ISO-IEC-27001-LEAD-IMPLEMENTER Online Practice Questions and Answers

It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures ("whistle blowing")

A. True

B. False

What do employees need to know to report a security incident?

A. How to report an incident and to whom.

B. Whether the incident has occurred before and what was the resulting damage.

C. The measures that should have been taken to prevent the incident in the first place.

D. Who is responsible for the incident and whether it was intentional.

You are a consultant and areregularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports.

Which reliability aspect of the information in your reports must you protect?

A. Availability

B. Integrity

C. Confidentiality

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

A. Information Security Management System

B. The use of tokens to gain access to information systems

C. Validation of input and output data in applications

D. Encryption ofinformation

You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventoryof threats and risks. What is the relation between a threat, risk and risk analysis?

A. A risk analysis identifies threats from the known risks.

B. A risk analysis is used to clarify which threats are relevant and what risks they involve.

C. A riskanalysis is used to remove the risk of a threat.

D. Risk analyses help to find a balance between threats and risks.

What is the objective of classifying information?

A. Authorizing the use of an information system

B. Creating alabel that indicates how confidential the information is

C. Defining different levels of sensitivity into which information may be arranged

D. Displaying on the document who is permitted access

What does the Information Security Policy describe?

A. how the InfoSec-objectives will be reached

B. which InfoSec-controls have been selected and taken

C. what the implementation-planning of the information security management system is

D. which Information Security-procedures are selected

Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?

A. The recipient, Rachel

B. The person who drafted the insurance terms and conditions

C. The manager, Linda

D. The sender, Peter

One of the ways Internet of Things (IoT) devices can communicate with each other (or `the outside world') is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?

A. Near Field Communication (NFC)

B. Bluetooth

C. Radio Frequency Identification (RFID)

D. The 4G protocol

Select the controls that correspond to thedomain "9. ACCESS CONTROL" of ISO / 27002 (Choose three)

A. Restriction of access to information

B. Return of assets

C. Management of access rights with special privileges

D. Withdrawal or adaptation of access rights