New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Free Access PECB ISO-IEC-27001-Lead-Implementer New Release

Page: 11 / 13
Question 44

The incident management process of an organization enables them to prepare for and respond to information security incidents. In addition, the organization has procedures in place for assessing information security events. According to ISO/IEC 27001, what else must an incident management process include?

Options:

A.

Processes for using knowledge gained from information security incidents

B.

Establishment of two information security incident response teams

C.

Processes for handling information security incidents of suppliers as defined in their agreements

Question 45

Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers.

Due to this transformation of the business model, a number of security controls were implemented based on the identified threats and vulnerabilities associated to critical assets. To protect customers' information. Beauty's employees had to sign a confidentiality agreement. In addition, the company reviewed all user access rights so that only authorized personnel can have access to sensitive files and drafted a new segregation of duties chart.

However, the transition was difficult for the IT team, who had to deal with a security incident not long after transitioning to the e commerce model. After investigating the incident, the team concluded that due to the out-of-date anti-malware software, an attacker gamed access to their files and exposed customers' information, including their names and home addresses.

The IT team decided to stop using the old anti-malware software and install a new one which would automatically remove malicious code in case of similar incidents. The new software was installed in every workstation within the company. After installing the new software, the team updated it with the latest malware definitions and enabled the automatic update feature to keep it up to date at all times. Additionally, they established an authentication process that requires a user identification and password when accessing sensitive information.

In addition, Beauty conducted a number of information security awareness sessions for the IT team and other employees that have access to confidential information in order to raise awareness on the importance of system and network security.

Based on scenario 2, Beauty should have implemented (1)_____________________________ to detect (2)_________________________.

Options:

A.

(1) An access control software, (2) patches

B.

(1) Network intrusions, (2) technical vulnerabilities

C.

(1) An intrusion detection system, (2) intrusions on networks

Question 46

Invalid Electric, a manufacturer of electrical components, is preparing for its upcoming ISO 27001 certification audit. This is the first time the company has undergone such an audit, and many of itsemployees are not familiar with the process. The management team is concerned that employees may not be adequately prepared for interviews and the scrutiny of documentation during the audit.

To ensure that employees are ready for the audit, the management team is considering several options to help them understand what to expect and how to handle the auditor's questions confidently.

Based on scenario 10. did invalid Electric provide a valid reason for requesting the replacement of the audit learn leader?

Options:

A.

No, because Issuing a recommendation for certification lo a main competitor is not a conflict of interest situation

B.

No, because the auditee can request the replacement of an auditor only if the auditor has worked for the auditee

C.

Yes, because the auditee can request to replace an auditor that has worked for one of its major competitors

Question 47

Which of the following statements regarding information security risk is NOT correct?

Options:

A.

Information security risk is associated with the potential that the vulnerabilities of an information asset may be exploited by threats

B.

Information security risk cannot be accepted without being treated or during the process of risk treatment

C.

Information security risk can be expressed as the effect of uncertainty on information security objectives

Page: 11 / 13
Exam Name: PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam
Last Update: Dec 22, 2024
Questions: 179
ISO-IEC-27001-Lead-Implementer pdf

ISO-IEC-27001-Lead-Implementer PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Implementer Engine

ISO-IEC-27001-Lead-Implementer Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Implementer PDF + Engine

ISO-IEC-27001-Lead-Implementer PDF + Testing Engine

$40.5  $134.99