PECB ISO-IEC-27001-Lead-Implementer Exam Practice Test Instant Access

Question 1

What is the greatest risk for an organization if no information security policy has been defined?

AIf everyone works with the same account, it is impossible to find out who worked on what.

BInformation security activities are carried out by only a few people.

CToo many measures are implemented.

DIt is not possible for an organization to implement information security in a consistent manner.

Answer : D

Question 2

You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

AA code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.

BA code of conduct is a standard part of a labor contract.

CA code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.

Answer : C

Question 3

A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the company's staff. Which kind of security measure could have prevented this?

Aphysical security measure

BAn organizational security measure

CA technical security measure

Answer : A

Question 4

Susan sends an email to Paul. Who determines the meaning and the value of information in this email?

APaul, the recipient of the information.

BPaul and Susan, the sender and the recipient of the information.

CSusan, the sender of the information.

Answer : A

Question 5

Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?

AThe first step consists of checking if the user is using the correct certificate.

BThe first step consists of checking if the user appears on the list of authorized users.

CThe first step consists of comparing the password with the registered password.

DThe first step consists of granting access to the information to which the user is authorized.

Answer : B

Question 6

Which of these control objectives are NOT in the domain "12. OPERATIONAL SAFETY"?

AProtection against malicious code

BRedundancies

CTest data

DTechnical vulnerability management

Answer : B

Question 7

What should be used to protect data on removable media if data confidentiality or integrity are important considerations?

Abackup on another removable medium

Bcryptographic techniques

Ca password

Dlogging

Answer : B

PECB ISO/IEC 27001 Lead Implementer Exam Practice Test