• Home
  • Articles
  • [Oct 25, 2023] New ISO-IEC-27001-Lead-Auditor Exam Dumps with High Passing Rate [Q19-Q34]

[Oct 25, 2023] New ISO-IEC-27001-Lead-Auditor Exam Dumps with High Passing Rate [Q19-Q34]

Share

[Oct 25, 2023] New ISO-IEC-27001-Lead-Auditor Exam Dumps with High Passing Rate

Get ISO-IEC-27001-Lead-Auditor Braindumps & ISO-IEC-27001-Lead-Auditor Real Exam Questions

NEW QUESTION # 19
Four types of Data Classification (Choose two)

  • A. Unrestricted Data, Highly Confidential Data
  • B. Financial Data, Highly Confidential Data
  • C. Restricted Data, Confidential Data
  • D. Project Data, Highly Confidential Data

Answer: A,C


NEW QUESTION # 20
-------------------------is an asset like other important business assets has value to an organization and consequently needs to be protected.

  • A. Infrastructure
  • B. Information
  • C. Data
  • D. Security

Answer: B


NEW QUESTION # 21
Select the words that best complete the sentence:
To complete the sentence with the best word(s), click on the blank section you want to complete so that it is highlighted in red, and then click on the applicable text from the options below. Alternatively, you may drag and drop the option to the appropriate blank section.

Answer:

Explanation:


NEW QUESTION # 22
Information Security is a matter of building and maintaining ________ .

  • A. Firewalls
  • B. Trust
  • C. Confidentiality
  • D. Protection

Answer: B


NEW QUESTION # 23
An employee caught with offense of abusing the internet, such as P2P file sharing or video/audio streaming, will not receive a warning for committing such act but will directly receive an IR.

  • A. True
  • B. False

Answer: A


NEW QUESTION # 24
Often, people do not pick up their prints from a shared printer. How can this affect the confidentiality of information?

  • A. Confidentiality cannot be guaranteed
  • B. Availability cannot be guaranteed
  • C. Integrity cannot be guaranteed
  • D. Authenticity cannot be guaranteed

Answer: A


NEW QUESTION # 25
You have a hard copy of a customer design document that you want to dispose off. What would you do

  • A. Give it to the office boy to reuse it for other purposes
  • B. Throw it in any dustbin
  • C. Shred it using a shredder
  • D. Be environment friendly and reuse it for writing

Answer: C

Explanation:
The best way to dispose of a hard copy of a customer design document is to shred it using a shredder. This is because shredding ensures that the document is destroyed and cannot be reconstructed or accessed by unauthorized persons. A customer design document may contain sensitive or confidential information that could cause harm or damage to the customer or the organization if disclosed. Therefore, it is important to protect the confidentiality and integrity of the document until it is securely disposed of. Throwing it in any dustbin, giving it to the office boy to reuse it for other purposes, or reusing it for writing are not secure ways of disposing of the document, as they could expose the document to unauthorized access, theft, loss or damage. ISO/IEC 27001:2022 requires the organization to implement procedures for the secure disposal of media containing information (see clause A.8.3.2). Reference: CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course, ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is Secure Disposal?


NEW QUESTION # 26
Which of the following is an information security management system standard published by the International Organization for Standardization?

  • A. ISO5501
  • B. ISO22301
  • C. ISO9008
  • D. ISO27001

Answer: D

Explanation:
ISO/IEC 27001:2022 is an information security management system standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The standard is intended to be applicable to all organizations, regardless of type, size or nature. ISO/IEC 27001:2022 is part of the ISO/IEC 27000 family of standards, which provide a comprehensive framework for information security management. Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, ISO/IEC 27000 family - Information security management systems


NEW QUESTION # 27
Which one of the following options best describes the main purpose of a Stage 1 third-party audit?

