW QUESTION 30
How many domains does ISO / IEC 27002: 2013 have?

140

110

114

NEW QUESTION 31
ISO 27002 provides guidance in the following area

PCI environment scoping

Information handling recommendations

Framework for an overall security andcompliance program

Detailed lists of required policies and procedures

100% Updated PECB ISO-IEC-27001-Lead-Implementer Enterprise PDF Dumps [Q15-Q31]

PECB ISO-IEC-27001-Lead-Implementer Exam Syllabus Topics:

Leave a Reply Cancel reply

ISO-IEC-27001-Lead-Implementer Practice Tests

Related Certifications

Recent Posts

Categories

Archives