Winter Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. GAQM
  3. GAQM: ISO
  4. ISO-ISMS-LA
  5. ISO 27001:2013 ISMS - Certified Lead Auditor Questions and Answers

ISO-ISMS-LA Sample Questions Answers

Questions 4

A planning process that introduced the concept of planning as a cycle that forms the basis for continuous improvement is called:

Options:

A.

 time based planning.

B.

plan, do, check, act.

C.

planning for continuous improvement.

D.

RACI Matrix

Buy Now
Questions 5

A property of Information that has the ability to prove occurrence of a claimed event.

Options:

A.

Electronic chain letters 

B.

Integrity

C.

Availability

D.

Accessibility

Buy Now
Questions 6

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure? 

Options:

A.

Appoint security staff

B.

Encrypt all sensitive information 

C.

Formulate a policy 

D.

Set up an access control procedure 

Buy Now
Questions 7

Which of the following factors does NOT contribute to the value of data for an organisation?

Options:

A.

The correctness of data 

B.

The indispensability of data  

C.

The importance of data for processes 

D.

The content of data

Buy Now
Questions 8

A scenario wherein the city or location where the building(s) reside is / are not accessible.

Options:

A.

Component

B.

Facility

C.

City

D.

Country

Buy Now
Questions 9

What type of system ensures a coherent Information Security organisation? 

Options:

A.

Federal Information Security Management Act (FISMA) 

B.

Information Technology Service Management System (ITSM)

C.

Information Security Management System (ISMS) 

D.

Information Exchange Data System (IEDS)

Buy Now
Questions 10

You are the lead auditor of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. 

What is this risk strategy called? 

Options:

A.

Risk bearing

B.

Risk avoidance 

C.

Risk neutral 

D.

Risk skipping

Buy Now
Questions 11

Four types of Data Classification (Choose two)

Options:

A.

Restricted Data, Confidential Data

B.

Project Data, Highly Confidential Data

C.

Financial Data, Highly Confidential Data

D.

Unrestricted Data, Highly Confidential Data

Buy Now
Questions 12

We can leave laptops during weekdays or weekends in locked bins.

Options:

A.

True

B.

False

Buy Now
Questions 13

What controls can you do to protect sensitive data in your computer when you go out for lunch?

Options:

A.

You activate your favorite screen-saver

B.

You are confident to leave your computer screen as is since a password protected screensaver is installed and it is set to activate after 10 minutes of inactivity

C.

You lock your computer by pressing Windows+L or CTRL-ALT-DELETE and then click "Lock Computer".

D.

You turn off the monitor

Buy Now
Questions 14

Which of the following does a lack of adequate security controls represent?

Options:

A.

Asset

B.

Vulnerability

C.

Impact

D.

Threat

Buy Now
Questions 15

Which of the following is not a type of Information Security attack?

Options:

A.

Legal Incidents

B.

Vehicular Incidents

C.

Technical Vulnerabilities

D.

Privacy Incidents

Buy Now
Questions 16

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. 

What is not one of the four main objectives of a risk analysis?

Options:

A.

Identifying assets and their value

B.

Implementing counter measures

C.

Establishing a balance between the costs of an incident and the costs of a security measure

D.

Determining relevant vulnerabilities and threats  

Buy Now
Questions 17

A fire breaks out in a branch office of a health insurance company. The personnel are transferred to neighboring branches to continue their work. 

Where in the incident cycle is moving to a stand-by arrangements found? 

Options:

A.

between threat and incident

B.

between recovery and threat 

C.

between damage and recovery

D.

between incident and damage

Buy Now
Questions 18

__________ is a software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Options:

A.

Trojan

B.

Operating System

C.

Virus

D.

Malware

Buy Now
Questions 19

CEO sends a  mail giving his views on the status of the company and the company’s future strategy and the CEO's vision and the employee's part in it. The mail should be classified as

Options:

A.

Internal Mail

B.

Public Mail

C.

Confidential Mail

D.

Restricted Mail

Buy Now
Questions 20

Who are allowed to access highly confidential files?

Options:

A.

Employees with a business need-to-know

B.

Contractors with a business need-to-know

C.

Employees with signed NDA have a business need-to-know

D.

Non-employees designated with approved access and have signed NDA

Buy Now
Questions 21

What is a definition of compliance? 

Options:

A.

Laws, considered collectively or the process of making or enacting laws 

B.

The state or fact of according with or meeting rules or standards

C.

An official or authoritative instruction 

D.

A rule or directive made and maintained by an authority.

Buy Now
Questions 22

A hacker gains access to a webserver and can view a file on the server containing credit card numbers. 

Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated? 

Options:

A.

Availability 

B.

Confidentiality

C.

Integrity

D.

Compliance

Buy Now
Questions 23

Cabling Security is associated with Power, telecommunication and network cabling carrying information are protected from interception and damage.

Options:

A.

True

B.

False

Buy Now
Questions 24

What is the difference between a restricted and confidential document?

Options:

A.

Restricted - to be shared among an authorized group

Confidential - to be shared among named individuals

B.

Restricted - to be shared among named individuals 

Confidential - to be shared among an authorized group

C.

Restricted - to be shared among named individuals 

Confidential - to be shared across the organization only

D.

Restricted - to be shared among named individuals 

Confidential - to be shared with friends and family

Buy Now
Questions 25

CMM stands for?

Options:

A.

Capability Maturity Matrix

B.

Capacity Maturity Matrix

C.

Capability Maturity Model

D.

Capable Mature Model

Buy Now
Questions 26

What is the standard definition of ISMS? 

Options:

A.

Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing,operating and maintaining organization's reputation.

B.

A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improving

C.

A project-based approach to achieve business objectives for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security

D.

A systematic approach for establishing, implementing, operating,monitoring, reviewing,  maintaining and improving an organization’s information security to achieve business objectives.

Buy Now
Questions 27

How is the purpose of information security policy best described?

Options:

A.

An information security policy documents the analysis of risks and the search for countermeasures.

B.

An information security policy provides direction and support to the management regarding information security. 

C.

An information security policy makes the security plan concrete by providing it with the necessary details.

D.

An information security policy provides insight into threats and the possible consequences. 

Buy Now
Questions 28

You receive an E-mail from some unknown person claiming to be representative of your bank and asking for your account number and password so that they can fix your account. Such an attempt of social engineering is called

Options:

A.

Shoulder Surfing

B.

Mountaineering

C.

Phishing

D.

Spoofing

Buy Now
Questions 29

An administration office is going to determine the dangers to which it is exposed. 

What do we call a possible event that can have a disruptive effect on the reliability of information? 

Options:

A.

dependency

B.

threat

C.

vulnerability 

D.

risk 

Buy Now
Questions 30

An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.

Options:

A.

True

B.

False

Buy Now
Exam Code: ISO-ISMS-LA
Exam Name: ISO 27001:2013 ISMS - Certified Lead Auditor
Last Update: Nov 13, 2024
Questions: 100
$64  $159.99
$48  $119.99
$40  $99.99
buy now ISO-ISMS-LA