ISO27-13-001 Online Training Archives

Exam4Training can provide a shortcut for you and save you a lot of time and effort. Exam4Training will provide good GAQM ISO27-13-001 ISO 27001 : 2013 – Certified Lead Auditor Online Training for your GAQM certification ISO27-13-001 exam and help you pass ISO27-13-001 ISO 27001 : 2013 – Certified Lead Auditor exam. If you see other websites provide relevant information to the website, you can continue to look down and you will find that in fact the information is mainly derived from our Exam4Training. Our Exam4Training provide the most comprehensive information and update fastest.

Page 1 of 3

1. Which of the following statements are correct for Clean Desk Policy?

Don't leave confidential documents on your desk.

Don't leave valuable items on your desk if you are not in your work area.

Don't leave highly confidential items.

Don't leave laptops without cable lock.

2. Changes on project-managed applications or database should undergo the change control process as documented.

True

False

3. What type of legislation requires a proper controlled purchase process?

Personal data protection act

Computer criminality act

Government information act

Intellectual property rights act

4. Which is not a requirement of HR prior to hiring?

Undergo background verification

Applicant must complete pre-employment documentation requirements

Must undergo Awareness training on information security.

Must successfully pass Background Investigation

5. Information or data that are classified as ______ do not require labeling.

Public

Internal

Confidential

Highly Confidential

6. What is a repressive measure in case of a fire?

Taking out a fire insurance

Putting out a fire after it has been detected by a fire detector

Repairing damage caused by the fire

7. What type of measure involves the stopping of possible consequences of security incidents?

Corrective

Detective

Repressive

Preventive

8. Access Control System, CCTV and security guards are form of:

Environment Security

Access Control

Physical Security

Compliance

9. -------------------------is an asset like other important business assets has value to an organization and consequently needs to be protected.

Infrastructure

Data

Information

Security

10. Implement plan on a test basis - this comes under which section of PDCA

Plan

Act

Check

Page 2 of 3

11. Why do we need to test a disaster recovery plan regularly, and keep it up to date?

Otherwise the measures taken and the incident procedures planned may not be adequate

Otherwise it is no longer up to date with the registration of daily occurring faults

Otherwise remotely stored backups may no longer be available to the security team

12. Phishing is what type of Information Security Incident?

Private Incidents

Cracker/Hacker Attacks

Technical Vulnerabilities

Legal Incidents

13. CEO sends a mail giving his views on the status of the company and the company’s future strategy and the CEO's vision and the employee's part in it. The mail should be classified as

Internal Mail

Public Mail

Confidential Mail

Restricted Mail

14. A member of staff denies sending a particular message.

Which reliability aspect of information is in danger here?

availability

correctness

integrity

confidentiality

15. What is social engineering?

A group planning for a social activity in the organization

Creating a situation wherein a third party gains confidential information from you

The organization planning an activity for welfare of the neighborhood

16. What is the goal of classification of information?

To create a manual about how to handle mobile devices

Applying labels making the information easier to recognize

Structuring information according to its sensitivity

17. You have a hard copy of a customer design document that you want to dispose off.

What would you do

Throw it in any dustbin

Shred it using a shredder

Give it to the office boy to reuse it for other purposes

Be environment friendly and reuse it for writing

18. You receive the following mail from the IT support team: Dear User, Starting next week, we will be deleting all inactive email accounts in order to create spaceshare the below details in order to continue using your account.

In case of no response,

Name:

Email ID:

Password:

DOB:

Kindly contact the webmail team for any further support. Thanks for your attention.

Which of the following is the best response?

Ignore the email

Respond it by saying that one should not share the password with anyone

One should not respond to these mails and report such email to your supervisor

19. As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an

organisational measure to protect laptop computers.

What is the first step in a structured approach to come up with this measure?

Appoint security staff

Encrypt all sensitive information

Formulate a policy

Set up an access control procedure

20. An administration office is going to determine the dangers to which it is exposed.

What do we call a possible event that can have a disruptive effect on the reliability of information?

dependency

threat

vulnerability

risk

Page 3 of 3

21. A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

Identifying assets and their value

Implementing counter measures

Establishing a balance between the costs of an incident and the costs of a security measure

Determining relevant vulnerabilities and threats

22. You see a blue color sticker on certain physical assets.

What does this signify?

The asset is very high critical and its failure affects the entire organization

The asset with blue stickers should be kept air conditioned at all times

The asset is high critical and its failure will affect a group/s/project's work in the organization

The asset is critical and the impact is restricted to an employee only

23. How are data and information related?

Data is a collection of structured and unstructured information

Information consists of facts and statistics collected together for reference or analysis

When meaning and value are assigned to data, it becomes information

24. CMM stands for?

Capability Maturity Matrix

Capacity Maturity Matrix

Capability Maturity Model

Capable Mature Model

25. Who are allowed to access highly confidential files?

Employees with a business need-to-know

Contractors with a business need-to-know

Employees with signed NDA have a business need-to-know

Non-employees designated with approved access and have signed NDA

26. What is an example of a human threat?

a lightning strike

fire

phishing

thunderstrom

27. A property of Information that has the ability to prove occurrence of a claimed event.

Electronic chain letters

Integrity

Availability

Accessibility

28. An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.

True

False

29. Which reliability aspect of information is compromised when a staff member denies having sent a message?

Confidentiality

Integrity

Availability

Correctness

30. What type of compliancy standard, regulation or legislation provides a code of practice for information security?

ISO/IEC 27002

Personal data protection act

Computer criminality act

IT Service Management