PECB ISO-IEC-27001 Lead Implementer 시험

Question No : 1

What risk treatment option has Company A Implemented If it has decided not to collect information from users so that It is not necessary to implement information security controls?

• A.Risk avoidance
• B.Risk retention
• C.Risk modification

답을 확인하기

정답:

Question No : 2

Which of the following is the information security committee responsible for?

• A.Ensure smooth running of the ISMS
• B.Set annual objectives and the ISMS strategy
• C.Treat the nonconformities

답을 확인하기

정답:

Question No : 3

An organization has established a policy that provides the personnel with the information required to effectively deploy encryption solutions in order to protect organizational confidential data.
What type of policy is this?

• A.High-level general policy
• B.High-level topic-specific policy
• C.Topic-specific policy

답을 확인하기

정답:

Question No : 4

Why is the power/interest matrix used for?

• A.Define the information security and physical boundaries
• B.identify business requirements
• C.Determine and manage interested parties

답을 확인하기

정답:

Question No : 5

Upon the risk assessment outcomes. Socket Inc. decided to:
• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers
• Require the change of passwords at least once every 60 days
• Keep backup copies of files on IT-provided network drives
• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.
Based on scenario 5, what can be considered as a residual risk to Socket Inc.?

• A.Files arc decrypted once the user is authenticated
• B.Users with access to cloud storage files are segregated on a separate network
• C.The use of passwords with at least 12 characters containing a mixture of uppercase and lowercase letters, symbols, and numbers

답을 확인하기

정답:

Question No : 6

Upon the risk assessment outcomes. Socket Inc. decided to:
• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers
• Require the change of passwords at least once every 60 days
• Keep backup copies of files on IT-provided network drives
• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.
Based on scenario 5. Socket Inc. decided to assign users lo a separate network when accessing cloud storage tiles.
What does this ensure?

• A.Belter security when using cloud storage files
• B.Elimination of risks related to the use of cloud storage services
• C.Creation of backup copies of files

답을 확인하기

정답:

Question No : 7

Upon the risk assessment outcomes. Socket Inc. decided to:
• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers
• Require the change of passwords at least once every 60 days
• Keep backup copies of files on IT-provided network drives
• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.
Based on scenario 5. Socket Inc. decided to use cloud storage to store customers' personal data considering that the identified risks have low likelihood and high impact, is this acceptable?

• A.Yes. because the calculated level of risk is below the acceptable threshold
• B.No, because the impact of the identified risks is considered in he high
• C.No. because the identified risks fall above the risk acceptable criteria threshold

답을 확인하기

정답:

Question No : 8

Upon the risk assessment outcomes. Socket Inc. decided to:
• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers
• Require the change of passwords at least once every 60 days
• Keep backup copies of files on IT-provided network drives
• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.
What is the most important asset to Socket Inc. associated with the use of cloud storage? Refer to scenario 5.

• A.IT provided network drives
• B.Employees with access to cloud storage files
• C.Customers' personal data

답을 확인하기

정답:

Question No : 9

Upon the risk assessment outcomes. Socket Inc. decided to:
• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers
• Require the change of passwords at least once every 60 days
• Keep backup copies of files on IT-provided network drives
• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.
Based on the scenario above, answer the following question:
Which of the following options indicate that Socket Inc. used risk modification to treat risks?

• A.Conducting a risk assessment before deciding to use third-party services
• B.Requiring the change of passwords at least once every 60 days
• C.Storing customers' personal data in a cloud-based storage

답을 확인하기

정답:

Question No : 10

Why should the security testing processes be defined and implemented in the development life cycle?

• A.To protect the production environment and data from compromise by development and test activities
• B.To validate if information security requirements are met when applications are deployed to the production environment
• C.To Identify organizational assets and define appropriate protection responsibilities

답을 확인하기

정답:

Question No : 11

The purpose of control 5.9 inventory of Information and other associated assets of ISO/IEC 27001 is to identify organization's information and other associated assets in order to preserve their information security and assign ownership.
Which of the following actions docs NOT fulfill this purpose?

• A.Conducting regular reviews of identified information and other associated assets
• B.Establishing rules to control physical and logical access to Information and other associated assets
• C.Assigning the responsibility for appropriately classifying and protecting information and other associated assets to the asset owners

답을 확인하기

정답:

Question No : 12

The purpose of control 7.2 Physical entry of ISO/IEC 27001 is to ensure only authorized access to, the organization's information and other associated assets occur.
Which action below does NOT fulfill this purpose?

• A.Verifying items of equipment containing storage media
• B.Using appropriate entry controls
• C.Implementing access points

답을 확인하기

정답:

Question No : 13

Which of the following practices Indicates that Company A has Implemented clock synchronization?

• A.Logs that record activities and other relevant events are stored and analyzed
• B.Information processing systems are coordinated according to an approved time source
• C.Suspected information security events are reported in a timely manner through an appropriate channel

답을 확인하기

정답:

Question No : 14

The application used by an organization has a complicated user interface.
What does the complicated user interface represent in this case?

• A.An intrinsic vulnerability, since it is a characteristic of the asset
• B.An extrinsic vulnerability, since it is fin external factor that impacts the asset
• C.A type of threat, since it may result in an unwanted incident

답을 확인하기

정답:

Question No : 15

Org Y. a well-known bank, uses an online banking platform that enables clients to easily and securely access their bank accounts. To log in. clients are required to enter the one-time authorization code sent to their smartphone.
What can be concluded from this scenario?

• A.Org Y has implemented an integrity control that avoids the involuntary corruption of data
• B.Org Y has incorrectly implemented a security control that could become a vulnerability
• C.Org Y has implemented a security control that ensures the confidentiality of information

답을 확인하기

정답: