合格目指せISO-IEC-27001-Lead-Implementer試験最新のISO-IEC-27001-Lead-Implementer試験問題集PDF 2023年更新 [Q26-Q51]

Share

合格目指せISO-IEC-27001-Lead-Implementer試験最新のISO-IEC-27001-Lead-Implementer試験問題集PDF 2023年更新

ISO-IEC-27001-Lead-Implementer試験問題集、365日更新無料サンプル

質問 # 26
A small organization that is implementing an ISMS based on ISO/lEC 27001 has decided to outsource the internal audit function to a third party. Is this acceptable?

  • A. No, the organizations cannot outsource the internal audit function to a third party because during internal audit, the organization audits its own system
  • B. No, the outsourcing of the internal audit function may compromise the independence and impartiality of the internal audit team
  • C. Yes, outsourcing the internal audit function to a third party is often a better option for small organizations to demonstrate independence and impartiality

正解:C


質問 # 27
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

  • A. A determination can be made as to which report should be printed firstand which ones can wait a little longer.
  • B. Reports can be developed more easily and with fewer errors.
  • C. The costs for automating are easier to charge to the responsible departments.
  • D. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.

正解:D


質問 # 28
Intrinsic vulnerabilities, such as the______________ are related to the characteristics of the asset. Refer to scenario 1.

  • A. Software malfunction
  • B. Service interruptions
  • C. Complicated user interface

正解:C


質問 # 29
Which of the following is NOT part of the steps required by ISO/IEC 27001 that an organization must take when a nonconformity is detected?

  • A. Communicate the details of the nonconformity to every employee of the organization and suspend the employee that caused the nonconformity
  • B. React to the nonconformity, take action to control and correct it. and deal with its consequences
  • C. Evaluate the need for action to eliminate the causes of the nonconformity so that it does not recur or occur elsewhere

正解:A


質問 # 30
What is the greatest risk for an organization ifno information security policy has been defined?

  • A. Too many measures areimplemented.
  • B. Information security activities are carried out by only a few people.
  • C. It is not possible for an organization to implement information security in a consistent manner.
  • D. If everyone works with the same account, it is impossible to find out who worked on what.

正解:C


質問 # 31
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

  • A. False
  • B. True

正解:B


質問 # 32
Based on scenario 5. which committee should Operaze create to ensure the smooth running of the ISMS?

  • A. Information security committee
  • B. Management committee
  • C. Operational committee

正解:A


質問 # 33
What is the ISO / IEC 27002 standard?

  • A. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.
  • B. It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.
  • C. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001

正解:B


質問 # 34
How many domains does ISO / IEC 27002: 2013 have?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:B


質問 # 35
What is the next step that Operaze's ISMS implementation team should take after drafting the information security policy? Refer to scenario 5.

  • A. Implement the information security policy
  • B. Obtain top management's approval for the information security policy
  • C. Communicate the information security policy to all employees

正解:B


質問 # 36
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

  • A. When computer systems are kept in a cellar below ground level.
  • B. If the riskanalysis has not been carried out.
  • C. When the computer systems are not insured.
  • D. When the organization is located near a river.

正解:A


質問 # 37
Of the following, which is the best organization or set of organizations to contribute to compliance?

  • A. IT and management
  • B. IT,business management, HR and legal
  • C. IT and legal
  • D. IT only

正解:B


質問 # 38
An organization documented each security control that it Implemented by describing their functions in detail.
Is this compliant with ISO/IEC 27001?

  • A. Yes, but documenting each security control and not the process in general will make it difficult to review the documented information
  • B. No, because the documented information should have a strict format, including the date, version number and author identification
  • C. No, the standard requires to document only the operation of processes and controls, so no description of each security control is needed

正解:A


質問 # 39
Which statement is an example of risk retention?

  • A. An organization has implemented a data loss protection software
  • B. An organization terminates work in the construction site during a severe storm
  • C. An organization has decided to release the software even though some minor bugs have not been fixed yet

正解:C


質問 # 40
Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers.
Due to this transformation of the business model, a number of security controls were implemented based on the identified threats and vulnerabilities associated to critical assets. To protect customers' information.
Beauty's employees had to sign a confidentiality agreement. In addition, the company reviewed all user access rights so that only authorized personnel can have access to sensitive files and drafted a new segregation of duties chart.
However, the transition was difficult for the IT team, who had to deal with a security incident not long after transitioning to the e commerce model. After investigating the incident, the team concluded that due to the out-of-date anti-malware software, an attacker gamed access to their files and exposed customers' information, including their names and home addresses.
The IT team decided to stop using the old anti-malware software and install a new one which would automatically remove malicious code in case of similar incidents. The new software was installed in every workstation within the company. After installing the new software, the team updated it with the latest malware definitions and enabled the automatic update feature to keep it up to date at all times. Additionally, they established an authentication process that requires a user identification and password when accessing sensitive information.
In addition, Beauty conducted a number of information security awareness sessions for the IT team and other employees that have access to confidential information in order to raise awareness on the importance of system and network security.
Based on the scenario above, answer the following question:
After investigating the incident. Beauty decided to install a new anti-malware software. What type of security control has been implemented in this case?

