GAQM ISO 27001:2013 Certified Lead Auditor ISO-ISMS-LA ISO27-13-001 ISO-CLA Exam Questions and Answers – Page 1

Exam Question 61

An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.

A. True
B. False
Correct Answer:
B. False

Exam Question 62

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company’s information is worth more and more and gone are the days when you could keep control yourself.
You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis.
What is a qualitative risk analysis?

A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
B. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.
Correct Answer:
A. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

Exam Question 63

__________ is a software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

A. Trojan
B. Virus
C. Operating System
D. Malware
Correct Answer:
D. Malware

Exam Question 64

Which of the following is not a type of Information Security attack?

A. Technical Vulnerabilities
B. Vehicular Incidents
C. Privacy Incidents
D. Legal Incidents
Correct Answer:
B. Vehicular Incidents

Exam Question 65

A decent visitor is roaming around without visitor’s ID. As an employee you should do the following, except:

A. Call the receptionist and inform about the visitor
B. Greet and ask him what is his business
C. Escort him to his destination
D. Say “hi” and offer coffee
Correct Answer:
D. Say “hi” and offer coffee

Exam Question 66

Why do we need to test a disaster recovery plan regularly, and keep it up to date?

A. Otherwise it is no longer up to date with the registration of daily occurring faults
B. Otherwise remotely stored backups may no longer be available to the security team
C. Otherwise the measures taken and the incident procedures planned may not be adequate
Correct Answer:
C. Otherwise the measures taken and the incident procedures planned may not be adequate

Exam Question 67

Phishing is what type of Information Security Incident?

A. Legal Incidents
B. Technical Vulnerabilities
C. Cracker/Hacker Attacks
D. Private Incidents
Correct Answer:
C. Cracker/Hacker Attacks

Exam Question 68

Cabling Security is associated with Power, telecommunication and network cabling carrying information are protected from interception and damage.

A. True
B. False
Correct Answer:
A. True

Exam Question 69

Which measure is a preventive measure?

A. Shutting down all internet traffic after a hacker has gained access to the company systems
B. Installing a logging system that enables changes in a system to be recognized
C. Putting sensitive information in a safe
Correct Answer:
C. Putting sensitive information in a safe

Exam Question 70

CEO sends a mail giving his views on the status of the company and the company’s future strategy and the CEO’s vision and the employee’s part in it. The mail should be classified as

A. Internal Mail
B. Public Mail
C. Confidential Mail
D. Restricted Mail
Correct Answer:
A. Internal Mail