ISO-IEC-27001 Lead Auditor V1

Which of the following factors does NOT contribute to the value of data for an organisation?A . The correctness of dataB . The indispensability of dataC . The importance of data for processesD . The content of dataView AnswerAnswer: D Explanation: The value of data for an organisation depends on...

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to...

Which of the following is a technical security measure?A . EncryptionB . Security policyC . Safe storage of backupsD . User role profiles.View AnswerAnswer: A Explanation: A technical security measure is a measure that uses technology to protect information assets from unauthorized access, modification, disclosure, or destruction. Examples of technical...

Which of the following statements are correct for Clean Desk Policy?A . Don't leave confidential documents on your desk.B . Don't leave valuable items on your desk if you are not in your work area.C . Don't leave highly confidential items.D . Don't leave laptops without cable lock.View AnswerAnswer: A,B,C...

Which of the following is a possible event that can have a disruptive effect on the reliability of information?A . ThreatB . RiskC . VulnerabilityD . DependencyView AnswerAnswer: A Explanation: A possible event that can have a disruptive effect on the reliability of information is a threat. A threat is...

After a devastating office fire, all staff are moved to other branches of the company. At what moment in the incident management process is this measure effectuated?A . Between incident and damageB . Between detection and classificationC . Between recovery and normal operationsD . Between classification and escalationView AnswerAnswer: A...

A hacker gains access to a webserver and can view a file on the server containing credit card numbers. Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated?A . AvailabilityB . ConfidentialityC . IntegrityD . ComplianceView AnswerAnswer: B Explanation: Confidentiality is one of the...

What is the purpose of an Information Security policy?A . An information security policy makes the security plan concrete by providing the necessary detailsB . An information security policy provides insight into threats and the possible consequencesC . An information security policy provides direction and support to the management regarding...

In which order is an Information Security Management System set up?A . Implementation, operation, maintenance, establishmentB . Implementation, operation, improvement, maintenanceC . Establishment, implementation, operation, maintenanceD . Establishment, operation, monitoring, improvementView AnswerAnswer: C Explanation: The establishment phase of an ISMS involves defining the scope, context, objectives, and leadership commitment for...

Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this?A . Social engineering threatB . Organisational threatC . Technical threatD . Malware threatView AnswerAnswer: A Explanation: The...