1. Home
  2. GAQM
  3. GAQM: ISO
  4. ISO27-13-001
  5. ISO 27001 : 2013 - Certified Lead Auditor Questions and Answers

Pass the GAQM GAQM: ISO ISO27-13-001 Questions and answers with CertsForce

 GAQM Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

What is not one of the four main objectives of a risk analysis?

Options:
A.

Identifying assets and their value

B.

Implementing counter measures

C.

Establishing a balance between the costs of an incident and the costs of a security measure

D.

Determining relevant vulnerabilities and threats

Expert Solution
Questions # 12:

Who is responsible for Initial asset allocation to the user/custodian of the assets?

Options:
A.

Asset Manager

B.

Asset Owner

C.

Asset Practitioner

D.

Asset Stakeholder

Expert Solution
Questions # 13:

What is social engineering?

Options:
A.

A group planning for a social activity in the organization

B.

Creating a situation wherein a third party gains confidential information from you

C.

The organization planning an activity for welfare of the neighborhood

Expert Solution
Questions # 14:

Which of the following is a technical security measure?

Options:
A.

Encryption

B.

Security policy

C.

Safe storage of backups

D.

User role profiles.

Expert Solution
Questions # 15:

Implement plan on a test basis - this comes under which section of PDCA

Options:
A.

Plan

B.

Do

C.

Act

D.

Check

Expert Solution
Questions # 16:

Who are allowed to access highly confidential files?

Options:
A.

Employees with a business need-to-know

B.

Contractors with a business need-to-know

C.

Employees with signed NDA have a business need-to-know

D.

Non-employees designated with approved access and have signed NDA

Expert Solution
Questions # 17:

What is a repressive measure in case of a fire?

Options:
A.

Taking out a fire insurance

B.

Putting out a fire after it has been detected by a fire detector

C.

Repairing damage caused by the fire

Expert Solution
Questions # 18:

Changes to the information processing facilities shall be done in controlled manner.

Options:
A.

True

B.

False

Expert Solution
Questions # 19:

What type of compliancy standard, regulation or legislation provides a code of practice for information security?

Options:
A.

ISO/IEC 27002

B.

Personal data protection act

C.

Computer criminality act

D.

IT Service Management

Expert Solution
Questions # 20:

Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this?

Options:
A.

Social engineering threat

B.

Organisational threat

C.

Technical threat

D.

Malware threat

Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions