Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. EXIN
  3. ISO/IEC 27001 Lead Implementer

EXIN ISO/IEC 27001 Lead Implementer Exam (page: 4)
EXIN Certified ISO/IEC 27001 Lead Implementer
Updated on: 12-Feb-2026

Viewing Page 4 of 44
ISO/IEC 27001 Lead Implementer PDF 135 Questions

Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.
Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.
Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.
To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.
Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management. Based on the scenario above, answer the following question:
Which security control does NOT prevent information security incidents from recurring?

  1. Segregation of networks
  2. Privileged access rights
  3. Information backup

Answer(s): C

Explanation:

Information backup is a corrective control that aims to restore the information in case of data loss, corruption, or deletion. It does not prevent information security incidents from recurring, but rather mitigates their impact. The other options are preventive controls that reduce the likelihood of information security incidents by limiting the access to authorized personnel, segregating the networks, and using cryptography. These controls can help Socket Inc. avoid future attacks on its MongoDB database by addressing the vulnerabilities that were exploited by the hackers.


Reference:

ISO 27001:2022 Annex A 8.13 ­ Information Backup1
ISO 27001:2022 Annex A 8.1 ­ Access Control Policy2

ISO 27001:2022 Annex A 8.2 ­ User Access Management3
ISO 27001:2022 Annex A 8.3 ­ User Responsibilities4
ISO 27001:2022 Annex A 8.4 ­ System and Application Access Control ISO 27001:2022 Annex A 8.5 ­ Cryptography
ISO 27001:2022 Annex A 8.6 ­ Network Security Management



Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.
Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.
Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.
To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.
Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management.

Socket Inc. has implemented a control for the effective use of cryptography and cryptographic key management. Is this compliant with ISO/IEC 27001' Refer to scenario 3.

  1. No, the control should be implemented only for defining rules for cryptographic key management
  2. Yes, the control for the effective use of the cryptography can include cryptographic key management
  3. No, because the standard provides a separate control for cryptographic key management

Answer(s): B

Explanation:

According to ISO/IEC 27001:2022, Annex A.8.24, the control for the effective use of cryptography is intended to ensure proper and effective use of cryptography to protect the confidentiality, authenticity, and/or integrity of information. This control can include cryptographic key management, which is the process of generating, distributing, storing, using, and destroying cryptographic keys in a secure manner. Cryptographic key management is essential for ensuring the security and functionality of cryptographic solutions, such as encryption, digital signatures, or authentication.
The standard provides the following guidance for implementing this control:

A policy on the use of cryptographic controls should be developed and implemented. The policy should define the circumstances and conditions in which the different types of cryptographic controls should be used, based on the information classification scheme, the relevant agreements, legislation, and regulations, and the assessed risks. The policy should also define the standards and techniques to be used for each type of cryptographic control, such as the algorithms, key lengths, key formats, and key lifecycles. The policy should be reviewed and updated regularly to reflect the changes in the technology, the business environment, and the legal requirements.
The cryptographic keys should be managed through their whole lifecycle, from generation to destruction, in a secure and controlled manner, following the principles of need-to-know and segregation of duties.
The cryptographic keys should be protected from unauthorized access, disclosure, modification, loss, or theft, using appropriate physical and logical security measures, such as encryption, access control, backup, and audit.
The cryptographic keys should be changed or replaced periodically, or when there is a suspicion of compromise, following a defined process that ensures the continuity of the cryptographic services and the availability of the information.
The cryptographic keys should be securely destroyed when they are no longer required, or when they reach their end of life, using methods that prevent their recovery or reconstruction.


Reference:

ISO/IEC 27001:2022 Lead Implementer Course Guide1
ISO/IEC 27001:2022 Lead Implementer Info Kit2
ISO/IEC 27001:2022 Information Security Management Systems - Requirements3 ISO/IEC 27002:2022 Code of Practice for Information Security Controls4 Understanding Cryptographic Controls in Information Security5



Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.
Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.
Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.
To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.
Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management.

Can Socket Inc. find out that no persistent backdoor was placed and that the attack was initiated from an employee inside the company by reviewing event logs that record user faults and exceptions? Refer to scenario 3.

