Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

ISO-IEC-27001-Lead-Implementer Exam Dumps - PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam

Go to page:
Question # 17

Based on ISO/IEC 27001, what areas within the organization require establishing rules, procedures, and agreements for information transfer?

A.

Internal file-sharing platforms and shared drives

B.

Public and private cloud services and partner collaboration platforms

C.

All transfer facilities within the organization

Full Access
Question # 18

Once they made sure that the attackers do not have access in their system, the security administrators decided to proceed with the forensic analysis. They concluded that their access security system was not designed tor threat detection, including the detection of malicious files which could be the cause of possible future attacks.

Based on these findings. Texas H$H inc, decided to modify its access security system to avoid future incidents and integrate an incident management policy in their Information security policy that could serve as guidance for employees on how to respond to similar incidents.

Based on the scenario above, answer the following question:

Texas M&H Inc. decided to integrate the incident management policy to the existent information security policy. How do you define this situation?

A.

Acceptable, the incident management policy may be integrated into the overall information security policy of the organization

B.

Acceptable, but only if the incident management policy addresses environmental, or health and safety issues

C.

Unacceptable, the incident management policy should be drafted as a separate document in order to be clear and effective

Full Access
Question # 19

An organization that has an ISMS in place conducts management reviews at planned intervals, but does not retain documented information on the results. Is this in accordance with the requirements of ISO/IEC 27001?

A.

Yes. ISO/IEC 27001 does not require organizations to document the results of management reviews

B.

No, ISO/IEC 27001 requires organizations to document the results of management reviews

C.

Yes. ISO/IEC 27001 requires organizations to document the results of management reviews only if they are conducted ad hoc

Full Access
Question # 20

Question:

Which of the following statements best represents The Open Security Architecture (OSA) framework?

A.

A framework that explains the functionality and technical controls of security, presenting a holistic view of crucial security concerns

B.

A framework that assists organizations in determining the objectives of developing their security architecture, focusing on the initial stages of security architecture

C.

A framework that helps organize enterprise architecture artifacts, including documents, specifications, and models, by considering the impact of these artifacts on various stakeholders

Full Access
Question # 21

Scenario 9: CoreBit Systems

CoreBit Systems, with its headquarters m San Francisco, specializes in information and communication technology (ICT) solutions, its clientele primarily includes data communication enterprises and network operators. The company's core objective is to enable its clients a smooth transition into multi-service providers, aligning their operations with the complex demands of the digital landscape.

Recently. John, the internal auditor of CoreBit Systems, conducted an internal audit which uncovered nonconformities related to their monitoring procedures and system vulnerabilities, in response to the identified nonconformities. CoreBit Systems decided to employ a comprehensive problem-solving approach to solve these issues systematically. The method encompasses a team-oriented approach, aiming to identify, correct, and eliminate the root causes of issues. This approach involves several steps. First, establish a group of experts with deep knowledge of processes and controls. Next, break down the nonconformity into measurable components and implement interim containment measures. Then, identify potential root causes and select and verify permanent corrective actions. Finally, put those actions into practice, validate them, take steps to prevent recurrence, and recognize and acknowledge the team's efforts.

Following the analysis of the root cause of the nonconformities, CoreBit Systems's ISMS project manager. Julia, developed a list of potential actions to address the identified nonconformities. Julia carefully evaluated the list to ensure that each action would effectively eliminate the root cause of the respective nonconformity. While assessing potential corrective action for addressing a nonconformity, Julia identified the issue as significant and assessed a high likelihood of its reoccurrence Consequently, she chose to implement temporary corrective actions. Afterward. Julia combined all the nonconformities Into a single action plan and sought approval from the top management.

The submitted action plan was written as follows:

A new version of the access control policy will be established and new restrictions will be created to ensure that network access is effectively managed and monitored by the Information and Communication Technology (ICT) Department.

However. Julia's submitted action plan was not approved by top management The reason cited was that a general action plan meant to address all nonconformities was deemed unacceptable. Consequently, Julia revised the action plan and submitted separate ones for approval Unfortunately, Julia did not adhere to the organization's specified deadline for submission, resulting in a delay in the corrective action process, and notably, the revised action plans lacked a defined schedule for execution.

Julia, the ISMS project manager, developed a combined action plan for all nonconformities. However, it was rejected, revised, and resubmitted late—without defined execution schedules.

Question:

Did CoreBit Systems have a plan in place to implement permanent corrective action to address the identified nonconformities?

A.

Yes – CoreBit Systems had a comprehensive plan in place to implement permanent corrective actions

B.

No – CoreBit Systems did not have a clear plan to implement a permanent corrective action

C.

No – CoreBit Systems decided not to pursue this course of action

Full Access
Question # 22

Which of the following statements is accurate regarding the methodology for managing the implementation of an ISMS?

A.

Organizations must strictly follow a specific methodology to meet the minimum requirements

B.

The sequence of steps must remain fixed throughout the ISMS implementation

C.

Organizations can adapt the methodology to their specific context, and steps can be modified as needed

Full Access
Question # 23

Scenario 7: InfoSec is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. After facing numerous information security incidents, InfoSec has decided to establish teams and implement measures to prevent potential incidents in the future

Emma, Bob. and Anna were hired as the new members of InfoSec's information security team, which consists of a security architecture team, an incident response team (IRT) and a forensics team Emma's job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant.

Bob, a network expert, will deploy a screened subnet network architecture This architecture will isolate the demilitarized zone (OMZ) to which hosted public services are attached and InfoSec's publicly accessible resources from their private network Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company's network. Bob is also responsible for ensuring that a thorough evaluation of the nature of an unexpected event is conducted, including the details on how the event happened and what or whom it might affect.

Anna will create records of the data, reviews, analysis, and reports in order to keep evidence for the purpose of disciplinary and legal action, and use them to prevent future incidents. To do the work accordingly, she should be aware of the company's information security incident management policy beforehand

Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have.

Based on this scenario, answer the following question:

Based on his tasks, which team is Bob part of?

A.

Security architecture team

B.

Forensics team

C.

Incident response team

Full Access
Question # 24

Question:

An organization has compared its actual performance against predetermined performance targets. What is the primary purpose of this action?

A.

To verify that all security incidents are resolved

B.

To assess whether the organization’s security objectives are being met

C.

To eliminate the need for manual tracking and reporting

Full Access
Go to page: