PECB Risk Manager - ISO/IEC 27005 Risk Manager Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Exam A)
Scenario 1
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.
Henry concluded that one of the main concerns regarding the use of the application for online ordering was cyberattacks. What did Henry identify in this case? Refer to scenario 1.
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.
Henry concluded that one of the main concerns regarding the use of the application for online ordering was cyberattacks. What did Henry identify in this case? Refer to scenario 1.
A. A threat
B. The vulnerabilities of an asset
C. The consequences of a potential security incident
Answer: A
Question #7 (Topic: Exam A)
Scenario 1
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.
According to scenario 1, Bontton wanted to use an application that ensures only authorized users have access to customers’ personal data. Which information security principle does Bontton want to ensure in this case?
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.
According to scenario 1, Bontton wanted to use an application that ensures only authorized users have access to customers’ personal data. Which information security principle does Bontton want to ensure in this case?
A. Integrity
B. Availability
C. Confidentiality
Answer: C
Question #8 (Topic: Exam A)
According to ISO/IEC 27000, what is the definition of information security?
A. Preservation of confidentiality, integrity, and availability of information
B. Protection of privacy during the processing of personally identifiable information (PII)
C. Preservation of authenticity, accountability, and reliability in the cyberspace
Answer: A
Question #9 (Topic: Exam A)
Which statement regarding risks and opportunities is correct?
A. Risks always have a positive outcome, whereas opportunities have an unpredicted outcome
B. Opportunities might have a positive impact, whereas risks might have a negative impact
C. There is no difference between opportunities and risks; these terms can be used interchangeably
Answer: B
Question #10 (Topic: Exam A)
Which of the following risk assessment methods provides an information security risk assessment methodology and involves three phases build asset-based threat profiles, identify infrastructure vulnerabilities, and develop security strategy and plans?
A. OCTAVE-S
B. MEHARI
C. TRA
Answer: A
