GAQM ISO 27001:2013 Certified Lead Auditor ISO-ISMS-LA ISO27-13-001 ISO-CLA Exam Questions and Answers – Page 1

Exam Question 21

Backup media is kept in the same secure area as the servers. What risk may the organisation be exposed to?

A. Unauthorised persons will have access to both the servers and backups
B. Responsibility for the backups is not defined well
C. After a fire, the information systems cannot be restored
D. After a server crash, it will take extra time to bring it back up again
Correct Answer:
C. After a fire, the information systems cannot be restored

Exam Question 22

The following are the guidelines to protect your password, except:

A. Don’t use the same password for various company system security access
B. Do not share passwords with anyone
C. For easy recall, use the same password for company and personal accounts
D. Change a temporary password on first log-on
Correct Answer:
B. Do not share passwords with anyone
C. For easy recall, use the same password for company and personal accounts

Exam Question 23

After a devastating office fire, all staff are moved to other branches of the company. At what moment in the incident management process is this measure effectuated?

A. Between incident and damage
B. Between detection and classification
C. Between recovery and normal operations
D. Between classification and escalation
Correct Answer:
A. Between incident and damage

Exam Question 24

A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.

A. Identifying assets and their value
B. Implementing counter measures
C. Establishing a balance between the costs of an incident and the costs of a security measure
D. Determining relevant vulnerabilities and threats
Correct Answer:
B. Implementing counter measures

Exam Question 25

What is the purpose of an Information Security policy?

A. An information security policy makes the security plan concrete by providing the necessary details
B. An information security policy provides insight into threats and the possible consequences
C. An information security policy provides direction and support to the management regarding information security
D. An information security policy documents the analysis of risks and the search for countermeasures
Correct Answer:
C. An information security policy provides direction and support to the management regarding information security

Exam Question 26

A fire breaks out in a branch office of a health insurance company. The personnel are transferred to neighboring branches to continue their work.
Where in the incident cycle is moving to a stand-by arrangements found?

A. between threat and incident
B. between recovery and threat
C. between damage and recovery
D. between incident and damage
Correct Answer:
D. between incident and damage

Exam Question 27

What is the standard definition of ISMS?

A. Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing, operating and maintaining organization’s reputation.
B. A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improving
C. A project-based approach to achieve business objectives for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security
D. A systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives.
Correct Answer:
D. A systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives.

Exam Question 28

The following are definitions of Information, except:

A. accurate and timely data
B. specific and organized data for a purpose
C. mature and measurable data
D. can lead to understanding and decrease in uncertainty
Correct Answer:
C. mature and measurable data

Exam Question 29

You receive the following mail from the IT support team: Dear User,Starting next week, we will be deleting all inactive email accounts in order to create spaceshare the below details in order to continue using your account. In case of no response,
Name:
Email ID:
Password:
DOB:
Kindly contact the webmail team for any further support. Thanks for your attention.
Which of the following is the best response?

A. Ignore the email
B. Respond it by saying that one should not share the password with anyone
C. One should not respond to these mails and report such email to your supervisor
Correct Answer:
C. One should not respond to these mails and report such email to your supervisor

Exam Question 30

The following are purposes of Information Security, except:

A. Ensure Business Continuity
B. Minimize Business Risk
C. Increase Business Assets
D. Maximize Return on Investment
Correct Answer:
C. Increase Business Assets