ISO-IEC-27001-LEAD-AUDITOR Online Practice Questions and Answers

You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password. What kind of threat is this?

A. Natural threat

B. Organizational threat

C. Social Engineering

D. Arason

A hacker gains access to a web server and reads the credit card numbers stored on that server. Which security principle is violated?

A. Availability

B. Confidentiality

C. Integrity

D. Authenticity

Which measure is a preventive measure?

A. Installing a logging system that enables changes in a system to be recognized

B. Shutting down all internet traffic after a hacker has gained access to the company systems

C. Putting sensitive information in a safe

Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this?

A. Social engineering threat

B. Organisational threat

C. Technical threat

D. Malware threat

Which threat could occur if no physical measures are taken?

A. Unauthorised persons viewing sensitive files

B. Confidential prints being left on the printer

C. A server shutting down because of overheating

D. Hackers entering the corporate network

Information or data that are classified as ______ do not require labeling.

A. Public

B. Internal

C. Confidential

D. Highly Confidential

Stages of Information:

A. creation, evolution, maintenance, use, disposition

B. creation, use, disposition, maintenance, evolution

C. creation, distribution, use, maintenance, disposition

D. creation, distribution, maintenance, disposition, use

What is a reason for the classification of information?

A. To provide clear identification tags

B. To structure the information according to its sensitivity

C. Creating a manual describing the BYOD policy

What is a definition of compliance?

A. Laws, considered collectively or the process of making or enacting laws

B. The state or fact of according with or meeting rules or standards

C. An official or authoritative instruction

D. A rule or directive made and maintained by an authority.

CMM stands for?

A. Capability Maturity Matrix

B. Capacity Maturity Matrix

C. Capability Maturity Model

D. Capable Mature Model

Which is the glue that ties the triad together

A. Process

B. People

C. Collaboration

D. Technology

-------------------------is an asset like other important business assets has value to an organization and consequently needs to be protected.

A. Infrastructure

B. Data

C. Information

D. Security

Backup media is kept in the same secure area as the servers. What risk may the organisation be exposed to?

A. Unauthorised persons will have access to both the servers and backups

B. Responsibility for the backups is not defined well

C. After a fire, the information systems cannot be restored

D. After a server crash, it will take extra time to bring it back up again

Which of the following factors does NOT contribute to the value of data for an organisation?

A. The correctness of data

B. The indispensability of data

C. The importance of data for processes

D. The content of data

In what part of the process to grant access to a system does the user present a token?

A. Authorisation

B. Verification

C. Authentication

D. Identification