Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Pass Using ISO-IEC-27001-Lead-Implementer Exam Dumps

PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam Questions and Answers

Question 41

According to ISO/IEC 27001 controls, when planning audit tests and assurance activities involving operational systems, who should be involved in the agreement process except the tester?

Options:

A.

The top management

B.

The appropriate management

C.

The board of directors

Question 42

Scenario 10: NetworkFuse develops, manufactures, and sells network hardware. The company has had an operational information security management system (ISMS) based on ISO/IEC 27001 requirements and a quality management system (QMS) based on ISO 9001 for approximately two years. Recently, it has applied for a j^ombined certification audit in order to obtain certification against ISO/IEC 27001 and ISO 9001.

After selecting the certification body, NetworkFuse prepared the employees for the audit The company decided to not conduct a self-evaluation before the audit since, according to the top management, it was not necessary. In addition, it ensured the availability of documented information, including internal audit reports and management reviews, technologies in place, and the general operations of the ISMS and the QMS. However, the company requested from the certification body that the documentation could not be carried off-site

However, the audit was not performed within the scheduled days because NetworkFuse rejected the audit team leader assigned and requested their replacement The company asserted that the same audit team leader issued a recommendation for certification to its main competitor, which, for the company's top management, was a potential conflict of interest. The request was not accepted by the certification body

According to scenario 10, NetworkFuse requested from the certification body to review all the documentation only on-site. Is this acceptable?

Options:

A.

Yes, the auditee may request that the review of the documentation takes place on-site

B.

Yes, only if a confidentiality agreement is formerly signed by the audit team

C.

No, the certification body decides whether the documentation review takes place on-site or off-site

Question 43

A company decided to use an algorithm that analyzes various attributes of customer behavior, such as browsing patterns and demographics, and groups customers based on their similar characteristics. This way. the company will be able to identify frequent buyers and trend-followers, among others. What type of machine learning this the company using?

Options:

A.

Decision tree machine learning

B.

Supervised machine learning

C.

Unsupervised machine learning

Question 44

Upon the risk assessment outcomes. Socket Inc. decided to:

• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers

• Require the change of passwords at least once every 60 days

• Keep backup copies of files on IT-provided network drives

• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.

Based on scenario 5, what can be considered as a residual risk to Socket Inc.?

Options:

A.

Files arc decrypted once the user is authenticated

B.

Users with access to cloud storage files are segregated on a separate network

C.

The use of passwords with at least 12 characters containing a mixture of uppercase and lowercase letters, symbols, and numbers