GAQM ISO 27001:2013 Certified Lead Auditor ISO-ISMS-LA ISO27-13-001 ISO-CLA Exam Questions and Answers – Page 1

Exam Question 11

Integrity of data means

A. Accuracy and completeness of the data
B. Data should be viewable at all times
C. Data should be accessed by only the right people
Correct Answer:
A. Accuracy and completeness of the data

Exam Question 12

As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an organisational measure to protect laptop computers. What is the first step in a structured approach to come up with this measure?

A. Appoint security staff
B. Encrypt all sensitive information
C. Formulate a policy
D. Set up an access control procedure
Correct Answer:
C. Formulate a policy

Exam Question 13

Which of the following is a preventive security measure?

A. Installing logging and monitoring software
B. Shutting down the Internet connection after an attack
C. Storing sensitive information in a data save
Correct Answer:
C. Storing sensitive information in a data save

Exam Question 14

What type of compliancy standard, regulation or legislation provides a code of practice for information security?

A. ISO/IEC 27002
B. Personal data protection act
C. Computer criminality act
D. IT Service Management
Correct Answer:
A. ISO/IEC 27002

Exam Question 15

A scenario wherein the city or location where the building(s) reside is / are not accessible.

A. Component
B. Facility
C. City
D. Country
Correct Answer:
C. City

Exam Question 16

You have a hard copy of a customer design document that you want to dispose off. What would you do

A. Throw it in any dustbin
B. Shred it using a shredder
C. Give it to the office boy to reuse it for other purposes
D. Be environment friendly and reuse it for writing
Correct Answer:
B. Shred it using a shredder

Exam Question 17

What type of legislation requires a proper controlled purchase process?

A. Personal data protection act
B. Computer criminality act
C. Government information act
D. Intellectual property rights act
Correct Answer:
D. Intellectual property rights act

Exam Question 18

Which of the following is a technical security measure?

A. Encryption
B. Security policy
C. Safe storage of backups
D. User role profiles
Correct Answer:
A. Encryption

Exam Question 19

In the event of an Information security incident, system users’ roles and responsibilities are to be observed, except:

A. Report suspected or known incidents upon discovery through the Servicedesk
B. Preserve evidence if necessary
C. Cooperate with investigative personnel during investigation if needed
D. Make the information security incident details known to all employees
Correct Answer:
D. Make the information security incident details known to all employees

Exam Question 20

Which of the following does a lack of adequate security controls represent?

A. Asset
B. Vulnerability
C. Impact
D. Threat
Correct Answer:
B. Vulnerability