
無料ダウンロードPECB ISO-IEC-27001-Lead-Auditorリアル試験問題ゲットせよ
最新のPECB ISO-IEC-27001-Lead-Auditorリアル試験問題集PDF
質問 57
Often, people do not pick up their prints from a shared printer. How can this affect the confidentiality of information?
- A. Confidentiality cannot be guaranteed
- B. Authenticity cannot be guaranteed
- C. Availability cannot be guaranteed
- D. Integrity cannot be guaranteed
正解: A
質問 58
Four types of Data Classification (Choose two)
- A. Financial Data, Highly Confidential Data
- B. Project Data, Highly Confidential Data
- C. Restricted Data, Confidential Data
- D. Unrestricted Data, Highly Confidential Data
正解: C,D
質問 59
Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this?
- A. Malware threat
- B. Technical threat
- C. Social engineering threat
- D. Organisational threat
正解: C
質問 60
In which order is an Information Security Management System set up?
- A. Establishment, operation, monitoring, improvement
- B. Implementation, operation, improvement, maintenance
- C. Implementation, operation, maintenance, establishment
- D. Establishment, implementation, operation, maintenance
正解: D
質問 61
The computer room is protected by a pass reader. Only the System Management department has a pass.
What type of security measure is this?
- A. a repressive security measure
- B. a logical security measure
- C. a corrective security measure
- D. a physical security measure
正解: D
質問 62
You are the lead auditor of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks.
What is this risk strategy called?
- A. Risk bearing
- B. Risk neutral
- C. Risk skipping
- D. Risk avoidance
正解: A
質問 63
A decent visitor is roaming around without visitor's ID. As an employee you should do the following, except:
- A. Call the receptionist and inform about the visitor
- B. Greet and ask him what is his business
- C. Escort him to his destination
- D. Say "hi" and offer coffee
正解: D
質問 64
Why do we need to test a disaster recovery plan regularly, and keep it up to date?
- A. Otherwise the measures taken and the incident procedures planned may not be adequate
- B. Otherwise it is no longer up to date with the registration of daily occurring faults
- C. Otherwise remotely stored backups may no longer be available to the security team
正解: A
質問 65
What type of compliancy standard, regulation or legislation provides a code of practice for information security?
- A. IT Service Management
- B. ISO/IEC 27002
- C. Personal data protection act
- D. Computer criminality act
正解: B
質問 66
Which department maintain's contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications service providers depending on the service required.
- A. COO
- B. MRO
- C. CISO
- D. CSM
正解: C
質問 67
What is the security management term for establishing whether someone's identity is correct?
- A. Identification
- B. Verification
- C. Authorisation
- D. Authentication
正解: D
質問 68
Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.
Which of these examples is a threat to integrity?
- A. accidental alteration of data
- B. System restart
- C. a loose cable
- D. private use of data
正解: A
質問 69
All are prohibited in acceptable use of information assets, except:
- A. Messages with very large attachments or to a large number ofrecipients.
- B. E-mail copies to non-essential readers
- C. Company-wide e-mails with supervisor/TL permission.
- D. Electronic chain letters
正解: C
質問 70
What is the name of the system that guarantees the coherence of information security in the organization?
- A. Information Security Management System (ISMS)
- B. Rootkit
- C. Information Technology Service Management (ITSM)
- D. Security regulations for special information for the government
正解: A
質問 71
You receive the following mail from the IT support team: Dear User,Starting next week, we will be deleting all inactive email accounts in order to create spaceshare the below details in order to continue using your account. In case of no response, Name:
Email ID:
Password:
DOB:
Kindly contact the webmail team for any further support. Thanks for your attention.
Which of the following is the best response?
- A. Respond it by saying that one should not share the password with anyone
- B. One should not respond to these mails and report such email to your supervisor
- C. Ignore the email
正解: B
質問 72
Which is the glue that ties the triad together
- A. Technology
- B. People
- C. Process
- D. Collaboration
正解: C
質問 73
What is a definition of compliance?
- A. Laws, considered collectively or the process of making or enacting laws
- B. A rule or directive made and maintained by an authority.
- C. The state or fact of according with or meeting rules or standards
- D. An official or authoritative instruction
正解: C
質問 74
A planning process that introduced the concept of planning as a cycle that forms the basis for continuous improvement is called:
- A. time based planning.
- B. planning for continuous improvement.
- C. RACI Matrix
- D. plan, do, check, act.
正解: D
質問 75
__________ is a software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
- A. Virus
- B. Operating System
- C. Malware
- D. Trojan
正解: C
質問 76
What is the standard definition of ISMS?
- A. A project-based approach to achieve business objectives for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security
- B. A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improving
- C. Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing,operating and maintaining organization's reputation.
- D. A systematic approach for establishing, implementing, operating,monitoring, reviewing, maintaining and improving an organization's information security to achieve business objectives.
正解: D
質問 77
Phishing is what type of Information Security Incident?
- A. Private Incidents
- B. Technical Vulnerabilities
- C. Legal Incidents
- D. Cracker/Hacker Attacks
正解: D
質問 78
There is a scheduled fire drill in your facility. What should you do?
- A. Participate in the drill
- B. None of the above
- C. Call in sick
- D. Excuse yourself by saying you have an urgent deliverable
正解: A
質問 79
As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure?
- A. Appoint security staff
- B. Encrypt all sensitive information
- C. Formulate a policy
- D. Set up an access control procedure
正解: C
質問 80
Availability means
- A. Service should not be accessible when required
- B. Service should be accessible at the required time and usable by all
- C. Service should be accessible at the required time and usable only by the authorized entity
正解: C
質問 81
Which reliability aspect of information is compromised when a staff member denies having sent a message?
- A. Confidentiality
- B. Correctness
- C. Availability
- D. Integrity
正解: D
質問 82
......
PECB ISO-IEC-27001-Lead-Auditor 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
PDF問題(2022年最新)実際のPECB ISO-IEC-27001-Lead-Auditor試験問題:https://jp.fast2test.com/ISO-IEC-27001-Lead-Auditor-premium-file.html
ISO-IEC-27001-Lead-Auditor試験問題集、ISO-IEC-27001-Lead-Auditor練習テスト問題はここ:https://drive.google.com/open?id=11LITbKfqePWSfsJWgdf-bodji_ym7hJl