PECB ISO-IEC-27001-Lead-Implementer 問題集

質問 1：
Scenario:
Jane is a developer deploying an application using a language supported by her cloud provider. She doesn't manage the underlying infrastructure but needs control over the application and its environment.
Which cloud service model does Jane need?
A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
正解：B

質問 2：
An employee from Reyae Ltd. unintentionally sent an email containing critical business strategies to a competitor. Which information security principle was compromised in this case?
A. Integrity
B. Availability
C. Confidentiality
正解：C

質問 3：
Upon the risk assessment outcomes. Socket Inc. decided to:
* Require the use of passwords with at least 12 characters containing uppercase and lowercase letters, symbols, and numbers
* Require the change of passwords at least once every 60 days
* Keep backup copies of files on IT-provided network drives
* Assign users to a separate network when they have access to cloud storage files storing customers' personal data.
What is the most important asset to Socket Inc. associated with the use of cloud storage? Refer to scenario 5.
A. IT provided network drives
B. Employees with access to cloud storage files
C. Customers' personal data
正解：C

質問 4：
Which statement regarding organizational roles, responsibilities, and authorities is NOT correct?
A. Top management is responsible for reporting on the performance of the ISMS and cannot assign this responsibility to someone else
B. Top management must assign the responsibility for ensuring that the ISMS conforms to ISO/IEC 27001
C. A project manager can have information security responsibilities as well
正解：A

質問 5：
Scenario 7: InfoSec is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. After facing numerous information security incidents, InfoSec has decided to establish teams and implement measures to prevent potential incidents in the future Emma, Bob. and Anna were hired as the new members of InfoSec's information security team, which consists of a security architecture team, an incident response team (IRT) and a forensics team Emma's job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant.
Bob, a network expert, will deploy a screened subnet network architecture This architecture will isolate the demilitarized zone (OMZ) to which hosted public services are attached and InfoSec's publicly accessible resources from their private network Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company's network. Bob is also responsible for ensuring that a thorough evaluation of the nature of an unexpected event is conducted, including the details on how the event happened and what or whom it might affect.
Anna will create records of the data, reviews, analysis, and reports in order to keep evidence for the purpose of disciplinary and legal action, and use them to prevent future incidents. To do the work accordingly, she should be aware of the company's information security incident management policy beforehand Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have.
According to scenario 7, a demilitarized zone (DMZ) is deployed within InfoSec's network. What type of control has InfoSec implemented in this case?
A. Preventive
B. Detective
C. Corrective
正解：A

質問 6：
Scenario 6: CB Consulting iS a reputable firm based in Dublin, Ireland. providing Strategic business Solutions to diverse clients, With a dedicated team Of professionals, CB Consulting prides itself on its commitment to excellence, integrity, and client satisfaction. CB Consulting started implementing an ISMS aligned with ISOflEC 27001 as part of its ongoing commitment to enhancing its information security practices. Throughout this process, ensuring effective communication and adherence to establi Shed security protocols is essential.
Sarah, an employee at CB has been appointed as the head Of a new project focused on managing sensitive client data, Additionally, she is responsible for Overseeing activities during the response phase of incident management, including regular reporting to the incident manager of the incident management team and keeping key stakeholders informed. Meanwhile, CB Consulting has reassigned Tom to serve as the company's legal consultant.
CB Consulting has also reassigned Clare. formerly an IT security analyst, as their information security officer to oversee the implementation Of the ISMS and ensure compliance with ISO/IEC 27001. Clare's primary responsibility iS to conduct regular risk assessments. identlfy potential vulnerabilities, and implement appropriate Security measures to mitigate risks effectively. Clare has established a procedure Stating that information security risk assessments are conducted only when significant changes occur. playing a crucial role in strengthening the companys security posture and safeguarding against potential threats.
TO ensure it has a Competent workforce to meet information security Objectives, CB Consulting has implemented a process to and verify that all employees, including Sarah, Tom, and Clare, possess the necessary competence based on their education. training, or experience. Where gaps were identified, the company has taken specific actions such as providing additional training and mentoring. Additionally, CB Consulting retains documented information as evidence of the competencies requ.red and acquired.
CB Consulting has established a robust communication strategy aligned with industry standards to ensure secure and effective information exchange. It identified the requirements for communication on relevant issues. First, the company designated specific toles. Such as a public relations officer for external communication and a Security officer for internal matters, to manage sensitive issues like data breaches. Then.
communication triggers, content. and recipients were carefully defined. with messages pre-approved by management where necessary. Lastly, dedicated channels were implemented to ensure the confidentiality and integrity of transmitted information.
Based on the scenario above, answer the following question.
CB Consulting prioritizes transparent and Substantive communication practices to foster trust, enhance Stakeholder engagement, and reinforce its commitment to information security excellence. Which principle of effective communication is emphasized by this approach?
Transparency
Has CB Consulting taken appropriate measures to ensure compliance with ISO/IEC 27001 requirements regarding acquiring necessary competence? Refer to scenario 6.
A. Yes. CB Consulting has taken compliant actions regarding acquiring the necessary competence
B. No, reassigning current employees for tasks related to legal consulting is not permissible
C. No, reassigning current employees for tasks directly related to ISMS implementation management is not permissible
正解：A

質問 7：
The IT Department of a financial institution decided to implement preventive controls to avoid potential security breaches. Therefore, they separated the development, testing, and operating equipment, secured their offices, and used cryptographic keys. However, they are seeking further measures to enhance their security and minimize the risk of security breaches. Which of the following controls would help the IT Department achieve this objective?
A. Alarms to detect risks related to heat, smoke, fire, or water
B. An access control software to restrict access to sensitive files
C. Change all passwords of all systems
正解：B