Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GAQM ISO-IEC-LI - ISO / IEC 27002 - Lead Implementer

GAQM ISO-IEC-LI Premium Access     Download Demo    
Page: 1 / 2
Total 50 questions

What is an example of a good physical security measure?

A.

All employees and visitors carry an access pass.

B.

Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

C.

Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

What is the objective of classifying information?

A.

Authorizing the use of an information system

B.

Creating a label that indicates how confidential the information is

C.

Defining different levels of sensitivity into which information may be arranged

D.

Displaying on the document who is permitted access

Who is accountable to classify information assets?

A.

the CEO

B.

the CISO

C.

the Information Security Team

D.

the asset owner

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

A.

Risk bearing

B.

Risk avoiding 

C.

Risk neutral

D.

Risk passing

Who is authorized to change the classification of a document?

A.

 The author of the document

B.

The administrator of the document

C.

The owner of the document

D.

The manager of the owner of the document

Which of the following measures is a corrective measure?

A.

Incorporating an Intrusion Detection System (IDS) in the design of a computer center

B.

Installing a virus scanner in an information system

C.

Making a backup of the data that has been created or altered that day

D.

Restoring a backup of the correct database after a corrupt copy of the database was written over the original

What is the best way to comply with legislation and regulations for personal data protection?

A.

Performing a threat analysis

B.

Maintaining an incident register

C.

Performing a vulnerability analysis

D.

Appointing the responsibility to someone

A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

A.

If the risk analysis has not been carried out.

B.

When computer systems are kept in a cellar below ground level.

C.

When the computer systems are not insured.

D.

When the organization is located near a river.

Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

A.

screening

B.

authorizing

C.

controlling

D.

flexing

The identified owner of an asset is always an individual

A.

True

B.

False