ISO-IEC-27001-LEAD-AUDITOR Online Practice Questions and Answers

Cabling Security is associated with Power, telecommunication and network cabling carrying information are protected from interception and damage.

A. True

B. False

Which department maintain's contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications service providers depending on the service required?

A. COO

B. CISO

C. CSM

D. MRO

Which threat could occur if no physical measures are taken?

A. Unauthorised persons viewing sensitive files

B. Confidential prints being left on the printer

C. A server shutting down because of overheating

D. Hackers entering the corporate network

__________ is a software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

A. Trojan

B. Operating System

C. Virus

D. Malware

The computer room is protected by a pass reader. Only the System Management department has a pass.

What type of security measure is this?

A. a corrective security measure

B. a physical security measure

C. a logical security measure

D. a repressive security measure

Implement plan on a test basis - this comes under which section of PDCA

A. Plan

B. Do

C. Act

D. Check

Why do we need to test a disaster recovery plan regularly, and keep it up to date?

A. Otherwise the measures taken and the incident procedures planned may not be adequate

B. Otherwise it is no longer up to date with the registration of daily occurring faults

C. Otherwise remotely stored backups may no longer be available to the security team

What is the standard definition of ISMS?

A. Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing,operating and maintaining organization's reputation.

B. A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improving

C. A project-based approach to achieve business objectives for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security

D. A systematic approach for establishing, implementing, operating,monitoring, reviewing, maintaining and improving an organization's information security to achieve business objectives.

There is a network printer in the hallway of the company where you work. Many employees don't pick up their printouts immediately and leave them on the printer.

What are the consequences of this to the reliability of the information?

A. The integrity of the information is no longer guaranteed.

B. The availability of the information is no longer guaranteed.

C. The confidentiality of the information is no longer guaranteed.

D. The Security of the information is no longer guaranteed.

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure?

A. Appoint security staff

B. Encrypt all sensitive information

C. Formulate a policy

D. Set up an access control procedure