PECB ISO-IEC-27001 Lead Auditor Exam Questions Released

1. Which is not a requirement of HR prior to hiring?

2. A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company’s information is worth more and more and gone are the days when you could keep control yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis.

What is a qualitative risk analysis?

3. What is a repressive measure in case of a fire?

4. Below is Purpose of "Integrity", which is one of the Basic Components of Information Security

5. Does the security have the right to ask you to display your ID badges and check your bags?

6. You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password.

What kind of threat is this?

7. A hacker gains access to a web server and reads the credit card numbers stored on that

server.

Which security principle is violated?

8. There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good.

What is an example of the indirect damage caused by this fire?

9. Which measure is a preventive measure?

10. Which of the following is not a type of Information Security attack?

11. After a devastating office fire, all staff are moved to other branches of the company. At what moment in the incident management process is this measure effectuated?

12. You receive an E-mail from some unknown person claiming to be representative of your bank and asking for your account number and password so that they can fix your account. Such an attempt of social engineering is called

13. Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.

Which of these examples is a threat to integrity?

14. Cabling Security is associated with Power, telecommunication and network cabling carrying information are protected from interception and damage.

15. What is we do in ACT – From PDCA cycle

16. A hacker gains access to a webserver and can view a file on the server containing credit card numbers.

Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated?

17. What is the security management term for establishing whether someone’s identity is correct?

18. An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.

19. The following are the guidelines to protect your password, except:

20. Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password.

What type of threat is this?

21. The following are definitions of Information, except:

22. Which of the following is a preventive security measure?

23. Which department maintain’s contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications service providers depending on the service required.

24. Which of the following is a technical security measure?

25. Which of the following statements are correct for Clean Desk Policy?

26. Which threat could occur if no physical measures are taken?

27. All are prohibited in acceptable use of information assets, except:

28. In order to take out a fire insurance policy, an administration office must determine the value of the data that it manages.

Which factor is [b]not[/b] important for determining the value of data for an organization?

29. __________ is a software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

30. The computer room is protected by a pass reader. Only the System Management department has a pass.

What type of security measure is this?

31. Availability means

32. You see a blue color sticker on certain physical assets.

What does this signify?

33. A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

34. Who is authorized to change the classification of a document?

35. We can leave laptops during weekdays or weekends in locked bins.

36. Implement plan on a test basis – this comes under which section of PDCA

37. What is the relationship between data and information?

38. What is the purpose of an Information Security policy?

39. Information or data that are classified as ______ do not require labeling.

40. Information Security is a matter of building and maintaining ________ .