Free PECB ISO-IEC-27001-Lead-Implementer Exam Questions

Which of the following statements is accurate regarding the methodology for managing the implementation of an ISMS?

HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to earlyadulthood using a web-based medical software. The software is also used to schedule appointments, createcustomized medical reports, store patients' data and medical history, and communicate with all the [^involvedparties, including parents, other physicians, and the medical laboratory staff.Last month, HealthGenic experienced a number of service interruptions due to the increased number of usersaccessing the software Another issue the company faced while using the software was the complicated userinterface, which the untrained personnel found challenging to use.The top management of HealthGenic immediately informed the company that had developed the softwareabout the issue. The software company fixed the issue; however, in the process of doing so, it modified somefiles that comprised sensitive information related to HealthGenic's patients. The modifications that were maderesulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.Which situation presented in scenario 8 is not in compliance with ISO/IEC 27001 requirements?

Scenario 2: Beauty is a cosmetics company that haDue to this transformation of the business model, a number of security controls were implemented based on the identified threats and vulnerabilities associated to critical assets. To protect customers' information. Beauty's employees had to sign a confidentiality agreement. In addition, the company reviewed all user access rights so that only authorized personnel can have access to sensitive files and drafted a new segregation of duties chart. However, the transition was difficult for the IT team, who had to deal with a security incident not long after transitioning to the e commerce model. After investigating the incident, the team concluded that due to the out-of-date anti-malware software, an attacker gamed access to their files and exposed customers' information, including their names and home addresses. The IT team decided to stop using the old anti-malware software and install a new one which would automatically remove malicious code in case of similar incidents. The new software was installed in every workstation within the company. After installing the new software, the team updated it with the latest malware definitions and enabled the automatic update feature to keep it up to date at all times. Additionally, they established an authentication process that requires a user identification and password when accessing sensitive information. In addition, Beauty conducted a number of information security awareness sessions for the IT team and other employees that have access to confidential information in order to raise awareness on the importance of system and network security. According to scenario 2. Beauty has reviewed all user access rights. What type of control is this? ent process to an external provider operating online payments systems that support online money transfers.

Based on ISO/IEC 27001, what areas within the organization require establishing rules, procedures, and agreements for information transfer?

A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the company's staff. Which kind of security measure could have prevented this?