PECB ISO-IEC-27002-Foundation Exam With Confidence Using Practice Dumps

Control 5.7, Threat intelligence, belongs to the organizational control group. ISO/IEC 27002:2022 organizes controls by clauses: Clause 5 contains organizational controls, Clause 6 contains people controls, Clause 7 contains physical controls, and Clause 8 contains technological controls. Threat intelligence is classified as organizational because it supports governance, decision-making, risk awareness, planning, prioritization, and security strategy across the organization. It involves collecting, analyzing, and using information about existing or emerging threats so the organization can reduce risk and improve controls. Threat intelligence can influence vulnerability management, incident response, monitoring, supplier risk management, awareness training, security architecture, and risk treatment plans. Although threat intelligence may use technological tools, its ISO/IEC 27002 placement is organizational because its primary purpose is to guide security decisions and readiness. Option A is incorrect because technological controls are Clause 8. Option B is incorrect because people controls are Clause 6. The verified answer is option C. References/Chapters: ISO/IEC 27002:2022, Clause 5 Organizational controls; Control 5.7 Threat intelligence; Clause 4 Structure of the standard.

==========

The “Act” phase is the phase in which an organization maintains and improves the information security management system. In the PDCA logic, “Plan” establishes objectives, policies, processes, risk treatment plans, and controls. “Do” implements and operates the planned processes and controls. “Check” monitors, measures, audits, and reviews performance. “Act” uses the results of checking to correct weaknesses, improve effectiveness, and adapt the ISMS to changing conditions. ISO/IEC 27002 is not itself the PDCA requirements standard, but its controls support the management system lifecycle used by ISO/IEC 27001. Examples include independent review of information security, compliance review, learning from incidents, management of vulnerabilities, and change management. These controls generate findings and lessons that feed improvement actions. “Do” is not the best answer because it focuses on implementation. “Check” is not the best answer because it evaluates performance but does not itself complete improvement. The phase that maintains and improves the ISMS is “Act.” References/Chapters: ISO/IEC 27002:2022, Control 5.35 Independent review of information security; Control 5.27 Learning from information security incidents; ISO/IEC 27001 PDCA-based management system model.

==========

When using cryptography, organizations should consider roles and responsibilities for key management. Cryptographic controls are only effective when keys are properly generated, stored, distributed, rotated, backed up, revoked, destroyed, and protected from unauthorized access. Weak key management can defeat strong algorithms because compromise of the key can expose encrypted information or allow unauthorized signing, decryption, or impersonation. ISO/IEC 27002 Control 8.24, Use of cryptography, guides organizations to define rules for effective cryptographic use, including protection of confidentiality, authenticity, integrity, and non-repudiation where relevant. Key management responsibilities must be assigned clearly so that ownership, custody, approval, recovery, and emergency access are controlled. Option B relates to project security management, not cryptographic implementation specifically. Option C relates to network security and filtering, not cryptographic key governance. Cryptography requires policy decisions about algorithms, key lengths, certificate management, lifecycle handling, legal restrictions, and separation of duties. The exam’s correct answer is therefore option A because key management is a central technical and governance constraint of cryptographic protection. References/Chapters: ISO/IEC 27002:2022, Control 8.24 Use of cryptography; Control 5.15 Access control; Control 5.17 Authentication information.

==========