Free PECB ISO-IEC-27001-Lead-Implementer Exam Questions

HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to earlyadulthood using a web-based medical software. The software is also used to schedule appointments, createcustomized medical reports, store patients' data and medical history, and communicate with all the [^involvedparties, including parents, other physicians, and the medical laboratory staff.Last month, HealthGenic experienced a number of service interruptions due to the increased number of usersaccessing the software Another issue the company faced while using the software was the complicated userinterface, which the untrained personnel found challenging to use.The top management of HealthGenic immediately informed the company that had developed the softwareabout the issue. The software company fixed the issue; however, in the process of doing so, it modified somefiles that comprised sensitive information related to HealthGenic's patients. The modifications that were maderesulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.Which situation presented in scenario 8 is not in compliance with ISO/IEC 27001 requirements?

What is the main purpose of Annex A 7.1 Physical security perimeters of ISO/IEC 27001? 

Scenario 9: OpenTech provides IT and communications services. It helps data communication enterprises and network operators become multi-service providers During an internal audit, its internal auditor, Tim, has identified nonconformities related to the monitoring procedures He identified and evaluated several system Invulnerabilities. Tim found out that user IDs for systems and services that process sensitive information have been reused and the access control policy has not been followed After analyzing the root causes of this nonconformity, the ISMS project manager developed a list of possible actions to resolve the nonconformity. Then, the ISMS project manager analyzed the list and selected the activities that would allow the elimination of the root cause and the prevention of a similar situation in the future. These activities were included in an action plan The action plan, approved by the top management, was written as follows: A new version of the access control policy will be established and new restrictions will be created to ensure that network access is effectively managed and monitored by the Information and Communication Technology (ICT) Department The approved action plan was implemented and all actions described in the plan were documented. Based on this scenario, answer the following question: OpenTech has decided to establish a new version of its access control policy. What should the company do when such changes occur?

HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to earlyadulthood using a web-based medical software. The software is also used to schedule appointments, createcustomized medical reports, store patients' data and medical history, and communicate with all the [^involvedparties, including parents, other physicians, and the medical laboratory staff.Last month, HealthGenic experienced a number of service interruptions due to the increased number of usersaccessing the software Another issue the company faced while using the software was the complicated userinterface, which the untrained personnel found challenging to use.The top management of HealthGenic immediately informed the company that had developed the softwareabout the issue. The software company fixed the issue; however, in the process of doing so, it modified somefiles that comprised sensitive information related to HealthGenic's patients. The modifications that were maderesulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.Which situation presented in scenario 8 is not in compliance with ISO/IEC 27001 requirements?

Scenario 3: Socket Inc. is a dynamic telecommunications company specializing in wireless products andservices, committed to delivering high-quality and secure communication solutions. Socket Inc. leveragesinnovative technology, including the MongoDB database, renowned for its high availability, scalability, andflexibility, to provide reliable, accessible, efficient, and well-organized services to its customers. Recently, thecompany faced a security breach where external hackers exploited the default settings of its MongoDBdatabase due to an oversight in the configuration settings, which had not been properly addressed.Fortunately, diligent data backups and centralized logging through a server ensured no loss of information. Inresponse to this incident, Socket Inc. undertook a thorough evaluation of its security measures. The companyrecognized the urgent need to improve its information security and decided to implement an informationsecurity management system (ISMS) based on ISO/IEC 27001.To improve its data security and protect its resources, Socket Inc. implemented entry controls and secureaccess points. These measures were designed to prevent unauthorized access to critical areas housing sensitivedata and essential assets. In compliance with relevant laws, regulations, and ethical standards, Socket Inc.implemented pre-employment background checks tailored to business needs, information classification, andassociated risks. A formalized disciplinary procedure was also established to address policy violations.Additionally, security measures were implemented for personnel working remotely to safeguard informationaccessed, processed, or stored outside the organization's premises.Socket Inc. safeguarded its information processing facilities against power failures and other disruptions.Unauthorized access to critical records from external sources led to the implementation of data flow control  services to prevent unauthorized access between departments and external networks. In addition, Socket Inc.used data masking based on the organization’s topic-level general policy on access control and other relatedtopic-level general policies and business requirements, considering applicable legislation. It also updated anddocumented all operating procedures for information processing facilities and ensured that they wereaccessible to top management exclusively.The company also implemented a control to define and implement rules for the effective use of cryptography,including cryptographic key management, to protect the database from unauthorized access. Theimplementation was based on all relevant agreements, legislation, regulations, and the informationclassification scheme. Network segregation using VPNs was proposed to improve security and reduceadministrative efforts.Regarding the design and description of its security controls, Socket Inc. has categorized them into groups,consolidating all controls within a single document. Lastly, Socket Inc. implemented a new system tomaintain, collect, and analyze information about information security threats and integrate informationsecurity into project management.Based on the scenario above, answer the following question:Based on scenario 3, did Socket Inc. comply with ISO/IEC 27001 organizational controls regarding itsoperating procedures?