[Nov-2022] ISO-IEC-27001-Lead-Auditor Exam Dumps - Free Demo & 365 Day Updates [Q49-Q68] : Latest Exam Prep : http://certify.vceprep.com

Q49. You are the lead auditor of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks.
What is this risk strategy called?

Risk bearing

Risk avoidance

Risk neutral

Risk skipping

Q50. Which of the following does an Asset Register contain? (Choose two)

Asset Type

Asset Owner

Asset Modifier

Process ID

Q51. An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.

True

False

Q52. What is the worst possible action that an employee may receive for sharing his or her password or access with others?

Forced roll off from the project

The lowest rating on his or her performance assessment

Three days suspension from work

Termination

Q53. Which reliability aspect of information is compromised when a staff member denies having sent a message?

Confidentiality

Integrity

Availability

Correctness

Q54. As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure?

Appoint security staff

Encrypt all sensitive information

Formulate a policy

Set up an access control procedure

Q55. Access Control System, CCTV and security guards are form of:

Environment Security

Access Control

Physical Security

Compliance

Q56. What is social engineering?

A group planning for a social activity in the organization

Creating a situation wherein a third party gains confidential information from you

The organization planning an activity for welfare of the neighborhood

Q57. Often, people do not pick up their prints from a shared printer. How can this affect the confidentiality of information?

Confidentiality cannot be guaranteed

Integrity cannot be guaranteed

Authenticity cannot be guaranteed

Availability cannot be guaranteed

Q58. What type of compliancy standard, regulation or legislation provides a code of practice for information security?

ISO/IEC 27002

Personal data protection act

Computer criminality act

IT Service Management

Q59. Who are allowed to access highly confidential files?

Employees with a business need-to-know

Contractors with a business need-to-know

Employees with signed NDA have a business need-to-know

Non-employees designated with approved access and have signed NDA

Q60. Information or data that are classified as ______ do not require labeling.

Public

Internal

Confidential

Highly Confidential

Q61. Which is the glue that ties the triad together

Process

People

Collaboration

Technology

Q62. There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good.
What is an example of the indirect damage caused by this fire?

Melted backup tapes

Burned computer systems

Burned documents

Water damage due to the fire extinguishers

Q63. What is the relationship between data and information?

Data is structured information.

Information is the meaning and value assigned to a collection of data.

Q64. Backup media is kept in the same secure area as the servers. What risk may the organisation be exposed to?

Unauthorised persons will have access to both the servers and backups

Responsibility for the backups is not defined well

After a fire, the information systems cannot be restored

After a server crash, it will take extra time to bring it back up again

Q65. What type of system ensures a coherent Information Security organisation?

Federal Information Security Management Act (FISMA)

Information Technology Service Management System (ITSM)

Information Security Management System (ISMS)

Information Exchange Data System (IEDS)

Q66. Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this?

Social engineering threat

Organisational threat

Technical threat

Malware threat

Q67. Which of the following is a technical security measure?

Encryption

Security policy

Safe storage of backups

User role profiles.

Q68. Does the security have the right to ask you to display your ID badges and check your bags?

True

False

[Nov-2022] ISO-IEC-27001-Lead-Auditor Exam Dumps - Free Demo & 365 Day Updates [Q49-Q68]

PECB ISO-IEC-27001-Lead-Auditor Exam Syllabus Topics: