New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

ISO-IEC-27001-Lead-Implementer Exam Questions Tutorials

PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam Questions and Answers

Question 25

What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?

Options:

A.

To prevent unauthorized physical access, damage, and interference to the organization's information and other associated assets

B.

To maintain the confidentiality of information that is accessible by personnel or external parties

C.

To ensure access to information and other associated assets is defined and authorized

Question 26

Upon the risk assessment outcomes. Socket Inc. decided to:

• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers

• Require the change of passwords at least once every 60 days

• Keep backup copies of files on IT-provided network drives

• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.

What is the most important asset to Socket Inc. associated with the use of cloud storage? Refer to scenario 5.

Options:

A.

IT provided network drives

B.

Employees with access to cloud storage files

C.

Customers' personal data

Question 27

What risk treatment option has Company A Implemented If it has decided not to collect information from users so that It is not necessary to implement information security controls?

Options:

A.

Risk avoidance

B.

Risk retention

C.

Risk modification

Question 28

Scenario 7: Incident Response at Texas H&H Inc.

Once they made sure that the attackers do not have access in their system, the security administrators decided to proceed with the forensic analysis. They concluded that their access security system was notdesigned tor threat detection, including the detection of malicious files which could be the cause of possible future attacks.

Based on these findings. Texas H$H inc, decided to modify its access security system to avoid future incidents and integrate an incident management policy in their Information security policy that could serve as guidance for employees on how to respond to similar incidents.

Based on the scenario above, answer the following question:

Based on scenario 7. what else should Texas H&H Inc. do when responding to the incident?

Options:

A.

Decide to stop using cloud services in order to eliminate the risk of similar incidents happening in the future

B.

Record and document the incident which serves as input for future corrective actions

C.

Communicate the updated Information security policy only to the top management of the company