Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Download Full Version ISO-IEC-27001-Lead-Implementer PECB Exam

PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam Questions and Answers

Question 49

Org Y. a well-known bank, uses an online banking platform that enables clients to easily and securely access their bank accounts. To log in. clients are required to enter the one-time authorization code sent to their smartphone. What can be concluded from this scenario?

Options:

A.

Org Y has implemented an integrity control that avoids the involuntary corruption of data

B.

Org Y has incorrectly implemented a security control that could become a vulnerability

C.

Org Y has implemented a security control that ensures the confidentiality of information

Question 50

Question:

What is the purpose of ISO/IEC 27002:2022 Clause 8.28?

Options:

A.

To ensure all security requirements are addressed during application development

B.

To ensure software is written securely to reduce information security vulnerabilities

C.

To ensure secure system design principles are followed

Question 51

Scenario 8: SunDee is a biopharmaceutical firm headquartered in California, US. Renowned for its pioneering work in the field of human therapeutics, SunDee places a strong emphasis on addressing critical healthcare concerns, particularly in the domains of cardiovascular diseases, oncology, bone health, and inflammation. SunDee has demonstrated its commitment to data security and integrity by maintaining an effective information security management system (ISMS) based on ISO/IEC 27001 for the past two years.

In preparation for the recertification audit, SunDee conducted an internal audit. The company's top management appointed Alex, who has actively managed the Compliance Department's day-to-day operations for the last six months, as the internal auditor. With this dual role assignment, Alex is tasked withconducting an audit that ensures compliance and provides valuable recommendations to improve operational efficiency.

During the internal audit, a few nonconformities were identified. To address them comprehensively, the company created action plans for each nonconformity, working closely with the audit team leader.

SunDee's senior management conducted a comprehensive review of the ISMS to evaluate its appropriateness, sufficiency, and efficiency. This was integrated into their regular management meetings. Essential documents, including audit reports, action plans, and review outcomes, were distributed to all members before the meeting. The agenda covered the status of previous review actions, changes affecting the ISMS, feedback, stakeholder inputs, and opportunities for improvement. Decisions and actions targeting ISMS improvements were made, with a significant role played by the ISMS coordinator and the internal audit team in preparing follow-up action plans, which were then approved by top management.

In response to the review outcomes, SunDee promptly implemented corrective actions, strengthening its information security measures. Additionally, dashboard tools were introduced to provide a high-level overview of key performance indicators essential for monitoring the organization's information security management. These indicators included metrics on security incidents, their costs, system vulnerability tests, nonconformity detection, and resolution times, facilitating effective recording, reporting, and tracking of monitoring activities. Furthermore, SunDee embarked on a comprehensive measurement process to assess the progress and outcomes of ongoing projects, implementing extensive measures across all processes. The top management determined that the individual responsible for the information, aside from owning the data that contributes to the measures, would also be designated accountable for executing these measurement activities.

Based on the scenario above, answer the following question:

Based on scenario 8, which of the following performance indicators was NOT established by SunDee?

Options:

A.

Information security cases

B.

Training

C.

ISMS weaknesses

Question 52

Which of the following is the information security committee responsible for?

Options:

A.

Ensure smooth running of the ISMS

B.

Set annual objectives and the ISMS strategy

C.

Treat the nonconformities