  • A. To determine redness for a stage 2 audit
  • B. To learn about the organisation's procurement
  • C. To check for legal compliance by the organisation
  • D. To get to know the organisation's customers
  • E. To introduce the audit team to the client
  • F. To prepare an independent audit report

Answer: A

Explanation:
The main purpose of a Stage 1 third-party audit is to determine readiness for a Stage 2 audit. A Stage 1 audit is a preliminary assessment that evaluates the organization's ISMS documentation, scope, context, and objectives, and identifies any major gaps or nonconformities that need to be addressed before the Stage 2 audit. A Stage 1 audit does not introduce the audit team to the client, as this is done during the audit planning phase. A Stage 1 audit does not check for legal compliance by the organization, as this is done during the Stage 2 audit. A Stage 1 audit does not prepare an independent audit report, as this is done after the Stage 2 audit. Reference: : CQI & IRCA ISO 27001:2022 Lead Auditor Course Handbook, page 70. : ISO/IEC 27001 LEAD AUDITOR - PECB, page 23.


NEW QUESTION # 28
Changes on project-managed applications or database should undergo the change control process as documented.

  • A. True
  • B. False

Answer: A


NEW QUESTION # 29
Which is not a requirement of HR prior to hiring?

  • A. Must undergo Awareness training on information security.
  • B. Undergo background verification
  • C. Applicant must complete pre-employment documentation requirements
  • D. Must successfully pass Background Investigation

Answer: A


NEW QUESTION # 30
Who is responsible for Initial asset allocation to the user/custodian of the assets?

  • A. Asset Manager
  • B. Asset Practitioner
  • C. Asset Stakeholder
  • D. Asset Owner

Answer: D

Explanation:
The asset owner is responsible for initial asset allocation to the user or custodian of the assets. The asset owner is a person or entity that has been assigned the responsibility for managing and protecting the asset throughout its lifecycle. The asset owner should ensure that the user or custodian of the assets has the appropriate authorization, competence and awareness to use or handle the assets securely. The asset owner should also monitor and review the use or custody of the assets and update or revoke the allocation as needed. ISO/IEC 27001:2022 requires the organization to assign owners to all assets within the scope of the information security management system (see clause A.8.1.2). Reference: CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course, ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is an Asset Owner?


NEW QUESTION # 31
An administration office is going to determine the dangers to which it is exposed.
What do we call a possible event that can have a disruptive effect on the reliability of information?

  • A. vulnerability
  • B. threat
  • C. risk
  • D. dependency

Answer: B


NEW QUESTION # 32
Access Control System, CCTV and security guards are form of:

  • A. Environment Security
  • B. Access Control
  • C. Physical Security
  • D. Compliance

Answer: C


NEW QUESTION # 33
An employee caught with offense of abusing the internet, such as P2P file sharing or video/audio streaming, will not receive a warning for committing such act but will directly receive an IR.

  • A. True
  • B. False

Answer: A

Explanation:
According to ISO/IEC 27001:2022, clause A.8.1.5, the organization should establish and implement a clear policy on the acceptable use of information assets, including the internet. The policy should define the rules and consequences for violating them, such as disciplinary actions or legal sanctions. The policy should also be communicated to all users and relevant parties. Therefore, if an employee is caught abusing the internet, such as P2P file sharing or video/audio streaming, they will not receive a warning but will directly receive an IR (incident report), which is a formal record of the incident and its impact, as well as the corrective actions taken or planned. Reference: CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) Course Handbook, page 54; [ISO/IEC 27001:2022], clause A.8.1.5.


NEW QUESTION # 34
......


PECB is a leading provider of professional certifications in the field of information security management. The PECB ISO-IEC-27001-Lead-Auditor certification exam is one of the most widely recognized certifications in the industry. It is designed to provide professionals with the knowledge and skills needed to effectively audit and assess an organization's ISMS to ensure compliance with the ISO/IEC 27001 standard.

 

ISO-IEC-27001-Lead-Auditor Dumps To Pass PECB Exam in 24 Hours - PDFVCE: https://www.pdfvce.com/PECB/ISO-IEC-27001-Lead-Auditor-exam-pdf-dumps.html

PECB ISO-IEC-27001-Lead-Auditor Actual Questions and Braindumps: https://drive.google.com/open?id=1TlMECT4qcnxoRqSOp88tlgkaqJJ55D_k

Related Articles

more
PECB ISO-IEC-27001-Lead-Auditor Certification Practice Exam