  • A. Corrective
  • B. Preventive
  • C. Detective

正解:A


質問 # 41
The certification body rejected NetworkFuse's request to change the audit team leader. Is this acceptable?
Refer to scenario 10.

  • A. Yes, because NetworkFuse did not give a valid reason to support their claims
  • B. No, auditee's requests for the replacement of auditors must be accepted
  • C. No, because an auditee cannot request the rejection of an audit team member

正解:A


質問 # 42
An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents. Which control should it implement7

  • A. Clock synchronization
  • B. Use of privileged utility programs
  • C. Installation of software on operational systems

正解:A


質問 # 43
What is the objective of classifying information?

  • A. Defining different levels of sensitivity into which information may be arranged
  • B. Displaying on the document who is permitted access
  • C. Authorizing the use of an information system
  • D. Creating alabel that indicates how confidential the information is

正解:A


質問 # 44
Based on scenario 9. is the action plan for the identified nonconformities sufficient to eliminate the detected nonconformities?

  • A. No, because the action plan does not include a timeframe for implementation
  • B. Yes, because a separate action plan has been created for the identified nonconformity
  • C. No, because the action plan does not address the root cause of the identified nonconformity

正解:A


質問 # 45
Which of the following measures is a correctivemeasure?

  • A. Making a backup of the data that has been created or altered that day
  • B. Restoring a backup of the correct database after a corrupt copy of the database was written over the original
  • C. Incorporating an Intrusion Detection System (IDS) in the design of a computer center
  • D. Installing a virus scanner in an information system

正解:B


質問 # 46
Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

  • A. Susan, the sender of the information.
  • B. Paul, therecipient of the information.
  • C. Paul and Susan, the sender and the recipient of the information.

正解:B


質問 # 47
What sort of security does a Public Key Infrastructure (PKI) offer?

  • A. By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.
  • B. It provides digital certificates that can be used to digitally signdocuments. Such signatures irrefutably determine from whom a document was sent.
  • C. A PKI ensures that backups of company data are made on a regular basis.
  • D. Having a PKI shows customers that a web-based business is secure.

正解:C


質問 # 48
What is an example of a security incident?

  • A. A member of staff loses a laptop.
  • B. You cannot set the correct fonts in your word processing software.
  • C. The lighting in the department no longer works.
  • D. A file is saved under an incorrect name.

正解:A


質問 # 49
Based on scenario 5. after migrating to cloud. Operaze's IT team changed the ISMS scope and implemented all the required modifications Is this acceptable?

  • A. No, because any change in ISMS scope should be accepted by the management
  • B. No, because the company has already defined the ISMS scope
  • C. Yes, because the ISMS scope should be changed when there are changes to the external environment

正解:A


質問 # 50
What is the most important reason for applying the segregation of duties?

  • A. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
  • B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
  • C. Segregation of duties makes it clear who is responsible for what.
  • D. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.

正解:A


質問 # 51
......


PECB認定ISO/IEC 27001リード実装試験は、複数選択の質問で構成される4時間の試験です。この試験では、ISO/IEC 27001標準、リスク評価、リスク治療、パフォーマンス評価、ISMの改善など、ISMの実装と管理に関連するさまざまなトピックをカバーしています。この試験は、ISMの実装プロセスと組織内のISMを管理する能力に関する候補者の知識、スキル、および理解を評価するように設計されています。試験と認定プロセスの正常に完了したことは、ISO/IEC 27001標準に基づいてISMの実装と管理に候補者の習熟度を示しています。

 

ISO-IEC-27001-Lead-Implementer問題集、あなたを合格させる認証試験:https://jp.fast2test.com/ISO-IEC-27001-Lead-Implementer-premium-file.html

まもなくセール終了!リアルISO-IEC-27001-Lead-ImplementerのPDF解答を使おう:https://drive.google.com/open?id=1fjeNIA9ipWHPw5QeQKBJ-RA09eUA1Cp1


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어