Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

ISO-IEC-27001-Lead-Implementer Questions Bank

Page: 4 / 13
Question 16

A small organization that is implementing an ISMS based on ISO/lEC 27001 has decided to outsource the internal audit function to a third party. Is this acceptable?

Options:

A.

Yes, outsourcing the internal audit function to a third party is often a better option for small organizations to demonstrate independence and impartiality

B.

No, the organizations cannot outsource the internal audit function to a third party because during internal audit, the organization audits its own system

C.

No, the outsourcing of the internal audit function may compromise the independence and impartiality of the internal audit team

Question 17

What is the primary requirement for the documented information of an ISMS?

Options:

A.

It must exist solely in a digital format to ensure modern compatibility

B.

It must be sufficiently flexible to adapt to any identified change triggers

C.

It must be accessible to the public at all times to maintain transparency

Question 18

Scenario 5: Operaze is a small software development company that develops applications for various companies around the world. Recently, the company conducted a risk assessment to assess the information security risks that could arise from operating in a digital landscape. Using different testing methods, including penetration Resting and code review, the company identified some issues in its ICT systems, including improper user permissions, misconfigured security settings, and insecure network configurations. To resolve these issues and enhance information security, Operaze decided to implement an information security management system (ISMS) based on ISO/IEC 27001.

Considering that Operaze is a small company, the entire IT team was involved in the ISMS implementation project. Initially, the company analyzed the business requirements and the internal and external environment, identified its key processes and activities, and identified and analyzed the interested parties In addition, the top management of Operaze decided to Include most of the company's departments within the ISMS scope. The defined scope included the organizational and physical boundaries. The IT team drafted an information security policy and communicated it to all relevant interested parties In addition, other specific policies were developed to elaborate on security issues and the roles and responsibilities were assigned to all interested parties.

Following that, the HR manager claimed that the paperwork created by ISMS does not justify its value and the implementation of the ISMS should be canceled However, the top management determined that this claim was invalid and organized an awareness session to explain the benefits of the ISMS to all interested parties.

Operaze decided to migrate Its physical servers to their virtual servers on third-party infrastructure. The new cloud computing solution brought additional changes to the company Operaze's top management, on the other hand, aimed to not only implement an effective ISMS but also ensure the smooth running of the ISMS operations. In this situation, Operaze's top management concluded that the services of external experts were required to implement their information security strategies. The IT team, on the other hand, decided to initiate a change in the ISMS scope and implemented the required modifications to the processes of the company.

Based on scenario 5. after migrating to cloud. Operaze's IT team changed the ISMS scope and implemented all the required modifications Is this acceptable?

Options:

A.

Yes, because the ISMS scope should be changed when there are changes to the external environment

B.

No, because the company has already defined the ISMS scope

C.

No, because any change in ISMS scope should be accepted by the management

Question 19

In the SABSA framework, which layer is concerned with viewing the services at a high level?

Options:

A.

Physical security architecture

B.

Logical security architecture

C.

Component security architecture

Page: 4 / 13
Exam Name: PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam
Last Update: Nov 5, 2024
Questions: 179
ISO-IEC-27001-Lead-Implementer pdf

ISO-IEC-27001-Lead-Implementer PDF

$28  $80
ISO-IEC-27001-Lead-Implementer Engine

ISO-IEC-27001-Lead-Implementer Testing Engine

$33.25  $95
ISO-IEC-27001-Lead-Implementer PDF + Engine

ISO-IEC-27001-Lead-Implementer PDF + Testing Engine

$45.5  $130