PECB ISO-IEC-27001 Lead Implementer PECB Certified ISO/IEC 27001 Lead Implementer exam Online Training
PECB ISO-IEC-27001 Lead Implementer Online Training
The questions for ISO-IEC-27001 Lead Implementer were last updated at Feb 21,2025.
- Exam Code: ISO-IEC-27001 Lead Implementer
- Exam Name: PECB Certified ISO/IEC 27001 Lead Implementer exam
- Certification Provider: PECB
- Latest update: Feb 21,2025
An organization documented each security control that it Implemented by describing their functions in detail.
Is this compliant with ISO/IEC 27001?
- A . No, the standard requires to document only the operation of processes and controls, so no description of each security control is needed
- B . No, because the documented information should have a strict format, including the date, version number and author identification
- C . Yes, but documenting each security control and not the process in general will make it difficult to review the documented information
Which security controls must be implemented to comply with ISO/IEC 27001?
- A . Those designed by the organization only
- B . Those included in the risk treatment plan
- C . Those listed in Annex A of ISO/IEC 27001, without any exception
What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001?
- A . To prevent unauthorized physical access, damage, and interference to the organization’s information and other associated assets
- B . To maintain the confidentiality of information that is accessible by personnel or external parties
- C . To ensure access to information and other associated assets is defined and authorized
An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents.
Which control should it implement7
- A . Use of privileged utility programs
- B . Clock synchronization
- C . Installation of software on operational systems
The incident management process of an organization enables them to prepare for and respond to information security incidents. In addition, the organization has procedures in place for assessing information security events.
According to ISO/IEC 27001, what else must an incident management process include?
- A . Processes for using knowledge gained from information security incidents
- B . Establishment of two information security incident response teams
- C . Processes for handling information security incidents of suppliers as defined in their agreements
Who should be involved, among others, in the draft, review, and validation of information security procedures?
- A . An external expert
- B . The information security committee
- C . The employees in charge of ISMS operation
An organization has implemented a control that enables the company to manage storage media through their life cycle of use. acquisition, transportation and disposal.
Which control category does this control belong to?
- A . Organizational
- B . Physical
- C . Technological
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB’s top management contracted two experts to direct and manage the ISMS implementation project.
First, the project team analyzed the 93 controls of ISO/IEC 27001 Annex A and listed only the security controls deemed applicable to the company and their objectives Based on this analysis, they drafted the Statement of Applicability. Afterward, they conducted a risk assessment, during which they identified assets, such as hardware, software, and networks, as well as threats and vulnerabilities, assessed potential consequences and likelihood, and determined the level of risks based on three nonnumerical categories (low, medium, and high). They evaluated the risks based on the risk evaluation criteria and decided to treat only the high risk category They also decided to focus primarily on the unauthorized use of administrator rights and system interruptions due to several hardware failures by establishing a new version of the access control policy, implementing controls to manage and control user access, and implementing a control for ICT readiness for business continuity
Lastly, they drafted a risk assessment report, in which they wrote that if after the implementation of these security controls the level of risk is below the acceptable level, the risks will be accepted
Based on the scenario above, answer the following question:
The decision to treat only risks that were classified as high indicates that Trade B has:
- A . Evaluated other risk categories based on risk treatment criteria
- B . Accepted other risk categories based on risk acceptance criteria
- C . Modified other risk categories based on risk evaluation criteria
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB’s top management contracted two experts to direct and manage the ISMS implementation project.
First, the project team analyzed the 93 controls of ISO/IEC 27001 Annex A and listed only the security controls deemed applicable to the company and their objectives Based on this analysis, they drafted the Statement of Applicability. Afterward, they conducted a risk assessment, during which they identified assets, such as hardware, software, and networks, as well as threats and vulnerabilities, assessed potential consequences and likelihood, and determined the level of risks based on three nonnumerical categories (low, medium, and high). They evaluated the risks based on the risk evaluation criteria and decided to treat only the high risk category They also decided to focus primarily on the unauthorized use of administrator rights and system interruptions due to several hardware failures by establishing a new version of the access control policy, implementing controls to manage and control user access, and implementing a control for ICT readiness for business continuity
Lastly, they drafted a risk assessment report, in which they wrote that if after the implementation of these security controls the level of risk is below the acceptable level, the risks will be accepted
Based on scenario 4, the fact that TradeB defined the level of risk based on three nonnumerical categories indicates that;
- A . The level of risk will be evaluated against qualitative criteria
- B . The level of risk will be defined using a formula
- C . The level of risk will be evaluated using quantitative analysis
Scenario 4: TradeB. a commercial bank that has just entered the market, accepts deposits from its clients and offers basic financial services and loans for investments. TradeB has decided to implement an information security management system (ISMS) based on ISO/IEC 27001 Having no experience of a management [^system implementation, TradeB’s top management contracted two experts to direct and manage the ISMS implementation project.
First, the project team analyzed the 93 controls of ISO/IEC 27001 Annex A and listed only the security controls deemed applicable to the company and their objectives Based on this analysis, they drafted the Statement of Applicability. Afterward, they conducted a risk assessment, during which they identified assets, such as hardware, software, and networks, as well as threats and vulnerabilities, assessed potential consequences and likelihood, and determined the level of risks based on three nonnumerical categories (low, medium, and high). They evaluated the risks based on the risk evaluation criteria and decided to treat only the high risk category They also decided to focus primarily on the unauthorized use of administrator rights and system interruptions due to several hardware failures by establishing a new version of the access control policy, implementing controls to manage and control user access, and implementing a control for ICT readiness for business continuity
Lastly, they drafted a risk assessment report, in which they wrote that if after the implementation of these security controls the level of risk is below the acceptable level, the risks will be accepted
Based on scenario 4, what type of assets were identified during risk assessment?
- A . Supporting assets
- B . Primary assets
- C . Business assets
Latest ISO-IEC-27001 Lead Implementer Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
