Pre-Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

PECB ISO-IEC-27001-Lead-Implementer - PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam

PECB ISO-IEC-27001-Lead-Implementer Premium Access     Download Demo    
Page: 11 / 11
Total 346 questions

The purpose of control 5.9 inventory of Information and other associated assets of ISO/IEC 27001 is to identify organization ' s information and other associated assets in order to preserve their information security and assign ownership. Which of the following actions docs NOT fulfill this purpose?

A.

Conducting regular reviews of identified information and other associated assets

B.

Establishing rules to control physical and logical access to Information and other associated assets

C.

Assigning the responsibility for appropriately classifying and protecting information and other associated assets to the asset owners

Which security controls must be implemented to comply with ISO/IEC 27001?

A.

Those designed by the organization only

B.

Those included in the risk treatment plan

C.

Those listed in Annex A of ISO/IEC 27001, without any exception

Scenario 7: InfoSec is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. After facing numerous information security incidents, InfoSec has decided to establish teams and implement measures to prevent potential incidents in the future

Emma, Bob. and Anna were hired as the new members of InfoSec ' s information security team, which consists of a security architecture team, an incident response team (IRT) and a forensics team Emma ' s job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant.

Bob, a network expert, will deploy a screened subnet network architecture This architecture will isolate the demilitarized zone (OMZ) to which hosted public services are attached and InfoSec ' s publicly accessible resources from their private network Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company ' s network. Bob is also responsible for ensuring that a thorough evaluation of the nature of an unexpected event is conducted, including the details on how the event happened and what or whom it might affect.

Anna will create records of the data, reviews, analysis, and reports in order to keep evidence for the purpose of disciplinary and legal action, and use them to prevent future incidents. To do the work accordingly, she should be aware of the company ' s information security incident management policy beforehand

Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have.

Based on this scenario, answer the following question:

Based on his tasks, which team is Bob part of?

A.

Security architecture team

B.

Forensics team

C.

Incident response team