FreeQAs
 Request Exam  Contact
  • Home
  • View All Exams
  • New QA's
  • Upload
PRACTICE EXAMS:
  • Oracle
  • Fortinet
  • Juniper
  • Microsoft
  • Cisco
  • Citrix
  • CompTIA
  • VMware
  • ISC
  • SAP
  • EMC
  • PMI
  • HP
  • Salesforce
  • Other
  • Oracle
    Oracle
  • Fortinet
    Fortinet
  • Juniper
    Juniper
  • Microsoft
    Microsoft
  • Cisco
    Cisco
  • Citrix
    Citrix
  • CompTIA
    CompTIA
  • VMware
    VMware
  • ISC
    ISC
  • SAP
    SAP
  • EMC
    EMC
  • PMI
    PMI
  • HP
    HP
  • Salesforce
    Salesforce
  1. Home
  2. PECB Certification
  3. ISO-IEC-27001-Lead-Implementer Exam
  4. PECB.ISO-IEC-27001-Lead-Implementer.v2025-06-12.q165 Dumps
  • ««
  • «
  • …
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • »
Download Now

Question 151

Based on the last paragraph of scenario 6, which principles of an effective communication strategy did Colin NOT follow?

Correct Answer: B
insert code

Question 152

Scenario 8: SunDee is a biopharmaceutical firm headquartered in California, US. Renowned for its pioneering work in the field of human therapeutics, SunDee places a strong emphasis on addressing critical healthcare concerns, particularly in the domains of cardiovascular diseases, oncology, bone health, and inflammation. SunDee has demonstrated its commitment to data security and integrity by maintaining an effective information security management system (ISMS) based on ISO/IEC 27001 for the past two years.
In preparation for the recertification audit, SunDee conducted an internal audit. The company's top management appointed Alex, who has actively managed the Compliance Department's day-to-day operations for the last six months, as the internal auditor. With this dual role assignment, Alex is tasked with conducting an audit that ensures compliance and provides valuable recommendations to improve operational efficiency.
During the internal audit, a few nonconformities were identified. To address them comprehensively, the company created action plans for each nonconformity, working closely with the audit team leader.
SunDee's senior management conducted a comprehensive review of the ISMS to evaluate its appropriateness, sufficiency, and efficiency. This was integrated into their regular management meetings. Essential documents, including audit reports, action plans, and review outcomes, were distributed to all members before the meeting. The agenda covered the status of previous review actions, changes affecting the ISMS, feedback, stakeholder inputs, and opportunities for improvement. Decisions and actions targeting ISMS improvements were made, with a significant role played by the ISMS coordinator and the internal audit team in preparing follow-up action plans, which were then approved by top management.
In response to the review outcomes, SunDee promptly implemented corrective actions, strengthening its information security measures. Additionally, dashboard tools were introduced to provide a high-level overview of key performance indicators essential for monitoring the organization's information security management. These indicators included metrics on security incidents, their costs, system vulnerability tests, nonconformity detection, and resolution times, facilitating effective recording, reporting, and tracking of monitoring activities. Furthermore, SunDee embarked on a comprehensive measurement process to assess the progress and outcomes of ongoing projects, implementing extensive measures across all processes. The top management determined that the individual responsible for the information, aside from owning the data that contributes to the measures, would also be designated accountable for executing these measurement activities.
Based on the scenario above, answer the following question:
Based on scenario 8, which of the following dashboards did SunDee utilize?

Correct Answer: C
insert code

Question 153

Scenario 6: Skyver manufactures electronic products, such as gaming consoles, flat-screen TVs, computers, and printers. In order to ensure information security, the company has decided to implement an information security management system (ISMS) based on ISO/IEC 27001.
Colin, the company's information security manager, decided to conduct a training and awareness session for the company's staff about the information security risks and the controls implemented to mitigate them. The session covered various topics, including Skyver's information security approaches, techniques for mitigating phishing and malware, and a dedicated segment on securing cloud infrastructure and services. This particular segment explored the shared responsibility model and concepts such as identity and access management in the cloud. Colin organized the training and awareness sessions through engaging presentations, interactive discussions, and practical demonstrations to ensure that the personnel were well-informed by security principles and practices.
One of the participants in the session was Lisa, who works in the HR Department. Although Colin explained Skyver's information security policies and procedures in an honest and fair manner, she found some of the issues being discussed too technical and did not fully understand the session. Therefore, in many cases, she would request additional help from the trainer and her colleagues. In a supportive manner, Colin suggested Lisa consider attending the session again.
Skyver has been exploring the implementation of AI solutions to help understand customer preferences and provide personalized recommendations for electronic products. The aim was to utilize AI technologies to enhance problem-solving capabilities and provide suggestions to customers. This strategic initiative aligned with Skyver's commitment to improving the customer experience through data-driven insights.
Additionally, Skyver looked for a flexible cloud infrastructure that allows the company to host certain services on internal and secure infrastructure and other services on external and scalable platforms that can be accessed from anywhere. This setup would enable various deployment options and enhance information security, crucial for Skyver's electronic product development.
According to Skyver, implementing additional controls in the ISMS implementation plan has been successfully executed, and the company was ready to transition into operational mode. Skyver assigned Colin the responsibility of determining the materiality of this change within the company.
Based on the scenario above, answer the following question:
Did Skyver assign the adequate person for determining the materiality of the transition into operational mode of the ISMS?

