Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

ISO-IEC-27001-Lead-Implementer Exam Dumps - PECB ISO 27001 Questions and Answers

Page: 1 / 13
Questions 4

Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.

Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.

Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.

To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.

Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management.

Based on scenario 3, what would help Socket Inc. address similar information security incidents in the future?

Options:

A.

Using the MongoDB database with the default settings

B.

Using cryptographic keys to protect the database from unauthorized access

C.

Using the access control system to ensure that only authorized personnel is granted access

Buy Now
Questions 5

Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.

Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.

Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.

To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.

Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management.

Based on scenario 3. which information security control of Annex A of ISO/IEC 27001 did Socket Inc. implement by establishing a new system to maintain, collect, and analyze information related to information security threats?

Options:

A.

Annex A 5.5 Contact with authorities

B.

Annex A 5 7 Threat Intelligence

C.

Annex A 5.13 Labeling of information

Buy Now
Questions 6

What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?

Options:

A.

To prevent unauthorized physical access, damage, and interference to the organization's information and other associated assets

B.

To maintain the confidentiality of information that is accessible by personnel or external parties

C.

To ensure access to information and other associated assets is defined and authorized

Buy Now
Questions 7

In the SABSA framework, which layer is concerned with viewing the services at a high level?

Options:

A.

Physical security architecture

B.

Logical security architecture

C.

Component security architecture

Buy Now
Page: 1 / 13
Exam Name: PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam
Last Update: Nov 24, 2024
Questions: 179
ISO-IEC-27001-Lead-Implementer pdf

ISO-IEC-27001-Lead-Implementer PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Implementer Engine

ISO-IEC-27001-Lead-Implementer Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Implementer PDF + Engine

ISO-IEC-27001-Lead-Implementer PDF + Testing Engine

$40.5  $134.99