[2024年01月17日] 最新リアルISO-IEC-27001-Lead-Implementer試験問題集解答 [Q22-Q45]

[2024年01月17日] 最新リアルISO-IEC-27001-Lead-Implementer試験問題集解答

あなたを簡単に合格させるISO-IEC-27001-Lead-Implementer試験問と正確なPECB Certified ISO/IEC 27001 Lead Implementer ExamPDF問題

PECB ISO-IEC-27001-Lead-Implementer試験は、ISO/IEC 27001標準に基づく情報セキュリティ管理システム（ISMS）を実装および管理するために必要な知識とスキルを提供するように設計された認定プログラムです。この認定資格は、様々な分野での専門的な開発と認定を促進および支援する国際的に認知された機関であるProfessional Evaluation and Certification Board（PECB）によって授与されます。

PECB ISO-IEC-27001-LEAD-IMPLEMENTER認定試験は、ITマネージャー、セキュリティコンサルタント、リスク評価者、コンプライアンス担当者など、組織の情報セキュリティの管理を担当する専門家に最適です。認定試験は、ISO/IEC 27001標準を完全に理解し、専門家が標準の要件を満たす情報セキュリティ管理システムを作成、実装、および管理できるようにします。

 

質問 # 22
What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?

• A. To prevent unauthorized physical access, damage, and interference to the organization's information and other associated assets
• B. To maintain the confidentiality of information that is accessible by personnel or external parties
• C. To ensure access to information and other associated assets is defined and authorized

正解：A

質問 # 23
Who is accountable to classify information assets?

• A. the Information Security Team
• B. the CISO
• C. the CEO
• D. theasset owner

正解：D

質問 # 24
What is an example of a good physical security measure?

• A. Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.
• B. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
• C. All employees and visitors carry an access pass.

正解：C

質問 # 25
Scenario 6: Skyver offers worldwide shipping of electronic products, including gaming consoles, flat-screen TVs. computers, and printers. In order to ensure information security, the company has decided to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001.
Colin, the company's best information security expert, decided to hold a training and awareness session for the personnel of the company regarding the information security challenges and other information security-related controls. The session included topics such as Skyver's information security approaches and techniques for mitigating phishing and malware.
One of the participants in the session is Lisa, who works in the HR Department. Although Colin explains the existing Skyver's information security policies and procedures in an honest and fair manner, she finds some of the issues being discussed too technical and does not fully understand the session. Therefore, in a lot of cases, she requests additional help from the trainer and her colleagues Based on the scenario above, answer the following question:
How should Colin have handled the situation with Lisa?

• A. Promise Lisa that future training and awareness sessions will be easily understandable
• B. Extend the duration of the training and awareness session in order to be able to achieve better results
• C. Deliver training and awareness sessions for employees with the same level of competence needs based on the activities they perform within the company

正解：C

質問 # 26
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

• A. Information Security Management System
• B. The use of tokens to gain access to information systems
• C. Validation of input and output data in applications
• D. Encryption ofinformation

正解：A

質問 # 27
An organization has implemented a control that enables the company to manage storage media through their life cycle of use. acquisition, transportation and disposal. Which control category does this control belong to?

• A. Organizational
• B. Technological
• C. Physical

正解：B

質問 # 28
What is the next step that Operaze's ISMS implementation team should take after drafting the information security policy? Refer to scenario 5.

• A. Implement the information security policy
• B. Communicate the information security policy to all employees
• C. Obtain top management's approval for the information security policy

正解：C

質問 # 29
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the company's staff. Which kind of security measure could have prevented this?

• A. physical security measure
• B. An organizational security measure
• C. A technical security measure

正解：A

質問 # 30
What is the best description of a risk analysis?

• A. A risk analysis calculates the exact financial consequences of damages.
• B. A risk analysis helps to estimate the risks and develop the appropriate security measures.
• C. A risk analysis is a method of mapping risks without looking at company processes.

正解：B

質問 # 31
Scenario 8: SunDee is an American biopharmaceutical company, headquartered in California, the US. It specializes in developing novel human therapeutics, with a focus on cardiovascular diseases, oncology, bone health, and inflammation. The company has had an information security management system (ISMS) based on SO/IEC 27001 in place for the past two years. However, it has not monitored or measured the performance and effectiveness of its ISMS and conducted management reviews regularly Just before the recertification audit, the company decided to conduct an internal audit. It also asked most of their staff to compile the written individual reports of the past two years for their departments. This left the Production Department with less than the optimum workforce, which decreased the company's stock.
Tessa was SunDee's internal auditor. With multiple reports written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever Tessa concluded that SunDee must evaluate the performance of the ISMS adequately. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations. Additionally, Tessa created a new plan which would enable SunDee to resolve these issues and presented it to the top management Based on the scenario above, answer the following question:
What caused SunDee's workforce disruption?

