Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

ISO-IEC-27001-Lead-Implementer Exam Questions Tutorials

PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam Questions and Answers

Question 25

Question:

Which of the following statements best represents The Open Security Architecture (OSA) framework?

Options:

A.

A framework that explains the functionality and technical controls of security, presenting a holistic view of crucial security concerns

B.

A framework that assists organizations in determining the objectives of developing their security architecture, focusing on the initial stages of security architecture

C.

A framework that helps organize enterprise architecture artifacts, including documents, specifications, and models, by considering the impact of these artifacts on various stakeholders

Question 26

Scenario 7: InfoSec is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. After facing numerous information security incidents, InfoSec has decided to establish teams and implement measures to prevent potential incidents in the future

Emma, Bob. and Anna were hired as the new members of InfoSec's information security team, which consists of a security architecture team, an incident response team (IRT) and a forensics team Emma's job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant.

Bob, a network expert, will deploy a screened subnet network architecture This architecture will isolate the demilitarized zone (OMZ) to which hosted public services are attached and InfoSec's publicly accessible resources from their private network Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company's network. Bob is also responsible for ensuring that a thorough evaluation of the nature of an unexpected event is conducted, including the details on how the event happened and what or whom it might affect.

Anna will create records of the data, reviews, analysis, and reports in order to keep evidence for the purpose of disciplinary and legal action, and use them to prevent future incidents. To do the work accordingly, she should be aware of the company's information security incident management policy beforehand

Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have.

Based on scenario 7, what should Anna be aware of when gathering data?

Options:

A.

The use of the buffer zone that blocks potential attacks coming from malicious websites where data can be collected

B.

The type of data that helps prevent future occurrences of information security incidents

C.

The collection and preservation of records

Question 27

Which of the following is the most suitable option for presenting raw data in a user-friendly, easy-to-read format?

Options:

A.

Scorecards

B.

Reports

C.

Gages

Question 28

What is the primary requirement for the documented information of an ISMS?

Options:

A.

It must exist solely in a digital format to ensure modern compatibility

B.

It must be sufficiently flexible to adapt to any identified change triggers

C.

It must be accessible to the public at all times to maintain transparency