Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

ISO-IEC-27001-Lead-Implementer Exam Dumps - PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam

Go to page:
Question # 17

Once they made sure that the attackers do not have access in their system, the security administrators decided to proceed with the forensic analysis. They concluded that their access security system was not designed tor threat detection, including the detection of malicious files which could be the cause of possible future attacks.

Based on these findings. Texas H$H inc, decided to modify its access security system to avoid future incidents and integrate an incident management policy in their Information security policy that could serve as guidance for employees on how to respond to similar incidents.

Based on the scenario above, answer the following question:

Texas M&H Inc. decided to integrate the incident management policy to the existent information security policy. How do you define this situation?

A.

Acceptable, the incident management policy may be integrated into the overall information security policy of the organization

B.

Acceptable, but only if the incident management policy addresses environmental, or health and safety issues

C.

Unacceptable, the incident management policy should be drafted as a separate document in order to be clear and effective

Full Access
Question # 18

Scenario 5: Evergreen

Evergreen is undergoing ISMS implementation. In their structure, there exists an Information Security Committee (ISC), which leads and governs security operations.

Question:

Can the information security committee at Evergreen take on the role of the emergency committee in the event of a major incident?

A.

No – no one should assume the role of the emergency committee to prevent the mismanagement of major incidents

B.

Yes – can assume the role of the emergency committee in the event of a major incident

C.

No – only the steering committee can assume the role of the emergency committee

Full Access
Question # 19

A manufacturing company faced a risk of production delays due to potential supply chain disruptions. After assessing the potential impact of the risk, the company decided to accept the risk, considering the disruption unlikely to significantly affect its operations. Which risk treatment option did the company select in this case?

A.

Risk avoidance

B.

Risk retention

C.

Risk deflection

Full Access
Question # 20

Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the involved parties, including parents, other physicians, and the medical laboratory staff.

Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.

The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic's patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.

Based on the scenario above, answer the following question:

Which of the following indicates that the confidentiality of information was compromised?

A.

Service interruptions due to the increased number of users

B.

Invasion of patients' privacy

C.

Modification of patients' medical reports

Full Access
Question # 21

Scenario 9: SkyFleet specializes in air freight services, providing fast and reliable transportation solutions for businesses that need quick delivery of goods across long distances. Given the confidential nature of the information it handles, SkyFleet is committed to maintaining the highest information security standards. To achieve this, the company has had an information security management system (ISMS) based on ISO/IEC 27001 in operation for a year. To enhance its reputation, SkyFleet is pursuing certification against ISO/IEC 27001.

SkyFleet strongly emphasizes the ongoing maintenance of information security. In pursuit of this goal, it has established a rigorous review process, conducting in-depth assessments of the ISMS strategy every two years to ensure security measures remain robust and up to date. In addition, the company takes a balanced approach to nonconformities. For example, when employees fail to follow proper data encryption protocols for internal communications, SkyFleet assesses the nature and scale of this nonconformity. If this deviation is deemed minor and limited in scope, the company does not prioritize immediate resolution. However, a significant action plan was developed to address a major nonconformity involving the revamp of the company's entire data management system to ensure the protection of client data. SkyFleet entrusted the approval of this action plan to the employees directly responsible for implementing the changes. This streamlined approach ensures that those closest to the issues actively engage in the resolution process. SkyFleet's blend of innovation, dedication to information security, and adaptability has built its reputation as a key player in the IT and communications services sector.

Despite initially not being recommended for certification due to missed deadlines for submitting required action plans, SkyFleet undertook corrective measures to address these deficiencies in preparation for the next certification process. These measures involved analyzing the root causes of the delay, developing a corrective action plan, reassessing ISMS implementation to ensure compliance with ISO/IEC 27001 requirements, intensifying internal audit activities, and engaging with a certification body for a follow-up audit.

According to Scenario 9, has SkyFleet accurately established the appropriate frequency for reviewing its ISMS Strategy?

A.

Yes. SkyFleet should review its ISMS every two years

B.

No. Reviews are only necessary when significant changes in business operations occur

C.

No. SkyFleet should conduct at least an annual review of the ISMS

Full Access
Question # 22

Scenario 8: SunDee is an American biopharmaceutical company, headquartered in California, the US. It specializes in developing novel human therapeutics, with a focus on cardiovascular diseases, oncology, bone health, and inflammation. The company has had an information security management system (ISMS) based on SO/IEC 27001 in place for the past two years. However, it has not monitored or measured the performance and effectiveness of its ISMS and conducted management reviews regularly

Just before the recertification audit, the company decided to conduct an internal audit. It also asked most of their staff to compile the written individual reports of the past two years for their departments. This left the Production Department with less than the optimum workforce, which decreased the company's stock.

Tessa was SunDee's internal auditor. With multiple reports written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever Tessa concluded that SunDee must evaluate the performance of the ISMS adequately. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations. Additionally, Tessa created a new plan which would enable SunDee to resolve these issues and presented it to the top management

According to scenario 8, Tessa created a plan for ISMS monitoring and measurement and presented it to the top management Is this acceptable?

A.

No, Tessa should only communicate the issues found to the top management

B.

Yes, Tessa can advise the top management on improving the company's functions

C.

No, Tessa must implement all the improvements needed for issues found during the audit

Full Access
Question # 23

Scenario:

Jane is a developer deploying an application using a language supported by her cloud provider. She doesn’t manage the underlying infrastructure but needs control over the application and its environment.

Question:

Which cloud service model does Jane need?

A.

Infrastructure as a Service

B.

Platform as a Service

C.

Software as a Service

Full Access
Question # 24

Upon the risk assessment outcomes. Socket Inc. decided to:

• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers

• Require the change of passwords at least once every 60 days

• Keep backup copies of files on IT-provided network drives

• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.

Based on the scenario above, answer the following question:

Which of the following options indicate that Socket Inc. used risk modification to treat risks?

A.

Conducting a risk assessment before deciding to use third-party services

B.

Requiring the change of passwords at least once every 60 days

C.

Storing customers' personal data in a cloud-based storage

Full Access
Go to page: