GAQM ISO 27001:2013 Certified Lead Auditor ISO-ISMS-LA ISO27-13-001 ISO-CLA Exam Questions and Answers – Page 1

Exam Question 51

What is the security management term for establishing whether someone’s identity is correct?

A. Identification
B. Authentication
C. Authorisation
D. Verification
Correct Answer:
B. Authentication

Exam Question 52

The computer room is protected by a pass reader. Only the System Management department has a pass.

What type of security measure is this?

A. a corrective security measure
B. a physical security measure
C. a logical security measure
D. a repressive security measure
Correct Answer:
B. a physical security measure

Exam Question 53

What is a reason for the classification of information?

A. To provide clear identification tags
B. To structure the information according to its sensitivity
C. Creating a manual describing the BYOD policy
Correct Answer:
B. To structure the information according to its sensitivity

Exam Question 54

An employee caught with offense of abusing the internet, such as P2P file sharing or video/audio streaming, will not receive a warning for committing such act but will directly receive an IR.

A. True
B. False
Correct Answer:
A. True

Exam Question 55

A planning process that introduced the concept of planning as a cycle that forms the basis for continuous improvement is called:

A. time based planning.
B. plan, do, check, act.
C. planning for continuous improvement.
D. RACI Matrix
Correct Answer:
B. plan, do, check, act.

Exam Question 56

In which order is an Information Security Management System set up?

A. Implementation, operation, maintenance, establishment
B. Implementation, operation, improvement, maintenance
C. Establishment, implementation, operation, maintenance
D. Establishment, operation, monitoring, improvement
Correct Answer:
C. Establishment, implementation, operation, maintenance

Exam Question 57

How is the purpose of information security policy best described?

A. An information security policy documents the analysis of risks and the search for countermeasures.
B. An information security policy provides direction and support to the management regarding information security.
C. An information security policy makes the security plan concrete by providing it with the necessary details.
D. An information security policy provides insight into threats and the possible consequences.
Correct Answer:
B. An information security policy provides direction and support to the management regarding information security.

Exam Question 58

Which of the following statements are correct for Clean Desk Policy?

A. Don’t leave confidential documents on your desk.
B. Don’t leave valuable items on your desk if you are not in your work area.
C. Don’t leave highly confidential items.
D. Don’t leave laptops without cable lock.
Correct Answer:
A. Don’t leave confidential documents on your desk.
B. Don’t leave valuable items on your desk if you are not in your work area.
C. Don’t leave highly confidential items.

Exam Question 59

Information has a number of reliability aspects. Reliability is constantly being threatened.
Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.
Which of these examples is a threat to integrity?

A. accidental alteration of data
B. System restart
C. private use of data
D. a loose cable
Correct Answer:
A. accidental alteration of data

Exam Question 60

Changes to the information processing facilities shall be done in controlled manner.

A. False
B. True
Correct Answer:
B. True