PECB ISO-IEC-27035-Lead-Incident-Manager Exam With Confidence Using Practice Dumps

Comprehensive and Detailed Explanation From Exact Extract:

ISO/IEC 27035 and ISO/IEC 27001 emphasize that information security awareness and training must extend to all personnel, not just those in technical roles. Clause 7.3.2 of ISO/IEC 27035-2 specifically states that “training should be made available to all staff,” including non-technical users, third-party service providers, contractors, and any personnel with access to organizational assets or systems.

The rationale is that every user is a potential entry point for cyber threats. Whether through phishing, social engineering, or misconfiguration, untrained staff can unintentionally compromise the organization’s security posture. Therefore, organizations must ensure that everyone—especially new hires, contractors, and third-party partners—is trained on incident reporting procedures, security responsibilities, and escalation paths.

Reference Extracts:

ISO/IEC 27035-2:2016, Clause 7.3.2: “Training and awareness activities should be targeted at all users of the organization's systems and services.”

ISO/IEC 27001:2022, Control 6.3: “Ensure that personnel are aware of their information security responsibilities.”

Correct answer: C

—

Comprehensive and Detailed Explanation From Exact Extract:

The SMART model (Specific, Measurable, Achievable, Relevant, Time-bound) is outlined in ISO/IEC 27035-2:2016 for defining and tracking performance metrics in incident response. The “Specific” component ensures that measures are clearly defined and understood by stakeholders to avoid ambiguity.

This clarity is essential for accountability, tracking, and reporting performance accurately, which directly aligns with Option B.

Comprehensive and Detailed Explanation From Exact Extract:

During the response phase, one of the most critical activities—according to ISO/IEC 27035-1 and 27035-2—is the documentation of actions, decisions, and results. Clause 6.4.6 of ISO/IEC 27035-1 emphasizes that all activities must be logged to support post-incident analysis, audit trails, and lessons learned. This ensures that:

Accountability is maintained

Decisions can be reviewed

Investigations are legally sound (especially in regulated environments)

While restoring systems (Option C) typically occurs in the recovery phase, logging activities and outcomes is essential during the actual response. Change control processes (Option B) are supporting functions but are not core to the immediate response phase.