2022 ISO-IEC-27001-Lead-Implementer exam torrent ISO-IEC-27001-Lead-Implementer Study Guide
Easily pass ISO-IEC-27001-Lead-Implementer Exam with our Dumps & PDF Test Engine
NEW QUESTION 20
What is the greatest risk for an organization ifno information security policy has been defined?
- A. Too many measures areimplemented.
- B. If everyone works with the same account, it is impossible to find out who worked on what.
- C. It is not possible for an organization to implement information security in a consistent manner.
- D. Information security activities are carried out by only a few people.
Answer: C
NEW QUESTION 21
What is the best description of a risk analysis?
- A. A risk analysis helps to estimate the risks and develop the appropriate security measures.
- B. A risk analysis is a method of mapping risks without looking at company processes.
- C. A risk analysis calculates the exact financial consequences of damages.
Answer: A
NEW QUESTION 22
The identified owner of an asset is always an individual
- A. True
- B. False
Answer: B
NEW QUESTION 23
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
- A. The use of tokens to gain access to information systems
- B. Encryption ofinformation
- C. Validation of input and output data in applications
- D. Information Security Management System
Answer: D
NEW QUESTION 24
What is the ISO / IEC 27002 standard?
- A. It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.
- B. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.
- C. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001
Answer: A
NEW QUESTION 25
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?
- A. The recipient, Rachel
- B. The person who drafted the insurance terms and conditions
- C. The sender, Peter
- D. The manager, Linda
Answer: A
NEW QUESTION 26
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?
- A. When the organization is located near a river.
- B. When the computer systems are not insured.
- C. If the riskanalysis has not been carried out.
- D. When computer systems are kept in a cellar below ground level.
Answer: D
NEW QUESTION 27
Which of these control objectives are NOT in the domain "12.OPERATIONAL SAFETY"?
- A. Technical vulnerability management
- B. Protection against malicious code
- C. Test data
- D. Redundancies
Answer: D
NEW QUESTION 28
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered
- A. True
- B. False
Answer: A
NEW QUESTION 29
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
- A. A code of conduct is a standard part of a labor contract.
- B. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
- C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
Answer: C
NEW QUESTION 30
How many domains does ISO / IEC 27002: 2013 have?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 31
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
- A. ISO/IEC 27002:2005
- B. Intellectual Property Rights
- C. ISO/IEC 27001:2005
- D. Personal data protection legislation
Answer: D
NEW QUESTION 32
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?
- A. The first step consists of comparing the password with the registered password.
- B. The first step consists of granting access to the information to which the user is authorized.
- C. The first step consists of checking if the user appears on the list of authorized users.
- D. Thefirst step consists of checking if the user is using the correct certificate.
Answer: C
NEW QUESTION 33
Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO
27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
- A. controlling
- B. authorizing
- C. screening
- D. flexing
Answer: C
NEW QUESTION 34
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?
- A. Organizational measure
- B. Availability measure
- C. Technical measure
- D. Integrity measure
Answer: C
NEW QUESTION 35
What do employees need to know to report a security incident?
- A. Whether the incident has occurred before and what was the resulting damage.
- B. How to report an incident and to whom.
- C. The measures that should have been taken to prevent the incident in the first place.
- D. Who is responsible for the incident and whether it was intentional.
Answer: B
NEW QUESTION 36
What is the most important reason for applying the segregation of duties?
- A. Segregation of duties makes it clear who is responsible for what.
- B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
- C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
- D. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.
Answer: C
NEW QUESTION 37
What is the best way to comply with legislation and regulations for personal data protection?
- A. Maintaining an incident register
- B. Appointing the responsibility to someone
- C. Performing a vulnerability analysis
- D. Performing a threat analysis
Answer: B
NEW QUESTION 38
It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")
- A. True
- B. False
Answer: A
NEW QUESTION 39
You are a consultant and areregularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?
- A. Confidentiality
- B. Availability
- C. Integrity
Answer: A
NEW QUESTION 40
......
ISO-IEC-27001-Lead-Implementer PDF Pass Leader, ISO-IEC-27001-Lead-Implementer Latest Real Test: https://www.free4torrent.com/ISO-IEC-27001-Lead-Implementer-braindumps-torrent.html
Valid ISO-IEC-27001-Lead-Implementer Test Answers & ISO-IEC-27001-Lead-Implementer Exam PDF: https://drive.google.com/open?id=10hWQ99nu91AaDoY0_EajMsTjW4Alonng