PECB Lead Auditor - ISO/IEC 27001 Lead Auditor Exam
Page: 2 / 32
Total 159 questions
Question #6 (Topic: Exam A)
After an information security incident, an organization created a comprehensive backup procedure involving regular, automated backups of all critical data to offsite storage locations. By doing so, which principle of information security is the organization applying in this case?
A. Integrity
B. Confidentiality
C. Availability
Answer: C
Question #7 (Topic: Exam A)
A data processing tool crashed when a user added more data to the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?
A. Intrinsic vulnerability, i.e., inability to bound check arrays, is a characteristic of the data processing tool
B. Extrinsic vulnerability, i.e., the exploit of the buffer overflow vulnerability, is caused by an external factor
C. None; buffer overflow is not a vulnerability; it is a threat
Answer: A
Question #8 (Topic: Exam A)
Which of the following best defines managerial controls?
A. Controls related to the management of personnel, including training of employees, management reviews, and internal audits
B. Controls related to organizational structure, such as segregation of duties, job rotations, job descriptions, and approval processes
C. Controls related to the use of technical measures or technologies, such as firewalls, alarm systems, surveillance cameras, and IDSs
Answer: A
Question #9 (Topic: Exam A)
What is the objective of penetration testing in the risk assessment process?
A. To conduct thorough code reviews
B. To identify potential failures in the ICT protection schemes
C. To physically inspect hardware components
Answer: B
Question #10 (Topic: Exam A)
Which controls are related to the Annex A controls of ISO/IEC 27001 and are often selected from other guides and standards or defined by the organization to meet its specific needs?
A. General controls
B. Strategic controls
C. Specific controls
Answer: C
