GAQM ISO 27001:2013 Certified Lead Auditor ISO-ISMS-LA ISO27-13-001 ISO-CLA Exam Questions and Answers – Page 1

Exam Question 81

Availability means

A. Service should be accessible at the required time and usable only by the authorized entity
B. Service should be accessible at the required time and usable by all
C. Service should not be accessible when required
Correct Answer:
A. Service should be accessible at the required time and usable only by the authorized entity

Exam Question 82

Who is responsible for Initial asset allocation to the user/custodian of the assets?

A. Asset Practitioner
B. Asset Manager
C. Asset Stakeholder
D. Asset Owner
Correct Answer:
D. Asset Owner

Exam Question 83

There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good.
What is an example of the indirect damage caused by this fire?

A. Water damage due to the fire extinguishers
B. Burned computer systems
C. Burned documents
D. Melted backup tapes
Correct Answer:
A. Water damage due to the fire extinguishers

Exam Question 84

We can leave laptops during weekdays or weekends in locked bins.

A. True
B. False
Correct Answer:
B. False

Exam Question 85

In acceptable use of Information Assets, which is the best practice?

A. Accessing phone or network transmissions, including wireless or wifi transmissions
B. Access to information and communication systems are provided for business purpose only
C. Interfering with or denying service to any user other than the employee’s host
D. Playing any computer games during office hours
Correct Answer:
B. Access to information and communication systems are provided for business purpose only

Exam Question 86

What is the worst possible action that an employee may receive for sharing his or her password or access with others?

A. The lowest rating on his or her performance assessment
B. Forced roll off from the project
C. Termination
D. Three days suspension from work
Correct Answer:
C. Termination

Exam Question 87

Which is the glue that ties the triad together

A. Process
B. People
C. Collaboration
D. Technology
Correct Answer:
A. Process

Exam Question 88

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company’s information is worth more and more and gone are the days when you could keep control yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with qualitative risk analysis?

A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.
B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
Correct Answer:
B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

Exam Question 89

You receive an E-mail from some unknown person claiming to be representative of your bank and asking for your account number and password so that they can fix your account. Such an attempt of social engineering is called

A. Shoulder Surfing
B. Mountaineering
C. Phishing
D. Spoofing
Correct Answer:
C. Phishing

Exam Question 90

What would be the reference for you to know who should have access to data/document?

A. Data Classification Label
B. Access Control List (ACL)
C. Masterlist of Project Records (MLPR)
D. Information Rights Management (IRM)
Correct Answer:
B. Access Control List (ACL)