1. Home
  2. GAQM
  3. GAQM: ISO
  4. ISO-IEC-LI
  5. ISO / IEC 27002 - Lead Implementer Questions and Answers

Pass the GAQM GAQM: ISO ISO-IEC-LI Questions and answers with CertsForce

 GAQM Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Prior to employment, _________ as well as terms & conditions of employment are included as controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

Options:
A.

screening

B.

authorizing

C.

controlling

D.

flexing

Expert Solution
Questions # 2:

ISO 27002 provides guidance in the following area

Options:
A.

PCI environment scoping

B.

Information handling recommendations

C.

Framework for an overall security and compliance program

D.

Detailed lists of required policies and procedures

Expert Solution
Questions # 3:

What is the greatest risk for an organization if no information security policy has been defined?

Options:
A.

If everyone works with the same account, it is impossible to find out who worked on what.

B.

Information security activities are carried out by only a few people.

C.

Too many measures are implemented.

D.

It is not possible for an organization to implement information security in a consistent manner.

Expert Solution
Questions # 4:

You apply for a position in another company and get the job. Along with your contract, you are asked to sign a code of conduct. What is a code of conduct?

Options:
A.

A code of conduct specifies how employees are expected to conduct themselves and is the same for all companies.

B.

A code of conduct is a standard part of a labor contract.

C.

A code of conduct differs from company to company and specifies, among other things, the rules of behavior with regard to the usage of information systems.

Expert Solution
Questions # 5:

What are the data protection principles set out in the GDPR?

Options:
A.

Purpose limitation, proportionality, availability, data minimisation

B.

Purpose limitation, proportionality, data minimisation, transparency

C.

Target group, proportionality, transparency, data minimisation

D.

Purpose limitation, pudicity, transparency, data minimisation

Expert Solution
Questions # 6:

You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports.

Which reliability aspect of the information in your reports must you protect?

Options:
A.

Availability

B.

Integrity

C.

Confidentiality

Expert Solution
Questions # 7:

It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures (“whistle blowing”)

Options:
A.

True

B.

False

Expert Solution
Questions # 8:

What is the best description of a risk analysis?

Options:
A.

A risk analysis is a method of mapping risks without looking at company processes.

B.

A risk analysis helps to estimate the risks and develop the appropriate security measures.

C.

A risk analysis calculates the exact financial consequences of damages.

Expert Solution
Questions # 9:

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

Options:
A.

Risk bearing

B.

Risk avoiding 

C.

Risk neutral

D.

Risk passing

Expert Solution
Questions # 10:

Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)

Options:
A.

Work in safe areas

B.

Cryptographic Controls Use Policy

C.

Physical security perimeter

D.

Key management

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions