
Valid ISO-IEC-27001-Lead-Implementer Exam Q&A PDF ISO-IEC-27001-Lead-Implementer Dump is Ready (Updated 50 Questions)
Exam Questions and Answers for ISO-IEC-27001-Lead-Implementer Study Guide
NEW QUESTION 20
What is the best description of a risk analysis?
- A. A risk analysis calculates the exact financial consequences of damages.
- B. A risk analysis helps to estimate the risks and develop the appropriate security measures.
- C. A risk analysis is a method of mapping risks without looking at company processes.
Answer: B
NEW QUESTION 21
Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)
- A. Physical security perimeter
- B. Work in safe areas
- C. Cryptographic Controls Use Policy
- D. Key management
Answer: C,D
NEW QUESTION 22
It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")
- A. True
- B. False
Answer: A
NEW QUESTION 23
Who is accountable to classify information assets?
- A. theasset owner
- B. the CISO
- C. the CEO
- D. the Information Security Team
Answer: A
NEW QUESTION 24
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
- A. Encryption ofinformation
- B. Validation of input and output data in applications
- C. The use of tokens to gain access to information systems
- D. Information Security Management System
Answer: D
NEW QUESTION 25
What is an example of a security incident?
- A. The lighting in the department no longer works.
- B. A file is saved under an incorrect name.
- C. A member of staff loses a laptop.
- D. You cannot set the correct fonts in your word processing software.
Answer: C
NEW QUESTION 26
Of the following, which is the best organization or set of organizations to contribute to compliance?
- A. IT only
- B. IT and legal
- C. IT,business management, HR and legal
- D. IT and management
Answer: C
NEW QUESTION 27
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventoryof threats and risks.
What is the relation between a threat, risk and risk analysis?
- A. A riskanalysis is used to remove the risk of a threat.
- B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- C. A risk analysis identifies threats from the known risks.
- D. Risk analyses help to find a balance between threats and risks.
Answer: B
NEW QUESTION 28
ISO 27002 provides guidance in the following area
- A. Framework for an overall security andcompliance program
- B. Detailed lists of required policies and procedures
- C. Information handling recommendations
- D. PCI environment scoping
Answer: A
NEW QUESTION 29
Physical labels and ________ are two common forms of labeling which are mentioned in ISO 27002.
- A. metadata
- B. bridge
- C. teradata
Answer: A
NEW QUESTION 30
What is the most important reason for applying the segregation of duties?
- A. Segregation of duties makes it clear who is responsible for what.
- B. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.
- C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
- D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
Answer: C
NEW QUESTION 31
What should be used to protect data on removable media ifdata confidentiality or integrity are important considerations?
- A. backup on another removable medium
- B. logging
- C. cryptographic techniques
- D. a password
Answer: C
NEW QUESTION 32
What does the Information Security Policy describe?
- A. which InfoSec-controls have been selected and taken
- B. how the InfoSec-objectives will be reached
- C. which Information Security-procedures are selected
- D. what the implementation-planning of the information security management system is
Answer: B
NEW QUESTION 33
What is an example of a non-human threat to the physical environment?
- A. Storm
- B. Corrupted file
- C. Fraudulent transaction
- D. Virus
Answer: A
NEW QUESTION 34
Which of these control objectives are NOT in the domain "12.OPERATIONAL SAFETY"?
- A. Test data
- B. Technical vulnerability management
- C. Protection against malicious code
- D. Redundancies
Answer: D
NEW QUESTION 35
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?
- A. Thefirst step consists of checking if the user is using the correct certificate.
- B. The first step consists of granting access to the information to which the user is authorized.
- C. The first step consists of checking if the user appears on the list of authorized users.
- D. The first step consists of comparing the password with the registered password.
Answer: C
NEW QUESTION 36
One of the ways Internet of Things (IoT) devices can communicate with each other (or 'the outside world') is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?
- A. Radio Frequency Identification (RFID)
- B. The 4G protocol
- C. Bluetooth
- D. Near Field Communication (NFC)
Answer: D
NEW QUESTION 37
What do employees need to know to report a security incident?
- A. Whether the incident has occurred before and what was the resulting damage.
- B. Who is responsible for the incident and whether it was intentional.
- C. How to report an incident and to whom.
- D. The measures that should have been taken to prevent the incident in the first place.
Answer: C
NEW QUESTION 38
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?
- A. Integrity measure
- B. Availability measure
- C. Technical measure
- D. Organizational measure
Answer: C
NEW QUESTION 39
Why is compliance important forthe reliability of the information?
- A. By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
- B. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.
- C. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
- D. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
Answer: A
NEW QUESTION 40
......
Certification dumps - ISO 27001 ISO-IEC-27001-Lead-Implementer guides - 100% valid: https://www.prepawayete.com/PECB/ISO-IEC-27001-Lead-Implementer-practice-exam-dumps.html
100% Pass Your ISO-IEC-27001-Lead-Implementer PECB Certified ISO/IEC 27001 Lead Implementer exam at First Attempt with PrepAwayETE: https://drive.google.com/open?id=1P3suRw1fVKK4sl2aVAqxdqX_zf48z4nB