
2023年最新のISO-IEC-27001-Lead-Implementerプレミアム資料テストPDFの無料問題集お試しセット
試験合格を向けてISO-IEC-27001-Lead-Implementer今すぐ弊社のISO 27001試験パッケージを使おう
PECB ISO-IEC-27001-Lead-Implementer 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 10
Which of these reliability aspects is "completeness" a part of?
- A. Confidentiality
- B. Exclusivity
- C. Availability
- D. Integrity
正解: D
質問 11
What is the ISO / IEC 27002 standard?
- A. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.
- B. It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.
- C. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001
正解: B
質問 12
What sort of security does a Public Key Infrastructure (PKI) offer?
- A. It provides digital certificates that can be used to digitally signdocuments. Such signatures irrefutably determine from whom a document was sent.
- B. A PKI ensures that backups of company data are made on a regular basis.
- C. Having a PKI shows customers that a web-based business is secure.
- D. By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.
正解: B
質問 13
What is the objective of classifying information?
- A. Defining different levels of sensitivity into which information may be arranged
- B. Authorizing the use of an information system
- C. Displaying on the document who is permitted access
- D. Creating alabel that indicates how confidential the information is
正解: A
質問 14
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?
- A. Integrity measure
- B. Organizational measure
- C. Technical measure
- D. Availability measure
正解: C
質問 15
Of the following, which is the best organization or set of organizations to contribute to compliance?
- A. IT only
- B. IT and legal
- C. IT,business management, HR and legal
- D. IT and management
正解: C
質問 16
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the company's staff. Which kind of security measure could have prevented this?
- A. A technical security measure
- B. An organizational security measure
- C. physical security measure
正解: C
質問 17
What does the Information Security Policy describe?
- A. which InfoSec-controls have been selected and taken
- B. which Information Security-procedures are selected
- C. what the implementation-planning of the information security management system is
- D. how the InfoSec-objectives will be reached
正解: D
質問 18
What is the greatest risk for an organization ifno information security policy has been defined?
- A. It is not possible for an organization to implement information security in a consistent manner.
- B. Information security activities are carried out by only a few people.
- C. Too many measures areimplemented.
- D. If everyone works with the same account, it is impossible to find out who worked on what.
正解: A
質問 19
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
- A. Validation of input and output data in applications
- B. The use of tokens to gain access to information systems
- C. Information Security Management System
- D. Encryption ofinformation
正解: C
質問 20
What are the data protection principles set out in the GDPR?
- A. Purpose limitation, proportionality, data minimisation, transparency
- B. Purpose limitation, proportionality, availability, data minimisation
- C. Target group, proportionality, transparency, data minimisation
- D. Purpose limitation, pudicity, transparency, data minimisation
正解: A
質問 21
Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)
- A. Physical security perimeter
- B. Key management
- C. Work in safe areas
- D. Cryptographic Controls Use Policy
正解: B,D
質問 22
ISO 27002 provides guidance in the following area
- A. PCI environment scoping
- B. Detailed lists of required policies and procedures
- C. Framework for an overall security andcompliance program
- D. Information handling recommendations
正解: C
質問 23
Why is compliance important forthe reliability of the information?
- A. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
- B. By meeting the legislative requirements and theregulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
- C. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
- D. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and thereforeit guarantees the reliability of its information.
正解: B
質問 24
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventoryof threats and risks.
What is the relation between a threat, risk and risk analysis?
- A. Risk analyses help to find a balance between threats and risks.
- B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
- C. A risk analysis identifies threats from the known risks.
- D. A riskanalysis is used to remove the risk of a threat.
正解: B
質問 25
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?
- A. A code of conduct is a standard part of a labor contract.
- B. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.
- C. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
正解: B
質問 26
What is an example of a non-human threat to the physical environment?
- A. Corrupted file
- B. Virus
- C. Storm
- D. Fraudulent transaction
正解: C
質問 27
......
2023年最新の問題をマスターISO 27001合格目指してISO-IEC-27001-Lead-Implementerリアル試験!:https://jp.fast2test.com/ISO-IEC-27001-Lead-Implementer-premium-file.html
完全版は2023年最新のISO-IEC-27001-Lead-Implementer試験問題集ガイドはトレーニング専門Fast2test:https://drive.google.com/open?id=1EVrd9Lt658zNZXoh3K6Qvlbb--9aY2Gq