GAQM ISO 27001:2013 Certified Lead Auditor ISO-ISMS-LA ISO27-13-001 ISO-CLA Exam Questions and Answers – Page 1

Exam Question 31

Changes on project-managed applications or database should undergo the change control process as documenteD.

A. True
B. False
Correct Answer:
A. True

Exam Question 32

Who is authorized to change the classification of a document?

A. The author of the document
B. The administrator of the document
C. The owner of the document
D. The manager of the owner of the document
Correct Answer:
C. The owner of the document

Exam Question 33

All are prohibited in acceptable use of information assets, except:

A. Electronic chain letters
B. E-mail copies to non-essential readers
C. Company-wide e-mails with supervisor/TL permission.
D. Messages with very large attachments or to a large number ofrecipients.
Correct Answer:
C. Company-wide e-mails with supervisor/TL permission.

Exam Question 34

You are the lead auditor of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks.
What is this risk strategy called?

A. Risk bearing
B. Risk avoidance
C. Risk neutral
D. Risk skipping
Correct Answer:
A. Risk bearing

Exam Question 35

A hacker gains access to a web server and reads the credit card numbers stored on that server. Which security principle is violated?

A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
Correct Answer:
B. Confidentiality

Exam Question 36

What is the goal of classification of information?

A. To create a manual about how to handle mobile devices
B. Applying labels making the information easier to recognize
C. Structuring information according to its sensitivity
Correct Answer:
C. Structuring information according to its sensitivity

Exam Question 37

A hacker gains access to a webserver and can view a file on the server containing credit card numbers.
Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated?

A. Availability
B. Confidentiality
C. Integrity
D. Compliance
Correct Answer:
B. Confidentiality

Exam Question 38

What type of measure involves the stopping of possible consequences of security incidents?

A. Corrective
B. Detective
C. Repressive
D. Preventive
Correct Answer:
C. Repressive

Exam Question 39

Which department maintain’s contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications service providers depending on the service requireD.

A. COO
B. CISO
C. CSM
D. MRO
Correct Answer:
B. CISO

Exam Question 40

What type of system ensures a coherent Information Security organisation?

A. Federal Information Security Management Act (FISMA)
B. Information Technology Service Management System (ITSM)
C. Information Security Management System (ISMS)
D. Information Exchange Data System (IEDS)
Correct Answer:
C. Information Security Management System (ISMS)