March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

GAQM ISO-ISMS-LA Dumps

Page: 1 / 4
Total 100 questions

ISO 27001:2013 ISMS - Certified Lead Auditor Questions and Answers

Question 1

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company’s information is worth more and more and gone are the days when you could keep control yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. 

What is a qualitative risk analysis? 

Options:

A.

This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage. 

B.

This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

Question 2

In the event of an Information security incident, system users' roles and responsibilities are to be observed, except:

Options:

A.

Report suspected or known incidents upon discovery through the Servicedesk

B.

Preserve evidence if necessary

C.

Cooperate with investigative personnel during investigation if needed

D.

Make the information security incident details known to all employees

Question 3

Which of the following is a preventive security measure? 

Options:

A.

Installing logging and monitoring software

B.

Shutting down the Internet connection after an attack

C.

Storing sensitive information in a data save

Question 4

How are data and information related? 

Options:

A.

Data is a collection of structured and unstructured information 

B.

Information consists of facts and statistics collected together for reference or analysis

C.

When meaning and value are assigned to data, it becomes information

Question 5

A member of staff denies sending a particular message. 

Which reliability aspect of information is in danger here? 

Options:

A.

availability 

B.

correctness 

C.

integrity

D.

confidentiality

Question 6

The computer room is protected by a pass reader. Only the System Management department has a pass. 

What type of security measure is this?

Options:

A.

a corrective security measure

B.

a physical security measure

C.

a logical security measure 

D.

a repressive security measure

Question 7

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. 

What is not one of the four main objectives of a risk analysis?

Options:

A.

Identifying assets and their value

B.

Implementing counter measures

C.

Establishing a balance between the costs of an incident and the costs of a security measure

D.

Determining relevant vulnerabilities and threats  

Question 8

Which department maintain's contacts with law enforcement authorities, regulatory

bodies, information service providers and telecommunications service providers depending on the service required.

Options:

A.

COO

B.

CISO

C.

CSM

D.

MRO

Question 9

Which of the following does an Asset Register contain? (Choose two)

Options:

A.

Asset Type

B.

Asset Owner

C.

Asset Modifier

D.

Process ID

Question 10

There is a network printer in the hallway of the company where you work. Many employees don’t pick up their printouts immediately and leave them on the printer. 

What are the consequences of this to the reliability of the information?

Options:

A.

The integrity of the information is no longer guaranteed.

B.

The availability of the information is no longer guaranteed.

C.

The confidentiality of the information is no longer guaranteed.

D.

The Security of the information is no longer guaranteed.

Question 11

The following are purposes of Information Security, except:

Options:

A.

Ensure Business Continuity

B.

Minimize Business Risk

C.

Increase Business Assets

D.

Maximize Return on Investment

Question 12

Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this? 

Options:

A.

Social engineering threat 

B.

Organisational threat

C.

Technical threat 

D.

Malware threat 

Question 13

The following are the guidelines to protect your password, except: 

Options:

A.

Don't use the same password for various company system security access

B.

Do not share passwords with anyone

C.

For easy recall, use the same password for company and personal accounts

D.

Change a temporary password on first log-on

Question 14

What type of measure involves the stopping of possible consequences of security incidents?

Options:

A.

Corrective

B.

Detective

C.

Repressive 

D.

Preventive

Question 15

Who is responsible for Initial asset allocation to the user/custodian of the assets?

Options:

A.

Asset Manager

B.

Asset Owner

C.

Asset Practitioner

D.

Asset Stakeholder

Page: 1 / 4
Total 100 questions