Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

ISO-IEC-27001-Lead-Implementer Exam Dumps - PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam

Go to page:
Question # 33

If an organization wants to monitor operations in real time and notify users about deviations, which type of dashboard should be used?

A.

Strategic dashboard

B.

Tactical dashboard

C.

Operational dashboard

Full Access
Question # 34

Levo Corporation has implemented a demilitarized zone (DMZ) and virtual private network (VPN) to secure its network. What controls did Levo Corporation implement in this case?

A.

Preventive controls

B.

Detective controls

C.

Corrective controls

Full Access
Question # 35

Which of the following practices Indicates that Company A has Implemented clock synchronization?

A.

Logs that record activities and other relevant events are stored and analyzed

B.

Information processing systems are coordinated according to an approved time source

C.

Suspected information security events are reported in a timely manner through an appropriate channel

Full Access
Question # 36

The purpose of control 5.9 inventory of Information and other associated assets of ISO/IEC 27001 is to identify organization's information and other associated assets in order to preserve their information security and assign ownership. Which of the following actions docs NOT fulfill this purpose?

A.

Conducting regular reviews of identified information and other associated assets

B.

Establishing rules to control physical and logical access to Information and other associated assets

C.

Assigning the responsibility for appropriately classifying and protecting information and other associated assets to the asset owners

Full Access
Question # 37

Which of the following is the information security committee responsible for?

A.

Ensure smooth running of the ISMS

B.

Set annual objectives and the ISMS strategy

C.

Treat the nonconformities

Full Access
Question # 38

A tech company has implemented a security measure to confirm the secure removal or overwriting of sensitive data and licensed software on equipment before disposal or reuse. What type of security control was implemented?

A.

Physical control

B.

Technological control

C.

Organizational control

Full Access
Question # 39

What should an organization allocate to ensure the maintenance and improvement of the information security management system?

A.

The appropriate transfer to operations

B.

Sufficient resources, such as the budget, qualified personnel, and required tools

C.

The documented information required by ISO/IEC 27001

Full Access
Question # 40

Scenario 10: ProEBank

ProEBank, an Austrian financial institution, implemented an ISMS and prepared for ISO/IEC 27001 certification. During planning, the company identified aconflict of interestwith one auditor, who had previously worked with their main competitor. ProEBankrefused to undergo the audituntil a new audit team was assigned. The certification body acknowledged the issue and replaced the team.

ProEBank is an Austrian financial institution known for its comprehensive range of banking services. Headquartered in Vienna, it leaverages the city's advanced technological and financial ecosystem To enhance its security posture, ProEBank has implementied an information security management system (ISMS) based on the ISO/IEC 27001. After a year of having the ISMS in place, the company decided to apply for a certification audit to obtain certification against ISO/IEC 27001.

To prepare for the audit, the company first informed its employees for the audit and organized training sessions to prepare them. It also prepared documented information in advance, so that the documents would be ready when external auditors asked to review them Additionally, it determined which of its employees have the knowledge to help the external auditors understand and evaluate the processes.

During the planning phase for the audit, ProEBank reviewed the list of assigned auditors provided by the certification body. Upon reviewing the list, ProEBank identified a potential conflict of interest with one of the auditors, who had previously worked for ProEBank's mein competitor in the banking industry To ensure the integrity of the audit process. ProEBank refused to undergo the audit until a completely new audit team was assigned. In response, the certification body acknowledged the conflict of interest and made the necessary adjustments to ensure the impartiality of the audit team

After the resolution of this issue, the audit team assessed whether the ISMS met both the standard's requirements and the company's objectives. During this process, the audit team focused on reviewing documented information.

Three weeks later, the team conducted an on-site visit to the auditee’s location where they aimed to evaluate whether the ISMS conformed to the requirements of ISO/IEC 27001. was effectively implemented, and enabled the auditee to reach its information security objectives. After the on-site visit the team prepared the audit conclusions and notified the auditee that some minor nonconformities had been detected The audit team leader then issued a recommendation for certification.

After receiving the recommendation from the audit team leader, the certification body established a committee to make the decision for certification. The committee included one member from the audit team and two other experts working for the certification body.

Question:

Is ProEBank's decision to require a new audit team due to a perceived conflict of interest acceptable?

A.

No – they should have requested only the replacement of the auditor

B.

No – the auditee does not have the right to reject the auditors selected by the certification body

C.

Yes – the auditee is allowed to refuse to undergo the audit until a new audit team is established

Full Access
Go to page: