Tag - ISO-IEC-27001 Lead Auditor exam

Four types of Data Classification (Choose two) A. Restricted Data, Confidential Data B. Project Data, Highly Confidential Data C. Financial Data, Highly Confidential Data D. Unrestricted Data, Highly Confidential DataView AnswerAnswer: A,D Explanation: Two types of data classification are restricted data and unrestricted data. Restricted data is data that has...

Backup media is kept in the same secure area as the servers. What risk may the organisation be exposed to?A . Unauthorised persons will have access to both the servers and backupsB . Responsibility for the backups is not defined wellC . After a fire, the information systems cannot be...

What would be the reference for you to know who should have access to data/document?A . Data Classification LabelB . Access Control List (ACL)C . Masterlist of Project Records (MLPR)D . Information Rights Management (IRM)View AnswerAnswer: B Explanation: The reference for you to know who should have access to data/document...

What type of legislation requires a proper controlled purchase process? A. Personal data protection act B. Computer criminality act C. Government information act D. Intellectual property rights actView AnswerAnswer: D Explanation: An intellectual property rights act is a type of legislation that requires a proper controlled purchase process. Intellectual property...

What is the worst possible action that an employee may receive for sharing his or her password or access with others?A . Forced roll off from the projectB . The lowest rating on his or her performance assessmentC . Three days suspension from workD . TerminationView AnswerAnswer: D Explanation: The...

In what part of the process to grant access to a system does the user present a token?A . AuthorisationB . VerificationC . AuthenticationD . IdentificationView AnswerAnswer: D Explanation: In what part of the process to grant access to a system does the user present a token? The user presents...

An administration office is going to determine the dangers to which it is exposed. What do we call a possible event that can have a disruptive effect on the reliability of information?A . dependencyB . threatC . vulnerabilityD . riskView AnswerAnswer: B Explanation: A possible event that can have a...

What is the security management term for establishing whether someone's identity is correct?A . IdentificationB . AuthenticationC . AuthorisationD . VerificationView AnswerAnswer: B Explanation: Authentication is the security management term for establishing whether someone’s identity is correct. Authentication is the process of verifying the identity of a person or entity...

What type of system ensures a coherent Information Security organisation?A . Federal Information Security Management Act (FISMA)B . Information Technology Service Management System (ITSM)C . Information Security Management System (ISMS)D . Information Exchange Data System (IEDS)View AnswerAnswer: C Explanation: An Information Security Management System (ISMS) is a systematic approach to...

What type of measure involves the stopping of possible consequences of security incidents?A . CorrectiveB . DetectiveC . RepressiveD . PreventiveView AnswerAnswer: C Explanation: A repressive measure is a type of measure that involves the stopping of possible consequences of security incidents. A security incident is an event that compromises...