PECB ISO IEC 27001 LEAD IMPLEMENTER Exam Questions

Questions for the ISO IEC 27001 LEAD IMPLEMENTER were updated on : Jun 07 ,2024

Page 1 out of 4. Viewing questions 1-15 out of 50

Question 1

Which of these reliability aspects is "completeness" a part of?

  • A. Availability
  • B. Exclusivity
  • C. Integrity
  • D. Confidentiality
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What are the data protection principles set out in the GDPR?

  • A. Purpose limitation, proportionality, availability, data minimisation
  • B. Purpose limitation, proportionality, data minimisation, transparency
  • C. Target group, proportionality, transparency, data minimisation
  • D. Purpose limitation, pudicity, transparency, data minimisation
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

One of the ways Internet of Things (IoT) devices can communicate with each other (or the outside
world) is using a so-called short-range radio protocol. Which kind of short-range radio protocol
makes it possible to use your phone as a credit card?

  • A. Near Field Communication (NFC)
  • B. Bluetooth
  • C. Radio Frequency Identification (RFID)
  • D. The 4G protocol
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is the most important reason for applying the segregation of duties?

  • A. Segregation of duties makes it clear who is responsible for what.
  • B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • D. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant
threat?

  • A. If the risk analysis has not been carried out.
  • B. When computer systems are kept in a cellar below ground level.
  • C. When the computer systems are not insured.
  • D. When the organization is located near a river.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Why is compliance important for the reliability of the information?

  • A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
  • B. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
  • C. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.
  • D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the
assignments are irregular, you outsource the administration of your business to temporary workers.
You don't want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?

  • A. Availability
  • B. Integrity
  • C. Confidentiality
Answer:

C

User Votes:
A
50%
B
50%
C
50%

Discussions
vote your answer:
A
B
C
0 / 1000

Question 8

What is the best way to comply with legislation and regulations for personal data protection?

  • A. Performing a threat analysis
  • B. Maintaining an incident register
  • C. Performing a vulnerability analysis
  • D. Appointing the responsibility to someone
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What does the Information Security Policy describe?

  • A. how the InfoSec-objectives will be reached
  • B. which InfoSec-controls have been selected and taken
  • C. what the implementation-planning of the information security management system is
  • D. which Information Security-procedures are selected
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

In the context of contact with special interest groups, any information-sharing agreements should
identify requirements for the protection of _________ information.

  • A. Availability
  • B. Confidential
  • C. Authentic
  • D. Authorization
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Responsibilities for information security in projects should be defined and allocated to:

  • A. the project manager
  • B. specified roles defined in the used project management method of the organization
  • C. the InfoSec officer
  • D. the owner of the involved asset
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

True or False: Organizations allowing teleworking activities, the physical security of the building and
the local environment of the teleworking site should be considered

  • A. True
  • B. False
Answer:

A

User Votes:
A
50%
B
50%

Discussions
vote your answer:
A
B
0 / 1000

Question 13

Prior to employment, _________ as well as terms & conditions of employment are included as
controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and
are suitable for the roles for which they are considered.

  • A. screening
  • B. authorizing
  • C. controlling
  • D. flexing
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

It is allowed that employees and contractors are provided with an anonymous reporting channel to
report violations of information security policies or procedures (whistle blowing)

  • A. True
  • B. False
Answer:

A

User Votes:
A
50%
B
50%

Discussions
vote your answer:
A
B
0 / 1000

Question 15

The identified owner of an asset is always an individual

  • A. True
  • B. False
Answer:

B

User Votes:
A
50%
B
50%

Discussions
vote your answer:
A
B
0 / 1000
To page 2