After an information security incident, an organization created a comprehensive backup procedure involving regular, automated backups of all critical data to offsite storage locations. By doing so, which principle of information security is the organization applying in this case?
Answer(s): C
By creating a comprehensive backup procedure involving regular, automated backups to offsite storage locations, the organization is ensuring that critical data is recoverable in case of an incident. This aligns with the principle of Availability, which focuses on ensuring that information and systems are accessible when needed.
A data processing tool crashed when a user added more data to the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?
Answer(s): A
The incident is caused by the tool's inherent inability to bound check arrays, which is an intrinsic vulnerability of the data processing tool itself. Intrinsic vulnerabilities are weaknesses in the system or software that stem from its design or implementation. In this case, the lack of proper array bounds checking directly led to the buffer overflow.
Which of the following best defines managerial controls?
Managerial controls focus on the management aspects of an organization's security framework. They typically include activities such as training, management reviews, audits, and overall policy enforcement to ensure that security objectives are met. These controls are designed to guide and oversee the organization's personnel and operations.
What is the objective of penetration testing in the risk assessment process?
Answer(s): B
The objective of penetration testing in the risk assessment process is to simulate attacks on the organization's information and communication technology (ICT) systems to identify vulnerabilities or weaknesses in the protection schemes. This helps to assess the effectiveness of security controls and identify potential failures before they can be exploited by malicious actors.
Which controls are related to the Annex A controls of ISO/IEC 27001 and are often selected from other guides and standards or defined by the organization to meet its specific needs?
Specific controls in ISO/IEC 27001 Annex A are tailored to an organization's particular needs and circumstances. These controls are often selected from other guides, standards, or frameworks or are defined by the organization itself to address specific risks and requirements.
Share your comments for PECB ISO-IEC-27001-Lead-Auditor exam with other users:
pls upload the questions
good questions
question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.
i need this exam pls
its required for me, please make it enable to access. thanks
seems good..
took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
no comments
nice questions bring out the best in you.
really helpful
question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
are the question real or fake?
thank you for providing such assistance.
nice questions
my 3rd purcahse from this site. these exam dumps are helpful. very helpful.
found it good
excellent material
very helpfull
well explained.
i need the pdf, please.
a good source for exam preparation
i need ielts general training audio guide questions
please make this content available
content is good
latest dumps please
aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
answer to this question "what administrative safeguards should be implemented to protect the collected data while in use by manasa and her product management team? " it should be (c) for the following reasons: this administrative safeguard involves controlling access to collected data by ensuring that only individuals who need the data for their job responsibilities have access to it. this helps minimize the risk of unauthorized access and potential misuse of sensitive information. while other options such as (a) documenting data flows and (b) conducting a privacy impact assessment (pia) are important steps in data protection, implementing a "need to know" access policy directly addresses the issue of protecting data while in use by limiting access to those who require it for legitimate purposes. (d) is not directly related to safeguarding data during use; it focuses on data transfers and location.
password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
for question 4, the righr answer is :recover automatically from failures