ISO-IEC-27001-LEAD-IMPLEMENTER Online Practice Questions and Answers
What is an example of a good physical security measure?
A. All employees and visitors carry an access pass.
B. Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.
C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
What is the greatest risk for an organization ifno information security policy has been defined?
A. If everyone works with the same account, it is impossible to find out who worked on what.
B. Information security activities are carried out by only a few people.
C. Too many measures areimplemented.
D. It is not possible for an organization to implement information security in a consistent manner.
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?
A. The costs for automating are easier to charge to the responsible departments.
B. A determination can be made as to which report should be printed firstand which ones can wait a little longer.
C. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.
D. Reports can be developed more easily and with fewer errors.
What is the objective of classifying information?
A. Authorizing the use of an information system
B. Creating alabel that indicates how confidential the information is
C. Defining different levels of sensitivity into which information may be arranged
D. Displaying on the document who is permitted access
Susan sends an email to Paul. Who determines the meaning and the value of information in this email?
A. Paul, therecipient of the information.
B. Paul and Susan, the sender and the recipient of the information.
C. Susan, the sender of the information.
Companies use 27002 for compliance for which of the following reasons:
A. A structured program that helps with security and compliance
B. Explicit requirements for all regulations
C. Compliance with ISO 27002 is sufficient to comply with all regulations
Of the following, which is the best organization or set of organizations to contribute to compliance?
A. IT only
B. IT,business management, HR and legal
C. IT and management
D. IT and legal
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?
A. Thefirst step consists of checking if the user is using the correct certificate.
B. The first step consists of checking if the user appears on the list of authorized users.
C. The first step consists of comparing the password with the registered password.
D. The first step consists of granting access to the information to which the user is authorized.
Why is compliance important forthe reliability of the information?
A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
B. By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.
D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
In the context ofcontact with special interest groups, any information-sharing agreements should identify requirements for the protection of _________ information.
A. Availability
B. Confidential
C. Authentic
D. Authorization
What is an example of a non-human threat to the physical environment?
A. Fraudulent transaction
B. Corrupted file
C. Storm
D. Virus
Physical labels and ________ are two common forms of labeling which are mentioned in ISO 27002.
A. metadata
B. teradata
C. bridge
Which of these control objectives are NOT in the domain "12.OPERATIONAL SAFETY"?
A. Protection against malicious code
B. Redundancies
C. Test data
D. Technical vulnerability management
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
A. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
B. A code of conduct is a standard part of a labor contract.
C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
The identified owner of an asset is always an individual
A. True
B. False
Why select/choose certbus.com?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
• 6000+ PDF and VCE exam dumps
• 6000+ Free demo downloads available
• 50+ Preparation Labs
• 20+ Representatives Providing 24/7 Support
Copyright © 2004-2024 certbus.com, All Rights Reserved.