Correct Answer: B
insert code

Question 154

An organization has implemented a control that enables the company to manage storage media through their life cycle of use. acquisition, transportation and disposal. Which control category does this control belong to?

Correct Answer: B
According to ISO/IEC 27001:2022, the control that enables the organization to manage storage media through their life cycle of use, acquisition, transportation and disposal belongs to the category of physical and environmental security. This category covers the controls that prevent unauthorized physical access, damage and interference to the organization's information and information processing facilities. The specific control objective for this control is A.11.2.7 Secure disposal or reuse of equipment1, which states that "equipment containing storage media shall be checked to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or reuse."2
insert code

Question 155

Scenario 2: Beauty is a cosmetics company that has recently switched to an e-commerce model, leaving the traditional retail. The top management has decided to build their own custom platform in-house and outsource the payment process to an external provider operating online payments systems that support online money transfers.
Due to this transformation of the business model, a number of security controls were implemented based on the identified threats and vulnerabilities associated to critical assets. To protect customers' information.
Beauty's employees had to sign a confidentiality agreement. In addition, the company reviewed all user access rights so that only authorized personnel can have access to sensitive files and drafted a new segregation of duties chart.
However, the transition was difficult for the IT team, who had to deal with a security incident not long after transitioning to the e commerce model. After investigating the incident, the team concluded that due to the out-of-date anti-malware software, an attacker gamed access to their files and exposed customers' information, including their names and home addresses.
The IT team decided to stop using the old anti-malware software and install a new one which would automatically remove malicious code in case of similar incidents. The new software was installed in every workstation within the company. After installing the new software, the team updated it with the latest malware definitions and enabled the automatic update feature to keep it up to date at all times. Additionally, they established an authentication process that requires a user identification and password when accessing sensitive information.
In addition, Beauty conducted a number of information security awareness sessions for the IT team and other employees that have access to confidential information in order to raise awareness on the importance of system and network security.
According to scenario 2. Beauty has reviewed all user access rights. What type of control is this?

Correct Answer: A
Explanation
According to ISO/IEC 27001:2022, controls can be classified into different types based on their nature and purpose1. Some of the common types of controls are:
Preventive controls: These are controls that aim to prevent or deter the occurrence of a security incident or reduce its likelihood. Examples of preventive controls are encryption, firewalls, locks, policies, etc.
Detective controls: These are controls that aim to detect or discover the occurrence of a security incident or its symptoms. Examples of detective controls are logs, alarms, audits, etc.
Corrective controls: These are controls that aim to correct or restore the normal state of an asset or a process after a security incident or mitigate its impact. Examples of corrective controls are backups, recovery plans, incident response teams, etc.
Administrative controls: These are controls that involve the management and governance of information security, such as policies, procedures, roles, responsibilities, awareness, training, etc.
Technical controls: These are controls that involve the use of technology or software to implement information security, such as encryption, firewalls, anti-malware, authentication, etc.
Physical controls: These are controls that involve the protection of physical assets or locations from unauthorized access, damage, or theft, such as locks, fences, cameras, guards, etc.
Legal controls: These are controls that involve the compliance with laws, regulations, contracts, or agreements related to information security, such as privacy laws, data protection laws, confidentiality agreements, etc.
In this scenario, reviewing all user access rights is a type of detective and administrative control. It is a detective control because it helps to identify any unauthorized or inappropriate access to sensitive information or systems. It is also an administrative control because it involves the definition and enforcement of policies and procedures for granting, revoking, and monitoring user access rights.
References:
ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements
insert code
  • ««
  • «
  • …
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • »
[×]

Download PDF File

Enter your email address to download PECB.ISO-IEC-27001-Lead-Implementer.v2025-06-12.q165 Dumps

Email:

FreeQAs

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

  • DMCA
  • About
  • Contact Us
  • Privacy Policy
  • Terms & Conditions
©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.