PECB iso iec 27001 lead implementer practice test

Responsibilities for information security in projects should be defined and allocated to:

• A. the project manager
• B. specified roles defined in the used project management method of the organization
• C. the InfoSec officer
• D. the owner of the involved asset

True or False: Organizations allowing teleworking activities, the physical security of the building and
the local environment of the teleworking site should be considered

• A. True
• B. False

Prior to employment, _________ as well as terms & conditions of employment are included as
controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and
are suitable for the roles for which they are considered.

• A. screening
• B. authorizing
• C. controlling
• D. flexing

It is allowed that employees and contractors are provided with an anonymous reporting channel to
report violations of information security policies or procedures (whistle blowing)

• A. True
• B. False

The identified owner of an asset is always an individual

• A. True
• B. False

Who is accountable to classify information assets?

• A. the CEO
• B. the CISO
• C. the Information Security Team
• D. the asset owner

Physical labels and ________ are two common forms of labeling which are mentioned in ISO 27002.

• A. metadata
• B. teradata
• C. bridge

What should be used to protect data on removable media if data confidentiality or integrity are
important considerations?

• A. backup on another removable medium
• B. cryptographic techniques
• C. a password
• D. logging

Which of these control objectives are NOT in the domain "12. OPERATIONAL SAFETY"?

• A. Protection against malicious code
• B. Redundancies
• C. Test data
• D. Technical vulnerability management

What is the ISO / IEC 27002 standard?

• A. It is a guide of good practices that describes the control objectives and recommended controls regarding information security.
• B. It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance with ISO / IEC 27001
• C. It is a guide for the development and use of applicable metrics and measurement techniques to determine the effectiveness of an ISMS and the controls or groups of controls implemented according to ISO / IEC 27001.