×

Special Offer! November Sale at DumpsCity! Get 20% Off on All Certification Exam Questions. Use Code: DC20OFF

Email Us [email protected]
LOG IN SIGN UP 0

Free PECB ISO-IEC-27001-Lead-Implementer Exam Questions

Try our Free Demo Practice Tests for Comprehensive ISO-IEC-27001-Lead-Implementer Exam Preparation

  • PECB ISO-IEC-27001-Lead-Implementer Exam Questions
  • Provided By: PECB
  • Exam: PECB Certified ISO/IEC 27001 Lead Implementer
  • Certification: ISO 27001
  • Total Questions: 222
  • Updated On: Nov 20, 2024
  • Rated: 4.9 |
  • Online Users: 444
Page No. 1 of 45
   
Add To Cart
  • Question 1
    • Based on ISO/IEC 27001, what areas within the organization require establishing rules, procedures, and agreements for information transfer?

      Answer: C
  • Question 2
    • Scenario 3: Socket Inc. is a dynamic telecommunications company specializing in wireless products andservices, committed to delivering high-quality and secure communication solutions. Socket Inc. leveragesinnovative technology, including the MongoDB database, renowned for its high availability, scalability, andflexibility, to provide reliable, accessible, efficient, and well-organized services to its customers. Recently, thecompany faced a security breach where external hackers exploited the default settings of its MongoDBdatabase due to an oversight in the configuration settings, which had not been properly addressed.Fortunately, diligent data backups and centralized logging through a server ensured no loss of information. Inresponse to this incident, Socket Inc. undertook a thorough evaluation of its security measures. The companyrecognized the urgent need to improve its information security and decided to implement an informationsecurity management system (ISMS) based on ISO/IEC 27001.To improve its data security and protect its resources, Socket Inc. implemented entry controls and secureaccess points. These measures were designed to prevent unauthorized access to critical areas housing sensitivedata and essential assets. In compliance with relevant laws, regulations, and ethical standards, Socket Inc.implemented pre-employment background checks tailored to business needs, information classification, andassociated risks. A formalized disciplinary procedure was also established to address policy violations.Additionally, security measures were implemented for personnel working remotely to safeguard informationaccessed, processed, or stored outside the organization's premises.Socket Inc. safeguarded its information processing facilities against power failures and other disruptions.Unauthorized access to critical records from external sources led to the implementation of data flow control  services to prevent unauthorized access between departments and external networks. In addition, Socket Inc.used data masking based on the organization’s topic-level general policy on access control and other relatedtopic-level general policies and business requirements, considering applicable legislation. It also updated anddocumented all operating procedures for information processing facilities and ensured that they wereaccessible to top management exclusively.The company also implemented a control to define and implement rules for the effective use of cryptography,including cryptographic key management, to protect the database from unauthorized access. Theimplementation was based on all relevant agreements, legislation, regulations, and the informationclassification scheme. Network segregation using VPNs was proposed to improve security and reduceadministrative efforts.Regarding the design and description of its security controls, Socket Inc. has categorized them into groups,consolidating all controls within a single document. Lastly, Socket Inc. implemented a new system tomaintain, collect, and analyze information about information security threats and integrate informationsecurity into project management.Based on the scenario above, answer the following question:Based on scenario 3, did Socket Inc. comply with ISO/IEC 27001 organizational controls regarding itsoperating procedures?

      Answer: A
  • Question 3
    • Based on ISO/IEC 27001, what areas within the organization require establishing rules, procedures, and agreements for information transfer?

      Answer: C
  • Question 4
    • Scenario 3: Socket Inc. is a dynamic telecommunications company specializing in wireless products andservices, committed to delivering high-quality and secure communication solutions. Socket Inc. leveragesinnovative technology, including the MongoDB database, renowned for its high availability, scalability, andflexibility, to provide reliable, accessible, efficient, and well-organized services to its customers. Recently, thecompany faced a security breach where external hackers exploited the default settings of its MongoDBdatabase due to an oversight in the configuration settings, which had not been properly addressed.Fortunately, diligent data backups and centralized logging through a server ensured no loss of information. Inresponse to this incident, Socket Inc. undertook a thorough evaluation of its security measures. The companyrecognized the urgent need to improve its information security and decided to implement an informationsecurity management system (ISMS) based on ISO/IEC 27001.To improve its data security and protect its resources, Socket Inc. implemented entry controls and secureaccess points. These measures were designed to prevent unauthorized access to critical areas housing sensitivedata and essential assets. In compliance with relevant laws, regulations, and ethical standards, Socket Inc.implemented pre-employment background checks tailored to business needs, information classification, andassociated risks. A formalized disciplinary procedure was also established to address policy violations.Additionally, security measures were implemented for personnel working remotely to safeguard informationaccessed, processed, or stored outside the organization's premises.Socket Inc. safeguarded its information processing facilities against power failures and other disruptions.Unauthorized access to critical records from external sources led to the implementation of data flow control  services to prevent unauthorized access between departments and external networks. In addition, Socket Inc.used data masking based on the organization’s topic-level general policy on access control and other relatedtopic-level general policies and business requirements, considering applicable legislation. It also updated anddocumented all operating procedures for information processing facilities and ensured that they wereaccessible to top management exclusively.The company also implemented a control to define and implement rules for the effective use of cryptography,including cryptographic key management, to protect the database from unauthorized access. Theimplementation was based on all relevant agreements, legislation, regulations, and the informationclassification scheme. Network segregation using VPNs was proposed to improve security and reduceadministrative efforts.Regarding the design and description of its security controls, Socket Inc. has categorized them into groups,consolidating all controls within a single document. Lastly, Socket Inc. implemented a new system tomaintain, collect, and analyze information about information security threats and integrate informationsecurity into project management.Based on the scenario above, answer the following question:Based on scenario 3, did Socket Inc. comply with ISO/IEC 27001 organizational controls regarding itsoperating procedures?

      Answer: A
  • Question 5
    • The purpose of control 5.9 inventory of Information and other associated assets of ISO/IEC 27001 is to identify organization's information and other associated assets in order to preserve their information security and assign ownership. Which of the following actions docs NOT fulfill this purpose? 

      Answer: B
PAGE: 1 - 45
   
Add To Cart

© Copyrights Dumpscity 2024. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the Dumpscity.