Free Access to PECB.ISO-IEC-27001-Lead-Implementer.v2025-02-17.q125 with Valid Practice Test (Page 19)

Question 86

Based on scenario 6. when should Colin deliver the next training and awareness session?

A.After he ensures that the group of employees targeted have satisfied the organization's needs
B.After he determines the employees' availability and motivation
C.After he conducts a competence needs analysis and records the competence related issues

Question 87

Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the [^involved parties, including parents, other physicians, and the medical laboratory staff.
Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.
The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic's patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.
Based on scenario 1. what is a potential impact of the loss of integrity of information in HealthGenic?

A.Disruption of operations and performance degradation
B.Incomplete and incorrect medical reports
C.Service interruptions and complicated user interface

Question 88

The IT Department of a financial institution decided to implement preventive controls to avoid potential security breaches. Therefore, they separated the development, testing, and operating equipment, secured their offices, and used cryptographic keys. However, they are seeking further measures to enhance their security and minimize the risk of security breaches. Which of the following controls would help the IT Department achieve this objective?

A.Alarms to detect risks related to heat, smoke, fire, or water
B.Change all passwords of all systems
C.An access control software to restrict access to sensitive files

Correct Answer: C

An access control software is a type of preventive control that is designed to limit the access to sensitive files and information based on the user's identity, role, or authorization level. An access control software helps to protect the confidentiality, integrity, and availability of the information by preventing unauthorized users from viewing, modifying, or deleting it. An access control software also helps to create an audit trail that records who accessed what information and when, which can be useful for accountability and compliance purposes.
The IT Department of a financial institution decided to implement preventive controls to avoid potential security breaches. Therefore, they separated the development, testing, and operating equipment, secured their offices, and used cryptographic keys. However, they are seeking further measures to enhance their security and minimize the risk of security breaches. An access control software would help the IT Department achieve this objective by adding another layer of protection to their sensitive files and information, and ensuring that only authorized personnel can access them.
Reference:
ISO/IEC 27001:2022 Lead Implementer Course Guide1
ISO/IEC 27001:2022 Lead Implementer Info Kit2
ISO/IEC 27001:2022 Information Security Management Systems - Requirements3 ISO/IEC 27002:2022 Code of Practice for Information Security Controls4 What are Information Security Controls? - SecurityScorecard4 What Are the Types of Information Security Controls? - RiskOptics2 Integrity is the property of safeguarding the accuracy and completeness of information and processing methods. A breach of integrity occurs when information is modified or destroyed in an unauthorized or unintended manner. In this case, Diana accidently modified the order details of a customer without their permission, which resulted in the customer receiving an incorrect product. This means that the information about the customer's order was not accurate or complete, and therefore, the integrity principle was breached. Availability and confidentiality are two other information security principles, but they were not violated in this case. Availability is the property of being accessible and usable upon demand by an authorized entity, and confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems.

Question 89

An organization documented each security control that it Implemented by describing their functions in detail.
Is this compliant with ISO/IEC 27001?

A.No, the standard requires to document only the operation of processes and controls, so no description of each security control is needed
B.No, because the documented information should have a strict format, including the date, version number and author identification
C.Yes, but documenting each security control and not the process in general will make it difficult to review the documented information

Question 90

Which of the situations below can negatively affect the internal audit process?

A.Restricting the internal auditor's access to offices and documentation
B.Conducting internal audit interviews with all employees of the organization
C.Reporting the internal audit results to the top management

Question 86

Question 87

Question 88

Question 89

Question 90

Download PDF File