Free 365 Days Exam Updates ISO-IEC-27001-Lead-Implementer dumps with test Engine Practice
Updated Verified ISO-IEC-27001-Lead-Implementer dumps Q&As - 100% Pass Guaranteed
NEW QUESTION 10
It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")
- A. True
- B. False
Answer: A
NEW QUESTION 11
Companies use 27002 for compliance for which of the following reasons:
- A. A structured program that helps with security and compliance
- B. Explicit requirements for all regulations
- C. Compliance with ISO 27002 is sufficient to comply with all regulations
Answer: A
NEW QUESTION 12
What does the Information Security Policy describe?
- A. how the InfoSec-objectives will be reached
- B. what the implementation-planning of the information security management system is
- C. which Information Security-procedures are selected
- D. which InfoSec-controls have been selected and taken
Answer: A
NEW QUESTION 13
Responsibilities for information security in projects should be defined and allocated to:
- A. the project manager
- B. the owner of the involved asset
- C. specified roles defined in the used project management method of the organization
- D. the InfoSec officer
Answer: C
NEW QUESTION 14
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
- A. ISO/IEC 27002:2005
- B. Personal data protection legislation
- C. Intellectual Property Rights
- D. ISO/IEC 27001:2005
Answer: B
NEW QUESTION 15
What is an example of a good physical security measure?
- A. All employees and visitors carry an access pass.
- B. Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.
- C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
Answer: A
NEW QUESTION 16
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?
- A. Thefirst step consists of checking if the user is using the correct certificate.
- B. The first step consists of checking if the user appears on the list of authorized users.
- C. The first step consists of comparing the password with the registered password.
- D. The first step consists of granting access to the information to which the user is authorized.
Answer: B
NEW QUESTION 17
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventoryof threats and risks.
What is the relation between a threat, risk and risk analysis?
- A. A risk analysis identifies threats from the known risks.
- B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- C. Risk analyses help to find a balance between threats and risks.
- D. A riskanalysis is used to remove the risk of a threat.
Answer: B
NEW QUESTION 18
What should be used to protect data on removable media ifdata confidentiality or integrity are important considerations?
- A. backup on another removable medium
- B. logging
- C. a password
- D. cryptographic techniques
Answer: D
NEW QUESTION 19
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered
- A. True
- B. False
Answer: A
NEW QUESTION 20
How many domains does ISO / IEC 27002: 2013 have?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 21
In the context ofcontact with special interest groups, any information-sharing agreements should identify requirements for the protection of _________ information.
- A. Confidential
- B. Authentic
- C. Availability
- D. Authorization
Answer: A
NEW QUESTION 22
What are the data protection principles set out in the GDPR?
- A. Purpose limitation, proportionality, data minimisation, transparency
- B. Purpose limitation, proportionality, availability, data minimisation
- C. Target group, proportionality, transparency, data minimisation
- D. Purpose limitation, pudicity, transparency, data minimisation
Answer: A
NEW QUESTION 23
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?
- A. The costs for automating are easier to charge to the responsible departments.
- B. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.
- C. Reports can be developed more easily and with fewer errors.
- D. A determination can be made as to which report should be printed firstand which ones can wait a little longer.
Answer: B
NEW QUESTION 24
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?
- A. When the organization is located near a river.
- B. When the computer systems are not insured.
- C. When computer systems are kept in a cellar below ground level.
- D. If the riskanalysis has not been carried out.
Answer: C
NEW QUESTION 25
You are a consultant and areregularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?
- A. Confidentiality
- B. Availability
- C. Integrity
Answer: A
NEW QUESTION 26
What is the most important reason for applying the segregation of duties?
- A. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
- B. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
- C. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.
- D. Segregation of duties makes it clear who is responsible for what.
Answer: B
NEW QUESTION 27
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
- A. Validation of input and output data in applications
- B. The use of tokens to gain access to information systems
- C. Encryption ofinformation
- D. Information Security Management System
Answer: D
NEW QUESTION 28
What is the greatest risk for an organization ifno information security policy has been defined?
- A. If everyone works with the same account, it is impossible to find out who worked on what.
- B. It is not possible for an organization to implement information security in a consistent manner.
- C. Information security activities are carried out by only a few people.
- D. Too many measures areimplemented.
Answer: B
NEW QUESTION 29
ISO 27002 provides guidance in the following area
- A. Framework for an overall security andcompliance program
- B. Information handling recommendations
- C. Detailed lists of required policies and procedures
- D. PCI environment scoping
Answer: A
NEW QUESTION 30
......
PECB ISO-IEC-27001-Lead-Implementer Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
Provide Valid Dumps To Help You Prepare For PECB Certified ISO/IEC 27001 Lead Implementer exam Exam: https://www.braindumpquiz.com/ISO-IEC-27001-Lead-Implementer-exam-material.html
ISO-IEC-27001-Lead-Implementer Dumps Questions [2022] Pass for Exam: https://drive.google.com/open?id=19io1lHRDud4asyGIgVUSJMHqtLOezXZd