[Q35-Q58] 最新PECB ISO-IEC-27001-Lead-Implementer一発合格!試験リアル問題集最新の[2023年12月]

Share

最新PECB ISO-IEC-27001-Lead-Implementer一発合格!試験リアル問題集最新の[2023年12月]

良質なISO-IEC-27001-Lead-Implementer問題集はここFast2test問題はあなたの合格させて見せます。明るい未来はクリックから始まる!

質問 # 35
What supports the continual improvement of an ISMS?

  • A. The update of action plans
  • B. The update of eternal audit reports
  • C. The update of documented information

正解:C


質問 # 36
An organization documented each security control that it Implemented by describing their functions in detail.
Is this compliant with ISO/IEC 27001?

  • A. Yes, but documenting each security control and not the process in general will make it difficult to review the documented information
  • B. No, because the documented information should have a strict format, including the date, version number and author identification
  • C. No, the standard requires to document only the operation of processes and controls, so no description of each security control is needed

正解:A


質問 # 37
We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?

  • A. Availability, Information Value and Confidentiality
  • B. Availability, Integrity and Completeness
  • C. Timeliness, Accuracy and Completeness
  • D. Availability, Integrity and Confidentiality

正解:D


質問 # 38
According to scenario 7, a demilitarized zone (DMZ) is deployed within InfoSec's network. What type of control has InfoSec implemented in this case?

  • A. Detective
  • B. Corrective
  • C. Preventive

正解:C


質問 # 39
Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)

  • A. Physical security perimeter
  • B. Work in safe areas
  • C. Key management
  • D. Cryptographic Controls Use Policy

正解:C、D


質問 # 40
An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of theclients is earlier than the start date. What type of measure could prevent this error?

  • A. Integrity measure
  • B. Technical measure
  • C. Availability measure
  • D. Organizational measure

正解:B


質問 # 41
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

  • A. False
  • B. True

正解:B


質問 # 42
What is the next step that Operaze's ISMS implementation team should take after drafting the information security policy? Refer to scenario 5.

  • A. Obtain top management's approval for the information security policy
  • B. Implement the information security policy
  • C. Communicate the information security policy to all employees

正解:A


質問 # 43
What is the difference between training and awareness9 Refer to scenario 6.

  • A. Training helps acquire certain skills, whereas awareness develops certain habits and behaviors.
  • B. Training helps transfer a message with the intent of informing, whereas awareness helps change the behavior toward the message
  • C. Training helps acquire a skill, whereas awareness helps apply it in practice

正解:A


質問 # 44
An organization has justified the exclusion of control 5.18 Access rights of ISO/IEC 27001 in the Statement of Applicability (SoA) as follows: "An access control reader is already installed at the main entrance of the building." Which statement is correct'

  • A. The justification for the exclusion of a control is not required to be included in the SoA
  • B. The justification is not acceptable because it does not indicate that it has been selected based on the risk assessment results
  • C. The justification is not acceptable, because it does not reflect the purpose of control 5.18

正解:C


質問 # 45
Based on scenario 3, what would help Socket Inc. address similar information security incidents in the future?

  • A. Using the access control system to ensure that only authorized personnel is granted access
  • B. Using the MongoDB database with the default settings
  • C. Using cryptographic keys to protect the database from unauthorized access

正解:A


質問 # 46
Which of the actions presented in scenario 4 is NOT compliant with the requirements of ISO/IEC 27001?

  • A. The Statement of Applicability was drafted before conducting the risk assessment
  • B. The external experts selected security controls and drafted the Statement of Applicability
  • C. TradeB selected only ISO/IEC 27001 controls deemed applicable to the company

正解:A


質問 # 47
Who is authorized to change the classification of a document?

  • A. The owner of the document
  • B. The author of the document
  • C. The administrator of the document
  • D. The manager of the owner of the document

正解:A


質問 # 48
What do employees need to know to report a security incident?

  • A. Who is responsible for the incident and whether it was intentional.
  • B. The measures that should have been taken to prevent the incident in the first place.
  • C. How to report an incident and to whom.
  • D. Whether the incident has occurred before and what was the resulting damage.

正解:C


質問 # 49
Based on scenario 10. NetworkFuse did not conduct a self-evaluation of the ISMS before the audit. Is this compliant to ISO/IEC 27001?

  • A. Yes, the standard does not require to conduct a self-evaluation before the audit but it is a good practice to follow
  • B. No, the auditee must review the requirements of clauses 4 to 10 before the conduct of a certification audit
  • C. Yes, the standard indicates that the auditee shall rely only on internal audit and management review reports to prepare for the certification audit

正解:B


質問 # 50
The identified owner of an asset is always an individual

  • A. True
  • B. False

正解:B


質問 # 51
You are a consultant and areregularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?

