ISO-IEC-27001 Lead Implementer 시험 - PECB실제시험문제와 답 - 50문항

Question No : 1

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems.
Which of these is not a technical measure?

A.Information Security Management System
B.The use of tokens to gain access to information systems
C.Validation of input and output data in applications
D.Encryption of information

정답:

Question No : 2

What should be used to protect data on removable media if data confidentiality or integrity are important considerations?

A.backup on another removable medium
B.cryptographic techniques
C.a password
D.logging

정답:

Question No : 3

What are the data protection principles set out in the GDPR?

A.Purpose limitation, proportionality, availability, data minimisation
B.Purpose limitation, proportionality, data minimisation, transparency
C.Target group, proportionality, transparency, data minimisation
D.Purpose limitation, pudicity, transparency, data minimisation

정답:

Question No : 4

Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

A.screening
B.authorizing
C.controlling
D.flexing

정답:

Question No : 5

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?

A.Availability
B.Integrity
C.Confidentiality

정답:

Question No : 6

What is the ISO / IEC 27002 standard?

A.It is a guide of good practices that describes the control objectives and recommended controls regarding information security.
B.It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001
C.It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.

정답:

Question No : 7

Midwest Insurance grades the monthly report of all claimed losses per insured as confidential.
What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?

A.The costs for automating are easier to charge to the responsible departments.
B.A determination can be made as to which report should be printed first and which ones can wait a little longer.
C.Everyone can easily see how sensitive the reports' contents are by consulting the grading label.
D.Reports can be developed more easily and with fewer errors.

정답:

Question No : 8

What is the greatest risk for an organization if no information security policy has been defined?

A.If everyone works with the same account, it is impossible to find out who worked on what.
B.Information security activities are carried out by only a few people.
C.Too many measures areimplemented.
D.It is not possible for an organization to implement information security in a consistent manner.

정답:

Question No : 9

What is an example of a good physical security measure?

A.All employees and visitors carry an access pass.
B.Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.
C.Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

정답:

Question No : 10

What do employees need to know to report a security incident?

A.How to report an incident and to whom.
B.Whether the incident has occurred before and what was the resulting damage.
C.The measures that should have been taken to prevent the incident in the first place.
D.Who is responsible for the incident and whether it was intentional.

정답:

Question No : 11

ISO 27002 provides guidance in the following area

A.PCI environment scoping
B.Information handling recommendations
C.Framework for an overall security and compliance program
D.Detailed lists of required policies and procedures

정답:

Question No : 12

Which of these reliability aspects is "completeness" a part of?

A.Availability
B.Exclusivity
C.Integrity
D.Confidentiality

정답:

Question No : 13

Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?

A.ISO/IEC 27001:2005
B.Intellectual Property Rights
C.ISO/IEC 27002:2005
D.Personal data protection legislation

정답:

Question No : 14

It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures (“whistle blowing”)

A.True
B.False

정답:

Question No : 15

True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

A.True
B.False

정답:

PECB ISO-IEC-27001 Lead Implementer 시험