ISO-IEC-27001 Lead Auditor Online Training Archives

Exam4Training is here to provide you best PECB ISO-IEC-27001 Lead Auditor PECB Certified ISO/IEC 27001 Lead Auditor exam Online Training and it is also attainable in PDF format and you can easily read it on smartphones and on other electronic accessories.PECB ISO-IEC-27001 Lead Auditor PECB Certified ISO/IEC 27001 Lead Auditor exam Online Training contain all the topics and the questions that will be asked in the real ISO 27001 ISO-IEC-27001 Lead Auditor exam. Exam4Training also provides PECB ISO-IEC-27001 Lead Auditor pdf which will be really helpful in passing your ISO-IEC-27001 Lead Auditor PECB Certified ISO/IEC 27001 Lead Auditor exam exam.

Page 1 of 4

1. Which is not a requirement of HR prior to hiring?

Undergo background verification

Applicant must complete pre-employment documentation requirements

Must undergo Awareness training on information security.

Must successfully pass Background Investigation

2. A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company’s information is worth more and more and gone are the days when you could keep control yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis.

What is a qualitative risk analysis?

This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

3. What is a repressive measure in case of a fire?

Taking out a fire insurance

Putting out a fire after it has been detected by a fire detector

Repairing damage caused by the fire

4. Below is Purpose of "Integrity", which is one of the Basic Components of Information Security

the property that information is not made available or disclosed to unauthorized individuals

the property of safeguarding the accuracy and completeness of assets.

the property that information is not made available or disclosed to unauthorized individuals

the property of being accessible and usable upon demand by an authorized entity.

5. Does the security have the right to ask you to display your ID badges and check your bags?

True

False

6. You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password.

What kind of threat is this?

Natural threat

Organizational threat

Social Engineering

Arason

7. A hacker gains access to a web server and reads the credit card numbers stored on that

server.

Which security principle is violated?

Availability

Confidentiality

Integrity

Authenticity

8. There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good.

What is an example of the indirect damage caused by this fire?

Melted backup tapes

Burned computer systems

Burned documents

Water damage due to the fire extinguishers

9. Which measure is a preventive measure?

Installing a logging system that enables changes in a system to be recognized

Shutting down all internet traffic after a hacker has gained access to the company systems

Putting sensitive information in a safe

10. Which of the following is not a type of Information Security attack?

Legal Incidents

Vehicular Incidents

Technical Vulnerabilities

Privacy Incidents

Page 2 of 4

11. After a devastating office fire, all staff are moved to other branches of the company. At what moment in the incident management process is this measure effectuated?

Between incident and damage

Between detection and classification

Between recovery and normal operations

Between classification and escalation

12. You receive an E-mail from some unknown person claiming to be representative of your bank and asking for your account number and password so that they can fix your account. Such an attempt of social engineering is called

Shoulder Surfing

Mountaineering

Phishing

Spoofing

13. Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.

Which of these examples is a threat to integrity?

a loose cable

accidental alteration of data

private use of data

System restart

14. Cabling Security is associated with Power, telecommunication and network cabling carrying information are protected from interception and damage.

True

False

15. What is we do in ACT - From PDCA cycle

Take actions to continually monitor process performance

Take actions to continually improve process performance

Take actions to continually monitor process performance

Take actions to continually improve people performance

16. A hacker gains access to a webserver and can view a file on the server containing credit card numbers.

Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated?

Availability

Confidentiality

Integrity

Compliance

17. What is the security management term for establishing whether someone's identity is correct?

Identification

Authentication

Authorisation

Verification

18. An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.

True

False

19. The following are the guidelines to protect your password, except:

Don't use the same password for various company system security access

Do not share passwords with anyone

For easy recall, use the same password for company and personal accounts

Change a temporary password on first log-on

20. Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password.

What type of threat is this?

Social engineering threat

Organisational threat

Technical threat

Malware threat

Page 3 of 4

21. The following are definitions of Information, except:

accurate and timely data

specific and organized data for a purpose

mature and measurable data

can lead to understanding and decrease in uncertainty

22. Which of the following is a preventive security measure?

Installing logging and monitoring software

Shutting down the Internet connection after an attack

Storing sensitive information in a data save

23. Which department maintain's contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications service providers depending on the service required.

COO

CISO

CSM

MRO

24. Which of the following is a technical security measure?

Encryption

Security policy

Safe storage of backups

User role profiles.

25. Which of the following statements are correct for Clean Desk Policy?

Don't leave confidential documents on your desk.

Don't leave valuable items on your desk if you are not in your work area.

Don't leave highly confidential items.

Don't leave laptops without cable lock.

26. Which threat could occur if no physical measures are taken?

Unauthorised persons viewing sensitive files

Confidential prints being left on the printer

A server shutting down because of overheating

Hackers entering the corporate network

27. All are prohibited in acceptable use of information assets, except:

Electronic chain letters

E-mail copies to non-essential readers

Company-wide e-mails with supervisor/TL permission.

Messages with very large attachments or to a large number ofrecipients.

28. In order to take out a fire insurance policy, an administration office must determine the value of the data that it manages.

Which factor is [b]not[/b] important for determining the value of data for an organization?

The content of data.

The degree to which missing, incomplete or incorrect data can be recovered.

The indispensability of data for the business processes.

The importance of the business processes that make use of the data.

29. __________ is a software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Trojan

Operating System

Virus

Malware

30. The computer room is protected by a pass reader. Only the System Management department has a pass.

What type of security measure is this?

a corrective security measure

a physical security measure

a logical security measure

a repressive security measure

Page 4 of 4

31. Availability means

Service should be accessible at the required time and usable by all

Service should be accessible at the required time and usable only by the authorized entity

Service should not be accessible when required

32. You see a blue color sticker on certain physical assets.

What does this signify?

The asset is very high critical and its failure affects the entire organization

The asset with blue stickers should be kept air conditioned at all times

The asset is high critical and its failure will affect a group/s/project's work in the organization

The asset is critical and the impact is restricted to an employee only

33. A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

Identifying assets and their value

Implementing counter measures

Establishing a balance between the costs of an incident and the costs of a security measure

Determining relevant vulnerabilities and threats

34. Who is authorized to change the classification of a document?

The author of the document

The administrator of the document

The owner of the document

The manager of the owner of the document

35. We can leave laptops during weekdays or weekends in locked bins.

True

False

36. Implement plan on a test basis - this comes under which section of PDCA

Plan

Act

Check

37. What is the relationship between data and information?

Data is structured information.

Information is the meaning and value assigned to a collection of data.

38. What is the purpose of an Information Security policy?

An information security policy makes the security plan concrete by providing the necessary details

An information security policy provides insight into threats and the possible consequences

An information security policy provides direction and support to the management regarding information security

An information security policy documents the analysis of risks and the search for countermeasures

39. Information or data that are classified as ______ do not require labeling.

Public

Internal

Confidential

Highly Confidential

40. Information Security is a matter of building and maintaining ________ .

Confidentiality

Trust

Protection

Firewalls