ISO-IEC-27001 Lead Auditor exam

Why do we need to test a disaster recovery plan regularly, and keep it up to date?A . Otherwise the measures taken and the incident procedures planned may not be adequateB . Otherwise it is no longer up to date with the registration of daily occurring faultsC . Otherwise remotely...

Access Control System, CCTV and security guards are form of: A. Environment Security B. Access Control C. Physical Security D. ComplianceView AnswerAnswer: C Explanation: According to ISO/IEC 27001:2022, clause A.11.1.1, the organization should implement physical and environmental security measures to prevent unauthorized access, damage or interference to the premises and...

You are the lead auditor of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?A . Risk bearingB ....

Which reliability aspect of information is compromised when a staff member denies having sent a message?A . ConfidentialityB . IntegrityC . AvailabilityD . CorrectnessView AnswerAnswer: B Explanation: The reliability aspect of information that is compromised when a staff member denies having sent a message is integrity. Integrity is the property...

What is a definition of compliance?A . Laws, considered collectively or the process of making or enacting lawsB . The state or fact of according with or meeting rules or standardsC . An official or authoritative instructionD . A rule or directive made and maintained by an authority.View AnswerAnswer: B...

A scenario wherein the city or location where the building(s) reside is / are not accessible.A . ComponentB . FacilityC . CityD . CountryView AnswerAnswer: C Explanation: A scenario wherein the city or location where the building(s) reside is / are not accessible is called a city disaster scenario, according...

We can leave laptops during weekdays or weekends in locked bins. A. True B. FalseView AnswerAnswer: B Explanation: According to ISO/IEC 27001:2022, clause A.11.2.9, the organization should protect mobile devices and media containing sensitive information from unauthorized access, loss or theft. The organization should also implement appropriate encryption techniques and...

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?A . Identifying assets and their valueB . Implementing counter measuresC . Establishing a balance between the costs of an...

Which of the following is an information security management system standard published by the International Organization for Standardization?A . ISO9008B . ISO27001C . ISO5501D . ISO22301View AnswerAnswer: B Explanation: ISO/IEC 27001:2022 is an information security management system standard published by the International Organization for Standardization (ISO) and the International Electrotechnical...

Which threat could occur if no physical measures are taken? A. Unauthorised persons viewing sensitive files B. Confidential prints being left on the printer C. A server shutting down because of overheating D. Hackers entering the corporate networkView AnswerAnswer: C Explanation: Which threat could occur if no physical measures are...