New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Auditor Exam - Topic 2 Question 60 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 60
Topic #: 2
[All ISO-IEC-27001-Lead-Auditor Questions]

In acceptable use of Information Assets, which is the best practice?

Show Suggested Answer Hide Answer
Suggested Answer: A

The best practice in acceptable use of information assets is A: access to information and communication systems are provided for business purpose only. This means that the organization grants access to its information and communication systems only to authorized users who need to use them for legitimate and approved business activities. The organization does not allow or tolerate any unauthorized, inappropriate or personal use of its information and communication systems, as this could compromise information security, violate policies or laws, or cause damage or harm to the organization or its stakeholders. The other options are not best practices in acceptable use of information assets, as they could violate information security policies and procedures, as well as ethical or legal standards. Interfering with or denying service to any user other than the employee's host (B) is a malicious act that could disrupt the availability or performance of the information systems or services of another user or organization. Playing any computer games during office hours is a personal and unprofessional use of the information and communication systems that could distract the employee from their work duties, waste resources and bandwidth, or expose the systems to malware or other risks. Accessing phone or network transmissions, including wireless or wifi transmissions (D) is a potential breach of confidentiality or privacy that could intercept, monitor or modify the information transmitted by another user or organization without their consent or authorization. ISO/IEC 27001:2022 requires the organization to implement rules for acceptable use of assets (see clause A.8.1.3).Reference:CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course,ISO/IEC 27001:2022 Information technology --- Security techniques --- Information security management systems --- Requirements,What is Acceptable Use?


by Willard at Jun 15, 2025, 05:02 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Albina
2 months ago
D could lead to serious security issues, not cool!
upvoted 0 times
...
Micah
2 months ago
B seems a bit extreme, isn't that illegal?
upvoted 0 times
...
Ricarda
3 months ago
Wait, are people really playing games at work?
upvoted 0 times
...
Loren
3 months ago
Totally agree, A keeps things professional.
upvoted 0 times
...
Maxima
3 months ago
A is definitely the best practice!
upvoted 0 times
...
Margot
3 months ago
D seems risky since accessing unauthorized transmissions could lead to security issues, so I’m leaning towards A as the safest choice.
upvoted 0 times
...
Marquetta
4 months ago
I definitely recall that playing games during work hours is a big no-no, so C can't be right.
upvoted 0 times
...
Jessenia
4 months ago
I'm not entirely sure, but I remember something about not interfering with other users, which makes me hesitate about B.
upvoted 0 times
...
Edmond
4 months ago
I think the best practice is related to using information assets strictly for business purposes, so I might go with A.
upvoted 0 times
...
Jerilyn
4 months ago
I'm a little confused by this question. The options seem to cover a range of different IT policies and practices. I'll have to re-read the question and options closely to make sure I understand what they're asking for the "best practice."
upvoted 0 times
...
Lenora
4 months ago
Okay, I think I've got this. The key is to focus on the concept of "acceptable use" of information assets. That means the best practice is the one that aligns with appropriate, authorized business use. I'm going with A.
upvoted 0 times
...
Rhea
5 months ago
Hmm, I'm a bit unsure about this one. I'll have to think it through carefully. Maybe I should eliminate the obviously wrong answers first and then decide between the remaining options.
upvoted 0 times
...
Natalya
5 months ago
This question seems pretty straightforward. I'm pretty confident that the best practice is option A - access to information and communication systems should be provided for business purposes only.
upvoted 0 times
...
Julio
8 months ago
This is a no-brainer. Option A is the only answer that makes sense. Unless you want to get fired, that is.
upvoted 0 times
Mollie
7 months ago
User 3: Definitely, we should always use information assets for business purposes only.
upvoted 0 times
...
My
7 months ago
User 2: My is right, that's the best practice.
upvoted 0 times
...
Leonor
7 months ago
User 1: Option A) Access to information and communication systems are provided for business purpose only
upvoted 0 times
...
...
Minna
8 months ago
Option D sounds like a great way to get into some serious trouble. I'll pass on that one.
upvoted 0 times
...
Abel
8 months ago
Playing games during office hours? Really? Option C is just asking for trouble.
upvoted 0 times
...
Tawna
8 months ago
I'm going with Option B. Interfering with other users is not cool, even if it's just for fun.
upvoted 0 times
Twana
7 months ago
D) Accessing phone or network transmissions, including wireless or wifi transmissions
upvoted 0 times
...
Georgene
7 months ago
Yes, I agree. It's important to respect other users and not interfere with their access.
upvoted 0 times
...
Stevie
7 months ago
B) Interfering with or denying service to any user other than the employee's host
upvoted 0 times
...
Jestine
8 months ago
A) Access to information and communication systems are provided for business purpose only
upvoted 0 times
...
...
Raina
8 months ago
Option A is definitely the best practice. We should only use business systems for their intended purpose.
upvoted 0 times
Barbra
7 months ago
Accessing phone or network transmissions without permission is a big no.
upvoted 0 times
...
Willow
8 months ago
Playing computer games during office hours is definitely not acceptable.
upvoted 0 times
...
Felix
8 months ago
It's important to respect the purpose of the systems we use.
upvoted 0 times
...
Marlon
8 months ago
I agree, we should only use information assets for business purposes.
upvoted 0 times
...
...
Sherill
8 months ago
I also think A is the best practice. It helps prevent unauthorized access and protects sensitive information.
upvoted 0 times
...
Hillary
8 months ago
I agree with Wilda. It's important to use company resources for work purposes only to maintain security and confidentiality.
upvoted 0 times
...
Wilda
8 months ago
I think the best practice is A) Access to information and communication systems are provided for business purpose only.
upvoted 0 times
...

Save Cancel