PECB iso iec 27001 lead implementer practice test

ISO/IEC 27001 Lead Implementer Exam

Last exam update: May 17 ,2024
Page 1 out of 3. Viewing questions 1-15 out of 50

Question 1

You have just started working at a large organization. You have been asked to sign a code of conduct
as well as a contract. What does the organization wish to achieve with this?

  • A. A code of conduct helps to prevent the misuse of IT facilities.
  • B. A code of conduct is a legal obligation that organizations have to meet.
  • C. A code of conduct prevents a virus outbreak.
  • D. A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.
Answer:

A

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What do employees need to know to report a security incident?

  • A. How to report an incident and to whom.
  • B. Whether the incident has occurred before and what was the resulting damage.
  • C. The measures that should have been taken to prevent the incident in the first place.
  • D. Who is responsible for the incident and whether it was intentional.
Answer:

A

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following measures is a corrective measure?

  • A. Incorporating an Intrusion Detection System (IDS) in the design of a computer center
  • B. Installing a virus scanner in an information system
  • C. Making a backup of the data that has been created or altered that day
  • D. Restoring a backup of the correct database after a corrupt copy of the database was written over the original
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is an example of a non-human threat to the physical environment?

  • A. Fraudulent transaction
  • B. Corrupted file
  • C. Storm
  • D. Virus
Answer:

C

User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

What is the best description of a risk analysis?

  • A. A risk analysis is a method of mapping risks without looking at company processes.
  • B. A risk analysis helps to estimate the risks and develop the appropriate security measures.
  • C. A risk analysis calculates the exact financial consequences of damages.
Answer:

B

User Votes:
A
50%
B 1 votes
50%
C
50%

Discussions
vote your answer:
A
B
C
0 / 1000

Question 6

What is an example of a good physical security measure?

  • A. All employees and visitors carry an access pass.
  • B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.
  • C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
Answer:

A

User Votes:
A
50%
B
50%
C
50%

Discussions
vote your answer:
A
B
C
0 / 1000

Question 7

You apply for a position in another company and get the job. Along with your contract, you are asked
to sign a code of conduct. What is a code of conduct?

  • A. A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.
  • B. A code of conduct is a standard part of a labor contract.
  • C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
Answer:

C

User Votes:
A
50%
B
50%
C
50%

Discussions
vote your answer:
A
B
C
0 / 1000

Question 8

A company moves into a new building. A few weeks after the move, a visitor appears unannounced
in the office of the director. An investigation shows that visitors passes grant the same access as the
passes of the company's staff. Which kind of security measure could have prevented this?

  • A. physical security measure
  • B. An organizational security measure
  • C. A technical security measure
Answer:

A

User Votes:
A
50%
B
50%
C
50%

Discussions
vote your answer:
A
B
C
0 / 1000

Question 9

Susan sends an email to Paul. Who determines the meaning and the value of information in this
email?

  • A. Paul, the recipient of the information.
  • B. Paul and Susan, the sender and the recipient of the information.
  • C. Susan, the sender of the information.
Answer:

A

User Votes:
A
50%
B
50%
C
50%

Discussions
vote your answer:
A
B
C
0 / 1000

Question 10

Logging in to a computer system is an access-granting process consisting of three steps:
identification, authentication and authorization. What occurs during the first step of this process:
identification?

  • A. The first step consists of checking if the user is using the correct certificate.
  • B. The first step consists of checking if the user appears on the list of authorized users.
  • C. The first step consists of comparing the password with the registered password.
  • D. The first step consists of granting access to the information to which the user is authorized.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

The company Midwest Insurance has taken many measures to protect its information. It uses an
Information Security Management System, the input and output of data in applications is validated,
confidential documents are sent in encrypted form and staff use tokens to access information
systems. Which of these is not a technical measure?

  • A. Information Security Management System
  • B. The use of tokens to gain access to information systems
  • C. Validation of input and output data in applications
  • D. Encryption of information
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which is a legislative or regulatory act related to information security that can be imposed upon all
organizations?

  • A. ISO/IEC 27001:2005
  • B. Intellectual Property Rights
  • C. ISO/IEC 27002:2005
  • D. Personal data protection legislation
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What
is accomplished if all other reports from this insurance office are also assigned the appropriate
grading?

  • A. The costs for automating are easier to charge to the responsible departments.
  • B. A determination can be made as to which report should be printed first and which ones can wait a little longer.
  • C. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.
  • D. Reports can be developed more easily and with fewer errors.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

What sort of security does a Public Key Infrastructure (PKI) offer?

  • A. It provides digital certificates that can be used to digitally sign documents. Such signatures irrefutably determine from whom a document was sent.
  • B. Having a PKI shows customers that a web-based business is secure.
  • C. By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.
  • D. A PKI ensures that backups of company data are made on a regular basis.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Of the following, which is the best organization or set of organizations to contribute to compliance?

  • A. IT only
  • B. IT, business management, HR and legal
  • C. IT and management
  • D. IT and legal
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2