Valid ISO-IEC-27001-Lead-Implementer Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Implementer Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Implementer exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Implementer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Implementer dumps with Test Engine here:
Scenario 7: InfoSec is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. After facing numerous information security incidents, InfoSec has decided to establish teams and implement measures to prevent potential incidents in the future Emma, Bob. and Anna were hired as the new members of InfoSec's information security team, which consists of a security architecture team, an incident response team (IRT) and a forensics team Emma's job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant. Bob, a network expert, will deploy a screened subnet network architecture This architecture will isolate the demilitarized zone (OMZ) to which hosted public services are attached and InfoSec's publicly accessible resources from their private network Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company's network. Bob is also responsible for ensuring that a thorough evaluation of the nature of an unexpected event is conducted, including the details on how the event happened and what or whom it might affect. Anna will create records of the data, reviews, analysis, and reports in order to keep evidence for the purpose of disciplinary and legal action, and use them to prevent future incidents. To do the workaccordingly, she should be aware of the company's information security incident management policy beforehand Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have. According to scenario 7, a demilitarized zone (DMZ) is deployed within InfoSec's network. What type of control has InfoSec implemented in this case?
Correct Answer: B
A demilitarized zone (DMZ) is a network segment that separates the internal network from the external network, such as the Internet. It is used to host public services that need to be accessible from outside the organization, such as web servers, email servers, or DNS servers. A DMZ provides a layer of protection for the internal network by limiting the exposure of the public services and preventing unauthorized access from the external network. A DMZ is an example of a preventive control, which is a type of control that aims to prevent or deter the occurrence of an information security incident. Preventive controls reduce the likelihood of a threat exploiting a vulnerability and causing harm to the organization's information assets. Other examples of preventive controls are encryption, authentication, firewalls, antivirus software, and security awareness training. References: * ISO/IEC 27001 : 2022 Lead Implementer Study Guide, Section 8.2.3.2.1, page 162 * ISO/IEC 27001 : 2022 Lead Implementer Info Kit, page 13 * ISO/IEC 27002 : 2022, Section 13.1.3, page 66