GAQM ISO-IEC-LI Exam Questions Instant Access

Question 1

Why is compliance important for the reliability of the information?

ACompliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.

BBy meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.

CWhen an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.

DWhen an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.

Answer : B

Question 2

What is the most important reason for applying the segregation of duties?

ASegregation of duties makes it clear who is responsible for what.

BSegregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.

CTasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.

DSegregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.

Answer : C

Question 3

Who is accountable to classify information assets?

Athe CEO

Bthe CISO

Cthe Information Security Team

Dthe asset owner

Answer : D

Question 4

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

AIf the risk analysis has not been carried out.

BWhen computer systems are kept in a cellar below ground level.

CWhen the computer systems are not insured.

DWhen the organization is located near a river.

Answer : B

Question 5

Responsibilities for information security in projects should be defined and allocated to:

Athe project manager

Bspecified roles defined in the used project management method of the organization

Cthe InfoSec officer

Dthe owner of the involved asset

Answer : B

Question 6

What is the objective of classifying information?

AAuthorizing the use of an information system

BCreating a label that indicates how confidential the information is

CDefining different levels of sensitivity into which information may be arranged

DDisplaying on the document who is permitted access

Answer : C

Question 7

Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

AISO/IEC 27001:2005

BIntellectual Property Rights

CISO/IEC 27002:2005

DPersonal data protection legislation

Answer : D

GAQM ISO / IEC 27002 - Lead Implementer ISO-IEC-LI Exam Questions