Excellent ISO-IEC-27001-Lead-Implementer PDF Dumps With 100% PassReview Exam Passing Guaranted [Jul-2023]
100% Pass Your ISO-IEC-27001-Lead-Implementer PECB Certified ISO/IEC 27001 Lead Implementer exam at First Attempt with PassReview
NEW QUESTION # 21
Which of these control objectives are NOT in the domain "12.OPERATIONAL SAFETY"?
- A. Test data
- B. Protection against malicious code
- C. Technical vulnerability management
- D. Redundancies
Answer: D
NEW QUESTION # 22
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?
- A. When computer systems are kept in a cellar below ground level.
- B. When the organization is located near a river.
- C. When the computer systems are not insured.
- D. If the riskanalysis has not been carried out.
Answer: A
NEW QUESTION # 23
You have juststarted working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?
- A. A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.
- B. A code of conduct is alegal obligation that organizations have to meet.
- C. A code of conduct helps to prevent the misuse of IT facilities.
- D. A code of conduct prevents a virus outbreak.
Answer: C
NEW QUESTION # 24
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?
- A. Technical measure
- B. Integrity measure
- C. Organizational measure
- D. Availability measure
Answer: A
NEW QUESTION # 25
What is an example of a non-human threat to the physical environment?
- A. Virus
- B. Corrupted file
- C. Storm
- D. Fraudulent transaction
Answer: C
NEW QUESTION # 26
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?
- A. Risk avoiding
- B. Risk passing
- C. Risk neutral
- D. Risk bearing
Answer: C
NEW QUESTION # 27
It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")
- A. False
- B. True
Answer: B
NEW QUESTION # 28
What is an example of a good physical security measure?
- A. Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.
- B. All employees and visitors carry an access pass.
- C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
Answer: B
NEW QUESTION # 29
What is the most important reason for applying the segregation of duties?
- A. Segregation of duties makes it clear who is responsible for what.
- B. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
- C. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.
- D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
Answer: B
NEW QUESTION # 30
Of the following, which is the best organization or set of organizations to contribute to compliance?
- A. IT,business management, HR and legal
- B. IT only
- C. IT and legal
- D. IT and management
Answer: A
NEW QUESTION # 31
Which of the following measures is a correctivemeasure?
- A. Incorporating an Intrusion Detection System (IDS) in the design of a computer center
- B. Installing a virus scanner in an information system
- C. Making a backup of the data that has been created or altered that day
- D. Restoring a backup of the correct database after a corrupt copy of the database was written over the original
Answer: D
NEW QUESTION # 32
Physical labels and ________ are two common forms of labeling which are mentioned in ISO 27002.
- A. metadata
- B. teradata
- C. bridge
Answer: A
NEW QUESTION # 33
What is the greatest risk for an organization ifno information security policy has been defined?
- A. Information security activities are carried out by only a few people.
- B. If everyone works with the same account, it is impossible to find out who worked on what.
- C. It is not possible for an organization to implement information security in a consistent manner.
- D. Too many measures areimplemented.
Answer: C
NEW QUESTION # 34
What is the ISO / IEC 27002 standard?
- A. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001
- B. It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.
- C. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.
Answer: B
NEW QUESTION # 35
One of the ways Internet of Things (IoT) devices can communicate with each other (or 'the outside world') is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?
- A. Radio Frequency Identification (RFID)
- B. Bluetooth
- C. The 4G protocol
- D. Near Field Communication (NFC)
Answer: D
NEW QUESTION # 36
Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO
27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
- A. controlling
- B. authorizing
- C. screening
- D. flexing
Answer: C
NEW QUESTION # 37
Select the controls that correspond to thedomain "9. ACCESS CONTROL" of ISO / 27002 (Choose three)
- A. Withdrawal or adaptation of access rights
- B. Management of access rights with special privileges
- C. Return of assets
- D. Restriction of access to information
Answer: A,C,D
NEW QUESTION # 38
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?
- A. The first step consists of checking if the user appears on the list of authorized users.
- B. Thefirst step consists of checking if the user is using the correct certificate.
- C. The first step consists of comparing the password with the registered password.
- D. The first step consists of granting access to the information to which the user is authorized.
Answer: A
NEW QUESTION # 39
Responsibilities for information security in projects should be defined and allocated to:
- A. the InfoSec officer
- B. specified roles defined in the used project management method of the organization
- C. the project manager
- D. the owner of the involved asset
Answer: B
NEW QUESTION # 40
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
- A. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
- B. A code of conduct is a standard part of a labor contract.
- C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
Answer: C
NEW QUESTION # 41
......
Trend for ISO-IEC-27001-Lead-Implementer pdf dumps before actual exam: https://vcetorrent.passreview.com/ISO-IEC-27001-Lead-Implementer-exam-questions.html