Free PECB ISO-IEC-27001-Lead-Implementer Exam Dumps and ISO-IEC-27001-Lead-Implementer Exam Questions

Question No: 1

MultipleChoice

Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB's top management contracted two experts to direct and manage the ISMS implementation project.

First, the project team analyzed the 93 controls of ISO/IEC 27001 Annex A and listed only the security controls deemed applicable to the company and their objectives Based on this analysis, they drafted the Statement of Applicability. Afterward, they conducted a risk assessment, during which they identified assets, such as hardware, software, and networks, as well as threats and vulnerabilities, assessed potential consequences and likelihood, and determined the level of risks based on three nonnumerical categories (low, medium, and high). They evaluated the risks based on the risk evaluation criteria and decided to treat only the high risk category They also decided to focus primarily on the unauthorized use of administrator rights and system interruptions due to several hardware failures by establishing a new version of the access control policy, implementing controls to manage and control user access, and implementing a control for ICT readiness for business continuity

Lastly, they drafted a risk assessment report, in which they wrote that if after the implementation of these security controls the level of risk is below the acceptable level, the risks will be accepted

What should TradeB do in order to deal with residual risks? Refer to scenario 4.

Options

ATradeB should evaluate, calculate, and document the value of risk reduction following risk treatment

BTradeB should immediately implement new controls to treat all residual risks

CTradeB should accept the residual risks only above the acceptance level

Question No: 2

MultipleChoice

Which situation presented in scenario 8 is not in compliance with ISO/IEC 27001 requirements?

Options

AEmma has an operational role in the HealthGenic's management system

BThe recodification audit Is planned to be conducted two years after HealthGenic implemented the ISMS

CEmma had access to all offices and documentation of HealthGenic

Question No: 3

MultipleChoice

How can Invalid Electric's ensure that Us employees are prepared for the audit?

Options

ABy conducting practice Interviews with the employees

BBy allowing the employees to observe the technologies used

CBy showing the employees the internal audit reports so they can anticipate the questions asked by the auditor

Question No: 4

MultipleChoice

Based on scenario 10. did invalid Electric provide a valid reason for requesting the replacement of the audit learn leader?

Options

ANo, because Issuing a recommendation for certification lo a main competitor is not a conflict of interest situation

BNo, because the auditee can request the replacement of an auditor only if the auditor has worked for the auditee

CYes, because the auditee can request to replace an auditor that has worked for one of its major competitors

Question No: 5

MultipleChoice

According to scenario 9, TroNlcon SPEC aimed to eliminate the causes of adverse events By focusing on:

Options

ADetecting information security incidents rather than correcting them

BPreventing information security incidents rather than correcting them

CCorrecting information security Incidents rather than preventing them

Question No: 6

MultipleChoice

Based on scenario 9. the top management decided to accept the risk related to a nonconformity to control 5.17 Authentication informal ion. is this acceptable?

Options

AAcceptable, the company analyzed the implementation costs and accepted the risk

BAcceptable, as the company properly informed the internal audit that they decided to accept the risk

CUnacceptable, the company should have provided justification for accepting the risks and documented it

Question No: 7

MultipleChoice

Based on scenario 9. is the action plan for treating the nonconformity related to control 8.13 Information backup valid?

Options

ANo. It does not allow the elimination of the reported nonconformity

BNo. It does not describe the explicit changes of the existing backup procedure

CYes. It allows the elimination of the detected nonconformity

Question No: 8

MultipleChoice

Which of these reliability aspects is 'completeness' a part of?

Options

AAvailability

BExclusivity

CIntegrity

DConfidentiality

Question No: 9

MultipleChoice

What are the data protection principles set out in the GDPR?

Options

APurpose limitation, proportionality, availability, data minimisation

BPurpose limitation, proportionality, data minimisation, transparency

CTarget group, proportionality, transparency, data minimisation

DPurpose limitation, pudicity, transparency, data minimisation