PECB ISO-IEC-27001-Lead-Implementer Exam - Topic 1 Question 67 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam

Question #: 67
Topic #: 1

[All ISO-IEC-27001-Lead-Implementer Questions]

According to ISO/IEC 27001 controls, why should the use of privileged utility programs be restricted and tightly controlled?

ATo ensure that utility programs are compatible with existing system software

BTo prevent misuse of utility programs that could override system and application controls

CTo enable the correlation and analysis of security-related events

Show Suggested Answer

Suggested Answer: B

ISO/IEC 27002:2022 Clause 8.11 addresses ''Use of privileged utility programs'':

'The use of utility programs that might be capable of overriding system and application controls should be restricted and tightly controlled to prevent misuse.'

Such tools can provide powerful access or modification capabilities, which if misused can compromise the integrity and confidentiality of systems.

ISO/IEC 27002:2022 Clause 8.11

ISO/IEC 27001:2022 Annex A Control A.8.11

by Lauran at Apr 07, 2026, 01:33 AM

Limited Time Offer

25%

2 months ago

I think restricting privileged utility programs is mainly about preventing misuse, but I'm not entirely sure if that's the only reason.

upvoted 0 times

...