[Q17-Q39] Latest PECB ISO-IEC-27001-Lead-Implementer First Attempt, Exam real Dumps Updated [Jun-2022]

NEW QUESTION 17
Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO
27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

screening

authorizing

controlling

flexing

NEW QUESTION 18
Select risk control activities for domain “10. Encryption” of ISO / 27002: 2013 (Choose two)

Work in safe areas

Cryptographic Controls Use Policy

Physical security perimeter

Key management

NEW QUESTION 19
One of the ways Internet of Things (IoT) devices can communicate with each other (or ‘the outside world’) is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?

Near Field Communication (NFC)

Bluetooth

Radio Frequency Identification (RFID)

The 4G protocol

NEW QUESTION 20
Which of the following measures is a correctivemeasure?

Incorporating an Intrusion Detection System (IDS) in the design of a computer center

Installing a virus scanner in an information system

Making a backup of the data that has been created or altered that day

Restoring a backup of the correct database after a corrupt copy of the database was written over the original

NEW QUESTION 21
How many domains does ISO / IEC 27002: 2013 have?

140

110

114

NEW QUESTION 22
What is the ISO / IEC 27002 standard?

It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.

It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001

It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.

NEW QUESTION 23
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.

A code of conduct is a standard part of a labor contract.

A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.

NEW QUESTION 24
We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

Availability, Information Value and Confidentiality

Availability, Integrity and Confidentiality

Availability, Integrity and Completeness

Timeliness, Accuracy and Completeness

NEW QUESTION 25
Why is compliance important forthe reliability of the information?

Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.

By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.

When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.

When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.

NEW QUESTION 26
What should be used to protect data on removable media ifdata confidentiality or integrity are important considerations?

backup on another removable medium

cryptographic techniques

a password

logging

NEW QUESTION 27
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

Information Security Management System

The use of tokens to gain access to information systems

Validation of input and output data in applications

Encryption ofinformation

NEW QUESTION 28
Which of the following measures is a preventive measure?

Installing a logging system that enables changes in a system to be recognized

Shutting down all internet traffic after a hacker has gained access to thecompany systems

Putting sensitive information in a safe

Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk

NEW QUESTION 29
The identified owner of an asset is always an individual

True

False

NEW QUESTION 30
What is the most important reason for applying the segregation of duties?

Segregation of duties makes it clear who is responsible for what.

Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.

NEW QUESTION 31
You have juststarted working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?

A code of conduct helps to prevent the misuse of IT facilities.

A code of conduct is alegal obligation that organizations have to meet.

A code of conduct prevents a virus outbreak.

A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.

NEW QUESTION 32
Physical labels and ________ are two common forms of labeling which are mentioned in ISO 27002.

metadata

teradata

bridge

NEW QUESTION 33
What is the best description of a risk analysis?

A risk analysis is a method of mapping risks without looking at company processes.

A risk analysis helps to estimate the risks and develop the appropriate security measures.

A risk analysis calculates the exact financial consequences of damages.

NEW QUESTION 34
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

ISO/IEC 27001:2005

Intellectual Property Rights

ISO/IEC 27002:2005

Personal data protection legislation

NEW QUESTION 35
What is the greatest risk for an organization ifno information security policy has been defined?

If everyone works with the same account, it is impossible to find out who worked on what.

Information security activities are carried out by only a few people.

Too many measures areimplemented.

It is not possible for an organization to implement information security in a consistent manner.

NEW QUESTION 36
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

If the riskanalysis has not been carried out.

When computer systems are kept in a cellar below ground level.

When the computer systems are not insured.

When the organization is located near a river.

Latest Exam Prep

[Q17-Q39] Latest PECB ISO-IEC-27001-Lead-Implementer First Attempt, Exam real Dumps Updated [Jun-2022]

Leave a Reply

ISO-IEC-27001-Lead-Implementer Practice Tests

Related Certifications

Recent Posts

Recent Comments

Archives

Categories