  • A. Integrity
  • B. Availability
  • C. Confidentiality

正解:C


質問 # 52
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

  • A. Risk bearing
  • B. Risk avoiding
  • C. Risk neutral
  • D. Risk passing

正解:C


質問 # 53
The certification body rejected NetworkFuse's request to change the audit team leader. Is this acceptable?
Refer to scenario 10.

  • A. No, because an auditee cannot request the rejection of an audit team member
  • B. Yes, because NetworkFuse did not give a valid reason to support their claims
  • C. No, auditee's requests for the replacement of auditors must be accepted

正解:B


質問 # 54
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management
[^system implementation, TradeB's top management contracted two experts to direct and manage the ISMS implementation project.
First, the project team analyzed the 93 controls of ISO/IEC 27001 Annex A and listed only the security controls deemed applicable to the company and their objectives Based on this analysis, they drafted the Statement of Applicability. Afterward, they conducted a risk assessment, during which they identified assets, such as hardware, software, and networks, as well as threats and vulnerabilities, assessed potential consequences and likelihood, and determined the level of risks based on three nonnumerical categories (low, medium, and high). They evaluated the risks based on the risk evaluation criteria and decided to treat only the high risk category They also decided to focus primarily on the unauthorized use of administrator rights and system interruptions due to several hardware failures by establishing a new version of the access control policy, implementing controls to manage and control user access, and implementing a control for ICT readiness for business continuity Lastly, they drafted a risk assessment report, in which they wrote that if after the implementation of these security controls the level of risk is below the acceptable level, the risks will be accepted Based on the scenario above, answer the following question:
The decision to treat only risks that were classified as high indicates that Trade B has:

  • A. Accepted other risk categories based on risk acceptance criteria
  • B. Evaluated other risk categories based on risk treatment criteria
  • C. Modified other risk categories based on risk evaluation criteria

正解:A


質問 # 55
Scenario 10: NetworkFuse develops, manufactures, and sells network hardware. The company has had an operational information security management system (ISMS) based on ISO/IEC 27001 requirements and a quality management system (QMS) based on ISO 9001 for approximately two years. Recently, it has applied for a j^ombined certification audit in order to obtain certification against ISO/IEC 27001 and ISO 9001.
After selecting the certification body, NetworkFuse prepared the employees for the audit The company decided to not conduct a self-evaluation before the audit since, according to the top management, it was not necessary. In addition, it ensured the availability of documented information, including internal audit reports and management reviews, technologies in place, and the general operations of the ISMS and the QMS.
However, the company requested from the certification body that the documentation could not be carried off-site However, the audit was not performed within the scheduled days because NetworkFuse rejected the audit team leader assigned and requested their replacement The company asserted that the same audit team leader issued a recommendation for certification to its main competitor, which, for the company's top management, was a potential conflict of interest. The request was not accepted by the certification body Based on the scenario above, answer the following question:
Does NetworkFuse fulfill the prerequisites for a certification audit?

  • A. Yes, because internal audits and management reviews have been performed
  • B. Yes, because the certification body has been selected
  • C. Yes, because the ISMS must be operational for at least one year prior to the certification audit

正解:A


質問 # 56
What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?

  • A. To ensure access to information and other associated assets is defined and authorized
  • B. To prevent unauthorized physical access, damage, and interference to the organization's information and other associated assets
  • C. To maintain the confidentiality of information that is accessible by personnel or external parties

正解:B


質問 # 57
Scenario 6: Skyver offers worldwide shipping of electronic products, including gaming consoles, flat-screen TVs. computers, and printers. In order to ensure information security, the company has decided to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001.
Colin, the company's best information security expert, decided to hold a training and awareness session for the personnel of the company regarding the information security challenges and other information security-related controls. The session included topics such as Skyver's information security approaches and techniques for mitigating phishing and malware.
One of the participants in the session is Lisa, who works in the HR Department. Although Colin explains the existing Skyver's information security policies and procedures in an honest and fair manner, she finds some of the issues being discussed too technical and does not fully understand the session. Therefore, in a lot of cases, she requests additional help from the trainer and her colleagues Based on the scenario above, answer the following question:
How should Colin have handled the situation with Lisa?

  • A. Deliver training and awareness sessions for employees with the same level of competence needs based on the activities they perform within the company
  • B. Promise Lisa that future training and awareness sessions will be easily understandable
  • C. Extend the duration of the training and awareness session in order to be able to achieve better results

正解:A


質問 # 58
......

PECB練習テストエンジンISO-IEC-27001-Lead-Implementer問題:https://drive.google.com/open?id=1EVrd9Lt658zNZXoh3K6Qvlbb--9aY2Gq

試験合格保証有効なPECB ISO-IEC-27001-Lead-Implementer問題集:https://jp.fast2test.com/ISO-IEC-27001-Lead-Implementer-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어