  1. Yes. Socket Inc. can find out that no persistent backdoor was placed by only reviewing user faults and exceptions logs
  2. No, Socket Inc should also have reviewed event logs that record user activities
  3. No, Socket Inc. should have reviewed all the logs on the syslog server

Answer(s): B

Explanation:

Event logs are records of events that occur in a system or network, such as user actions, faults, exceptions, errors, warnings, or security incidents. They can provide valuable information for monitoring, auditing, and troubleshooting purposes. Event logs can be categorized into different types, depending on the source and nature of the events. For example, user activity logs record the actions performed by users, such as login, logout, file access, or command execution. User fault and exception logs record the errors or anomalies that occur due to user input or behavior, such as invalid data entry, unauthorized access attempts, or system crashes. In scenario 3, Socket Inc. used a syslog server to centralize all logs in one server, which is a good practice for log management. However, to find out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company, Socket Inc. should have reviewed not only the user fault and exception logs, but also the user activity logs. The user activity logs could reveal any suspicious or malicious actions performed by the hackers or the employees, such as creating, modifying, or deleting files, executing commands, or installing software. By reviewing both types of logs, Socket Inc. could have a more complete picture of the incident and its root cause. Reviewing all the logs on the syslog server might not be necessary or feasible, as some logs might be irrelevant or too voluminous to analyze.


Reference:

ISO/IEC 27001:2022 Lead Implementer Course Content, Module 8: Performance Evaluation, Monitoring and Measurement of an ISMS based on ISO/IEC 27001:20221; ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection, Clause 9.1: Monitoring, measurement, analysis and evaluation2; ISO/IEC 27002:2022 Code of practice for information security controls, Clause 12.4: Logging and monitoring3



Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.
Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.
Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.
To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.
Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management.

Based on scenario 3, what would help Socket Inc. address similar information security incidents in the future?

  1. Using the MongoDB database with the default settings
  2. Using cryptographic keys to protect the database from unauthorized access
  3. Using the access control system to ensure that only authorized personnel is granted access

Answer(s): B

Explanation:

In Scenario 3, the measure that would help Socket Inc. address similar information security incidents in the future is "B. Using cryptographic keys to protect the database from unauthorized access." Implementing cryptographic controls, including cryptographic key management, is a proactive measure to secure the data in the MongoDB database against unauthorized access. It ensures that even if attackers gain access to the database, they cannot read or misuse the data without the appropriate cryptographic keys. This approach aligns with best practices for securing sensitive data and is part of a comprehensive security strategy.


Reference:

ISO 27001 - Annex A.10 ­ Cryptography
ISO 27001 Annex A.10 - Cryptography | ISMS.online
ISO 27001 cryptographic controls policy | What needs to be included?



Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.
Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.
Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.

To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.
Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management.

Based on scenario 3. which information security control of Annex A of ISO/IEC 27001 did Socket Inc. implement by establishing a new system to maintain, collect, and analyze information related to information security threats?

  1. Annex A 5.5 Contact with authorities
  2. Annex A 5 7 Threat Intelligence
  3. Annex A 5.13 Labeling of information

Answer(s): B

Explanation:

Annex A 5.7 Threat Intelligence is a new control in ISO 27001:2022 that aims to provide the organisation with relevant information regarding the threats and vulnerabilities of its information systems and the potential impacts of information security incidents. By establishing a new system to maintain, collect, and analyze information related to information security threats, Socket Inc. implemented this control and improved its ability to prevent, detect, and respond to information security incidents.


Reference:

ISO/IEC 27001:2022 Information technology -- Security techniques -- Information security management systems -- Requirements, Annex A 5.7 Threat Intelligence ISO/IEC 27002:2022 Information technology -- Security techniques -- Information security, cybersecurity and privacy protection controls, Clause 5.7 Threat Intelligence PECB ISO/IEC 27001:2022 Lead Implementer Course, Module 6: Implementation of Information Security Controls Based on ISO/IEC 27002:2022, Slide 18: A.5.7 Threat Intelligence



Viewing Page 4 of 44



Share your comments for EXIN ISO/IEC 27001 Lead Implementer exam with other users:

Jamil aljamil 12/4/2023 4:47:00 AM

it’s good but not senatios based
UNITED KINGDOM


tumz 1/16/2024 10:30:00 AM

very helpful
UNITED STATES


Matt 11/18/2023 2:32:00 AM

aligns with the pecd notes
Anonymous


Wafa 11/13/2023 3:06:00 AM

very helpful
Anonymous