[Jan-2022] ISO-IEC-27001-Lead-Implementer Braindumps – ISO-IEC-27001-Lead-Implementer Questions to Get Better Grades
ISO-IEC-27001-Lead-Implementer Exam Dumps - Try Best ISO-IEC-27001-Lead-Implementer Exam Questions - PDFVCE
NEW QUESTION 25
Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)
- A. Physical security perimeter
- B. Work in safe areas
- C. Cryptographic Controls Use Policy
- D. Key management
Answer: C,D
NEW QUESTION 26
What is an example of a non-human threat to the physical environment?
- A. Fraudulent transaction
- B. Storm
- C. Corrupted file
- D. Virus
Answer: B
NEW QUESTION 27
What is the ISO / IEC 27002 standard?
- A. It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.
- B. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.
- C. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001
Answer: A
NEW QUESTION 28
What should be used to protect data on removable media ifdata confidentiality or integrity are important considerations?
- A. a password
- B. cryptographic techniques
- C. logging
- D. backup on another removable medium
Answer: B
NEW QUESTION 29
Companies use 27002 for compliance for which of the following reasons:
- A. Compliance with ISO 27002 is sufficient to comply with all regulations
- B. A structured program that helps with security and compliance
- C. Explicit requirements for all regulations
Answer: B
NEW QUESTION 30
What is an example of a security incident?
- A. You cannot set the correct fonts in your word processing software.
- B. The lighting in the department no longer works.
- C. A file is saved under an incorrect name.
- D. A member of staff loses a laptop.
Answer: D
NEW QUESTION 31
Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO
27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
- A. controlling
- B. authorizing
- C. screening
- D. flexing
Answer: C
NEW QUESTION 32
In the context ofcontact with special interest groups, any information-sharing agreements should identify requirements for the protection of _________ information.
- A. Authentic
- B. Authorization
- C. Confidential
- D. Availability
Answer: C
NEW QUESTION 33
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
- A. A code of conduct is a standard part of a labor contract.
- B. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
- C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
Answer: C
NEW QUESTION 34
Which of the following measures is a preventive measure?
- A. Putting sensitive information in a safe
- B. Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk
- C. Installing a logging system that enables changes in a system to be recognized
- D. Shutting down all internet traffic after a hacker has gained access to thecompany systems
Answer: A
NEW QUESTION 35
What is an example of a good physical security measure?
- A. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
- B. Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.
- C. All employees and visitors carry an access pass.
Answer: C
NEW QUESTION 36
What is the most important reason for applying the segregation of duties?
- A. Segregation of duties makes it clear who is responsible for what.
- B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
- C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
- D. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.
Answer: C
NEW QUESTION 37
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?
- A. The recipient, Rachel
- B. The person who drafted the insurance terms and conditions
- C. The sender, Peter
- D. The manager, Linda
Answer: A
NEW QUESTION 38
What do employees need to know to report a security incident?
- A. Whether the incident has occurred before and what was the resulting damage.
- B. How to report an incident and to whom.
- C. The measures that should have been taken to prevent the incident in the first place.
- D. Who is responsible for the incident and whether it was intentional.
Answer: B
NEW QUESTION 39
Which of the following measures is a correctivemeasure?
- A. Making a backup of the data that has been created or altered that day
- B. Installing a virus scanner in an information system
- C. Incorporating an Intrusion Detection System (IDS) in the design of a computer center
- D. Restoring a backup of the correct database after a corrupt copy of the database was written over the original
Answer: D
NEW QUESTION 40
What does the Information Security Policy describe?
- A. which Information Security-procedures are selected
- B. how the InfoSec-objectives will be reached
- C. which InfoSec-controls have been selected and taken
- D. what the implementation-planning of the information security management system is
Answer: B
NEW QUESTION 41
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?
- A. Risk bearing
- B. Risk passing
- C. Risk neutral
- D. Risk avoiding
Answer: C
NEW QUESTION 42
The identified owner of an asset is always an individual
- A. True
- B. False
Answer: B
NEW QUESTION 43
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?
- A. When the organization is located near a river.
- B. When the computer systems are not insured.
- C. If the riskanalysis has not been carried out.
- D. When computer systems are kept in a cellar below ground level.
Answer: D
NEW QUESTION 44
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventoryof threats and risks.
What is the relation between a threat, risk and risk analysis?
- A. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- B. A risk analysis identifies threats from the known risks.
- C. A riskanalysis is used to remove the risk of a threat.
- D. Risk analyses help to find a balance between threats and risks.
Answer: A
NEW QUESTION 45
......
Verified ISO-IEC-27001-Lead-Implementer exam dumps Q&As with Correct 50 Questions and Answers: https://www.pdfvce.com/PECB/ISO-IEC-27001-Lead-Implementer-exam-pdf-dumps.html
Get New ISO-IEC-27001-Lead-Implementer Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1Gf8D2523ia5M_Nrmyb49xu7A3WuQ_wbA