• A. The negligence of performance evaluation and monitoring and measurement procedures
• B. The inconsistency of reports written by different employees
• C. The voluminous written reports

正解：C

質問 # 32
Which of the situations below can negatively affect the internal audit process?

• A. Reporting the internal audit results to the top management
• B. Conducting internal audit interviews with all employees of the organization
• C. Restricting the internal auditor's access to offices and documentation

正解：C

質問 # 33
Based on scenario 7, what should Anna be aware of when gathering data?

• A. The use of the buffer zone that blocks potential attacks coming from malicious websites where data can be collected
• B. The collection and preservation of records
• C. The type of data that helps prevent future occurrences of information security incidents

正解：B

質問 # 34
Socket Inc. has implemented a control for the effective use of cryptography and cryptographic key management. Is this compliant with ISO/IEC 27001' Refer to scenario 3.

• A. Yes, the control for the effective use of the cryptography can include cryptographic key management
• B. No, because the standard provides a separate control for cryptographic key management
• C. No, the control should be implemented only for defining rules for cryptographic key management

正解：A

質問 # 35
An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents. Which control should it implement7

• A. Installation of software on operational systems
• B. Clock synchronization
• C. Use of privileged utility programs

正解：B

質問 # 36
According to scenario 10, NetworkFuse requested from the certification body to review all the documentation only on-site. Is this acceptable?

• A. No, the certification body decides whether the documentation review takes place on-site or off-site
• B. Yes, the auditee may request that the review of the documentation takes place on-site
• C. Yes, only if a confidentiality agreement is formerly signed by the audit team

正解：A

質問 # 37
An organization uses Platform as a Services (PaaS) to host its cloud-based services As such, the cloud provider manages most off the services to the organization. However, the organization still manages____________________

• A. Application and data
• B. Operating system and visualization
• C. Servers and storage

正解：A

質問 # 38
Based on scenario 4, what type of assets were identified during risk assessment?

• A. Supporting assets
• B. Primary assets
• C. Business assets

正解：A

質問 # 39
Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)

• A. Physical security perimeter
• B. Cryptographic Controls Use Policy
• C. Key management
• D. Work in safe areas

正解：B、C

質問 # 40
Based on scenario 1. what is a potential impact of the loss of integrity of information in HealthGenic?

• A. Service interruptions and complicated user interface
• B. Disruption of operations and performance degradation
• C. Incomplete and incorrect medical reports

正解：C

質問 # 41
FinanceX, a well-known financial institution, uses an online banking platform that enables clients to easily and securely access their bank accounts. To log in, clients are required to enter the one-lime authorization code sent to their smartphone. What can be concluded from this scenario?

• A. FinanceX has implemented a securityControl that ensures the confidentiality of information
• B. FinanceX has implemented an integrity control that avoids the involuntary corruption of data
• C. FinanceX has incorrectly implemented a security control that could become a vulnerability

正解：A

質問 # 42
Based on scenario 2, which information security principle is the IT team aiming to ensure by establishing a user authentication process that requires user identification and password when accessing sensitive information?

• A. Availability
• B. Integrity
• C. Confidentiality

正解：C

質問 # 43
What is the most important reason for applying the segregation of duties?

• A. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
• B. Segregation of duties makes it easier for a person who is readywith his or her part of the work to take time off or to take over the work of another person.
• C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
• D. Segregation of duties makes it clear who is responsible for what.

正解：C

質問 # 44
The certification body rejected NetworkFuse's request to change the audit team leader. Is this acceptable?
Refer to scenario 10.

• A. No, auditee's requests for the replacement of auditors must be accepted
• B. No, because an auditee cannot request the rejection of an audit team member
• C. Yes, because NetworkFuse did not give a valid reason to support their claims

正解：C

質問 # 45
......

ISO-IEC-27001-Lead-Implementer認証試験問題集の解答を提供しています：https://drive.google.com/open?id=1LN11abwAquoHQl86S2gacwGL9vL2iRod

更新されたISO-IEC-27001-Lead-Implementer試験練習テスト問題：https://www.goshiken.com/PECB/ISO-IEC-27001-Lead-Implementer-mondaishu.html