ISO27-13-001 Exam Dumps - ISO 27001 : 2013 - Certified Lead Auditor

Question # 4

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an

organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure?

Appoint security staff

Encrypt all sensitive information

Formulate a policy

Set up an access control procedure

Full Access

Question # 5

Which measure is a preventive measure?

Installing a logging system that enables changes in a system to be recognized

Shutting down all internet traffic after a hacker has gained access to the company systems

Putting sensitive information in a safe

Full Access

Question # 6

CMM stands for?

Capability Maturity Matrix

Capacity Maturity Matrix

Capability Maturity Model

Capable Mature Model

Full Access

Question # 7

In the event of an Information security incident, system users' roles and responsibilities are to be observed, except:

Report suspected or known incidents upon discovery through the Servicedesk

Preserve evidence if necessary

Cooperate with investigative personnel during investigation if needed

Make the information security incident details known to all employees

Full Access

Question # 8

Information or data that are classified as ______ do not require labeling.

Public

Internal

Confidential

Highly Confidential

Full Access

Question # 9

Phishing is what type of Information Security Incident?

Private Incidents

Cracker/Hacker Attacks

Technical Vulnerabilities

Legal Incidents

Full Access

Question # 10

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password.

What kind of threat is this?

Natural threat

Organizational threat

Social Engineering

Arason

Full Access

Question # 11

In what part of the process to grant access to a system does the user present a token?

Authorisation

Verification

Authentication

Identification

Full Access

Question # 12

Backup media is kept in the same secure area as the servers. What risk may the organisation be exposed to?

Unauthorised persons will have access to both the servers and backups

Responsibility for the backups is not defined well

After a fire, the information systems cannot be restored

After a server crash, it will take extra time to bring it back up again

Full Access

Question # 13

How is the purpose of information security policy best described?

An information security policy documents the analysis of risks and the search for countermeasures.

An information security policy provides direction and support to the management regarding information security.

An information security policy makes the security plan concrete by providing it with the necessary details.

An information security policy provides insight into threats and the possible consequences.

Full Access

Question # 14

What is the goal of classification of information?

To create a manual about how to handle mobile devices

Applying labels making the information easier to recognize

Structuring information according to its sensitivity

Full Access

Question # 15

What is the standard definition of ISMS?

Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing,operating and maintaining organization's reputation.

A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improving

A project-based approach to achieve business objectives for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organizationâ€™s information security

A systematic approach for establishing, implementing,operating,monitoring, reviewing, maintaining and improving an organizationâ€™s information security to achieve business objectives.

Full Access