Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

ISO-IEC-27001-Lead-Implementer Exam Questions Tutorials

PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam Questions and Answers

Question 25

Which of the following is NOT part of the steps required by ISO/IEC 27001 that an organization must take when a nonconformity is detected?

Options:

A.

React to the nonconformity, take action to control and correct it. and deal with its consequences

B.

Evaluate the need for action to eliminate the causes of the nonconformity so that it does not recur or occur elsewhere

C.

Communicate the details of the nonconformity to every employee of the organization and suspend the employee that caused the nonconformity

Question 26

What risk treatment option has Company A implemented if it has required from its employees the change of email passwords at least once every 60 days?

Options:

A.

Risk modification

B.

Risk avoidance

C.

Risk retention

Question 27

What is the primary requirement for the documented information of an ISMS?

Options:

A.

It must exist solely in a digital format to ensure modern compatibility

B.

It must be sufficiently flexible to adapt to any identified change triggers

C.

It must be accessible to the public at all times to maintain transparency

Question 28

Scenario 7: InfoSec, based in Boston, MA, is a multinational corporation offering professional electronics, gaming, and entertainment products. Following several information security incidents, InfoSec has decided to establish teams of experts and implement measures to prevent potential incidents in the future.

Emma, Bob, and Anna were hired as the new members of InfoSec's information security team, which consists of a security architecture team, an incident response team (IRT), and a forensics team. Emma’s job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively. Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant.

Bob, a network expert, will implement a screened subnet network architecture. This architecture will isolate the demilitarized zone (DMZ), to which hosted public services are attached, and InfoSec's publicly accessible resources from their private network. Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company's network. Bob is also responsible for ensuring a thorough evaluation of the nature of an unexpected event, including how the event happened and what or whom it might affect.

On the other hand, Anna will create records of the data, reviews, analyses, and reports to keep evidence for disciplinary and legal action and use them to prevent future incidents. To do the work accordingly, she should be aware of the company's information security incident management policy beforehand. Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have.

As part of InfoSec's initiative to strengthen information security measures, Anna will conduct information security risk assessments only when significant changes are proposed and will document the results of these risk assessments. Upon completion of the risk assessment process, Anna is responsible for developing and implementing a plan for treating information security risks and documenting the risk treatment results.

Furthermore, while implementing the communication plan for information security, InfoSec’s top management was responsible for creating a roadmap for new product development. This approach helps the company to align its security measures with the product development efforts, demonstrating a commitment to integrating security into every aspect of its business operations.

InfoSec uses a cloud service model that includes cloud-based apps accessed through the web or an application programming interface (API). All cloud services are provided by the cloud service provider, while data is managed by InfoSec. This introduces unique security considerations and becomes a primary focus for the information security team to ensure data and systems are protected in this environment.

Based on this scenario, answer the following question:

Does InfoSec adhere to the requirements of ISO/IEC 27001 when conducting information security risk assessments?

Options:

A.

Yes, it adhered to ISO/IEC 27001 requirements

B.

No, as it should perform them at planned intervals as well

C.

No, as it should perform them twice a year, regardless of significant changes