PECB Certified ISO/IEC 27001 Lead Implementer exam練習テスト2021年最新のISO-IEC-27001-Lead-Implementerストレスなしで合格させちゃう! [Q17-Q37]

Share

PECB Certified ISO/IEC 27001 Lead Implementer exam練習テスト2021年最新のISO-IEC-27001-Lead-Implementerストレスなしで合格させちゃう!

練習ISO 27001 ISO-IEC-27001-Lead-Implementer問題集オンライン試験練習テストと詳細な解説付き!

質問 17
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?

  • A. Availability measure
  • B. Technical measure
  • C. Organizational measure
  • D. Integrity measure

正解: B

 

質問 18
You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

  • A. A code of conduct is a standard part of a labor contract.
  • B. A code ofconduct specifies how employees are expected to conduct themselves and is the same for all companies.
  • C. A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.

正解: C

 

質問 19
Companies use 27002 for compliance for which of the following reasons:

  • A. Compliance with ISO 27002 is sufficient to comply with all regulations
  • B. A structured program that helps with security and compliance
  • C. Explicit requirements for all regulations

正解: B

 

質問 20
What is the ISO / IEC 27002 standard?

  • A. It is a guide of good practices that describes the controlobjectives and recommended controls regarding information security.
  • B. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.
  • C. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001

正解: A

 

質問 21
You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventoryof threats and risks.
What is the relation between a threat, risk and risk analysis?

  • A. Risk analyses help to find a balance between threats and risks.
  • B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
  • C. A risk analysis identifies threats from the known risks.
  • D. A riskanalysis is used to remove the risk of a threat.

正解: B

 

質問 22
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

  • A. Risk bearing
  • B. Risk passing
  • C. Risk neutral
  • D. Risk avoiding

正解: C

 

質問 23
Select the controls that correspond to thedomain "9. ACCESS CONTROL" of ISO / 27002 (Choose three)

  • A. Return of assets
  • B. Withdrawal or adaptation of access rights
  • C. Management of access rights with special privileges
  • D. Restriction of access to information

正解: A,B,D

 

質問 24
Physical labels and ________ are two common forms of labeling which are mentioned in ISO 27002.

  • A. metadata
  • B. bridge
  • C. teradata

正解: A

 

質問 25
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

  • A. True
  • B. False

正解: A

 

質問 26
What sort of security does a Public Key Infrastructure (PKI) offer?

  • A. Having a PKI shows customers that a web-based business is secure.
  • B. A PKI ensures that backups of company data are made on a regular basis.
  • C. By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.
  • D. It provides digital certificates that can be used to digitally signdocuments. Such signatures irrefutably determine from whom a document was sent.

正解: B

 

質問 27
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

  • A. When the computer systems are not insured.
  • B. If the riskanalysis has not been carried out.
  • C. When computer systems are kept in a cellar below ground level.
  • D. When the organization is located near a river.

正解: C

 

質問 28
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

  • A. Reports can be developed more easily and with fewer errors.
  • B. The costs for automating are easier to charge to the responsible departments.
  • C. A determination can be made as to which report should be printed firstand which ones can wait a little longer.
  • D. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.

正解: D

 

質問 29
What is the best way to comply with legislation and regulations for personal data protection?

  • A. Performing a threat analysis
  • B. Performing a vulnerability analysis
  • C. Appointing the responsibility to someone
  • D. Maintaining an incident register

正解: C

 

質問 30
The identified owner of an asset is always an individual

  • A. True
  • B. False

正解: B

 

質問 31
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

  • A. The manager, Linda
  • B. The sender, Peter
  • C. The person who drafted the insurance terms and conditions
  • D. The recipient, Rachel

正解: D

 

質問 32
What is an example of a non-human threat to the physical environment?

  • A. Corrupted file
  • B. Fraudulent transaction
  • C. Virus
  • D. Storm

正解: D

 

質問 33
You have juststarted working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?

  • A. A code of conduct is alegal obligation that organizations have to meet.
  • B. A code of conduct helps to prevent the misuse of IT facilities.
  • C. A code of conduct prevents a virus outbreak.
  • D. A code of conduct gives staff guidance on how to report suspected misuses of IT facilities.

正解: B

 

質問 34
You are a consultant and areregularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?

  • A. Availability
  • B. Confidentiality
  • C. Integrity

正解: B

 

質問 35
What is the objective of classifying information?

  • A. Creating alabel that indicates how confidential the information is
  • B. Displaying on the document who is permitted access
  • C. Authorizing the use of an information system
  • D. Defining different levels of sensitivity into which information may be arranged

正解: D

 

質問 36
Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)

  • A. Physical security perimeter
  • B. Cryptographic Controls Use Policy
  • C. Key management
  • D. Work in safe areas

正解: B,C

 

質問 37
......

時間限定!今すぐ無料アクセスISO-IEC-27001-Lead-Implementer練習問題:https://drive.google.com/open?id=1g_mzy6_vk9Gbx84I2_mc1_bVxmoLtOI_

最適なISO-IEC-27001-Lead-Implementer試験学習資料と準備材料を提供しています:https://jp.fast2test.com/ISO-IEC-27001-Lead-Implementer-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어