Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Download Latest ISO-IEC-27001-Lead-Implementer Questions

Page: 8 / 13
Question 32

Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers.

Due to this transformation of the business model, a number of security controls were implemented based on the identified threats and vulnerabilities associated to critical assets. To protect customers' information. Beauty's employees had to sign a confidentiality agreement. In addition, the company reviewed all user access rights so that only authorized personnel can have access to sensitive files and drafted a new segregation of duties chart.

However, the transition was difficult for the IT team, who had to deal with a security incident not long after transitioning to the e commerce model. After investigating the incident, the team concluded that due to the out-of-date anti-malware software, an attacker gamed access to their files and exposed customers' information, including their names and home addresses.

The IT team decided to stop using the old anti-malware software and install a new one which would automatically remove malicious code in case of similar incidents. The new software was installed in every workstation within the company. After installing the new software, the team updated it with the latest malware definitions and enabled the automatic update feature to keep it up to date at all times. Additionally, they established an authentication process that requires a user identification and password when accessing sensitive information.

In addition, Beauty conducted a number of information security awareness sessions for the IT team and other employees that have access to confidential information in order to raise awareness on the importance of system and network security.

Which statement below suggests that Beauty has implemented a managerial control that helps avoid the occurrence of incidents? Refer to scenario 2.

Options:

A.

Beauty's employees signed a confidentiality agreement

B.

Beauty conducted a number of information security awareness sessions for the IT team and other employees that have access to confidential information

C.

Beauty updated the segregation of duties chart

Question 33

A healthcare organization needs to ensure that patient records are available to the medical staff whenever needed. Which measure should it prioritize to achieve this?

Options:

A.

Implementing multi-factor authentication

B.

Establishing record retention policies

C.

Using version control systems for data management

Question 34

An employee of the organization accidentally deleted customers' data stored in the database. What is the impact of this action?

Options:

A.

Information is not accessible when required

B.

Information is modified in transit

C.

Information is not available to only authorized users

Question 35

Upon the risk assessment outcomes. Socket Inc. decided to:

• Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers

• Require the change of passwords at least once every 60 days

• Keep backup copies of files on IT-provided network drives

• Assign users to a separate network when they have access to cloud storage files storing customers' personal data.

Based on scenario 5. Socket Inc. decided to assign users lo a separate network when accessing cloud storage tiles. What does this ensure?

Options:

A.

Belter security when using cloud storage files

B.

Elimination of risks related to the use of cloud storage services

C.

Creation of backup copies of files

Page: 8 / 13
Exam Name: PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam
Last Update: Nov 24, 2024
Questions: 179
ISO-IEC-27001-Lead-Implementer pdf

ISO-IEC-27001-Lead-Implementer PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Implementer Engine

ISO-IEC-27001-Lead-Implementer Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Implementer PDF + Engine

ISO-IEC-27001-Lead-Implementer PDF + Testing Engine

$40.5  $134.99