PECB ISO-IEC-27001-Lead-Implementer Real Exam Questions and Answers FREE [Q21-Q43]

PECB ISO-IEC-27001-Lead-Implementer Real Exam Questions and Answers FREE

Exam Dumps ISO-IEC-27001-Lead-Implementer Practice Free Latest PECB Practice Tests

NEW QUESTION 21
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

• A. Risk avoiding
• B. Risk bearing
• C. Risk passing
• D. Risk neutral

Answer: D

 

NEW QUESTION 22
Why is compliance important forthe reliability of the information?

• A. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
• B. By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
• C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.
• D. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.

Answer: B

 

NEW QUESTION 23
Which of these control objectives are NOT in the domain "12.OPERATIONAL SAFETY"?

• A. Protection against malicious code
• B. Technical vulnerability management
• C. Redundancies
• D. Test data

Answer: C

 

NEW QUESTION 24
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

• A. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
• B. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
• C. A code of conduct is a standard part of a labor contract.

Answer: B

 

NEW QUESTION 25
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

• A. When computer systems are kept in a cellar below ground level.
• B. When the computer systems are not insured.
• C. If the riskanalysis has not been carried out.
• D. When the organization is located near a river.

Answer: A

 

NEW QUESTION 26
Select the controls that correspond to thedomain "9. ACCESS CONTROL" of ISO / 27002 (Choose three)

• A. Withdrawal or adaptation of access rights
• B. Restriction of access to information
• C. Return of assets
• D. Management of access rights with special privileges

Answer: A,B,C

 

NEW QUESTION 27
What do employees need to know to report a security incident?

• A. How to report an incident and to whom.
• B. Who is responsible for the incident and whether it was intentional.
• C. Whether the incident has occurred before and what was the resulting damage.
• D. The measures that should have been taken to prevent the incident in the first place.

Answer: A

 

NEW QUESTION 28
What is the best way to comply with legislation and regulations for personal data protection?

• A. Performing a vulnerability analysis
• B. Appointing the responsibility to someone
• C. Maintaining an incident register
• D. Performing a threat analysis

Answer: B

 

NEW QUESTION 29
What is the objective of classifying information?

• A. Authorizing the use of an information system
• B. Defining different levels of sensitivity into which information may be arranged
• C. Creating alabel that indicates how confidential the information is
• D. Displaying on the document who is permitted access

Answer: B

 

NEW QUESTION 30
What is an example of a good physical security measure?

• A. Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.
• B. All employees and visitors carry an access pass.
• C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

Answer: B

 

NEW QUESTION 31
The identified owner of an asset is always an individual

• A. False
• B. True

Answer: A

 

NEW QUESTION 32
What is the ISO / IEC 27002 standard?

• A. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001
• B. It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.
• C. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.

Answer: B

 

NEW QUESTION 33
What should be used to protect data on removable media ifdata confidentiality or integrity are important considerations?

• A. a password
• B. logging
• C. backup on another removable medium
• D. cryptographic techniques

Answer: D

 

NEW QUESTION 34
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?

• A. The first step consists of checking if the user appears on the list of authorized users.
• B. The first step consists of comparing the password with the registered password.
• C. The first step consists of granting access to the information to which the user is authorized.
• D. Thefirst step consists of checking if the user is using the correct certificate.

Answer: A

 

NEW QUESTION 35
What does the Information Security Policy describe?

• A. which Information Security-procedures are selected
• B. how the InfoSec-objectives will be reached
• C. what the implementation-planning of the information security management system is
• D. which InfoSec-controls have been selected and taken

Answer: B

 

NEW QUESTION 36
What is an example of a security incident?

• A. You cannot set the correct fonts in your word processing software.
• B. The lighting in the department no longer works.
• C. A file is saved under an incorrect name.
• D. A member of staff loses a laptop.

Answer: D

 

NEW QUESTION 37
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

• A. True
• B. False

Answer: A

 

NEW QUESTION 38
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

• A. Personal data protection legislation
• B. Intellectual Property Rights
• C. ISO/IEC 27001:2005
• D. ISO/IEC 27002:2005

Answer: A

 

NEW QUESTION 39
What is the best description of a risk analysis?

• A. A risk analysis is a method of mapping risks without looking at company processes.
• B. A risk analysis calculates the exact financial consequences of damages.
• C. A risk analysis helps to estimate the risks and develop the appropriate security measures.

Answer: C

 

NEW QUESTION 40
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?

• A. Technical measure
• B. Integrity measure
• C. Availability measure
• D. Organizational measure

Answer: A

 

NEW QUESTION 41
......

Verified ISO-IEC-27001-Lead-Implementer Exam Dumps Q&As - Provide ISO-IEC-27001-Lead-Implementer with Correct Answers: https://www.actualpdf.com/ISO-IEC-27001-Lead-Implementer_exam-dumps.html

ISO-IEC-27001-Lead-Implementer Exam Questions | Real ISO-IEC-27001-Lead-Implementer Practice Dumps: https://drive.google.com/open?id=1wsppv4MLtC9_gWIkID7hDkdS5ZwgXyXO