- Home
- PECB
- PECB Certified ISO/IEC 27001 Lead Implementer Exam
- PECB.ISO-IEC-27001-Lead-Implementer.v2024-08-20.q56
- Question 40
Valid ISO-IEC-27001-Lead-Implementer Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Implementer Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Implementer exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Implementer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Implementer dumps with Test Engine here:
Access ISO-IEC-27001-Lead-Implementer Dumps Premium Version
(294 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 40/56
The IT Department of a financial institution decided to implement preventive controls to avoid potential security breaches. Therefore, they separated the development, testing, and operating equipment, secured their offices, and used cryptographic keys. However, they are seeking further measures to enhance their security and minimize the risk of security breaches. Which of the following controls would help the IT Department achieve this objective?
Correct Answer: C
An access control software is a type of preventive control that is designed to limit the access to sensitive files and information based on the user's identity, role, or authorization level. An access control software helps to protect the confidentiality, integrity, and availability of the information by preventing unauthorized users from viewing, modifying, or deleting it. An access control software also helps to create an audit trail that records who accessed what information and when, which can be useful for accountability and compliance purposes.
The IT Department of a financial institution decided to implement preventive controls to avoid potential security breaches. Therefore, they separated the development, testing, and operating equipment, secured their offices, and used cryptographic keys. However, they are seeking further measures to enhance their security and minimize the risk of security breaches. An access control software would help the IT Department achieve this objective by adding another layer of protection to their sensitive files and information, and ensuring that only authorized personnel can access them.
Reference:
ISO/IEC 27001:2022 Lead Implementer Course Guide1
ISO/IEC 27001:2022 Lead Implementer Info Kit2
ISO/IEC 27001:2022 Information Security Management Systems - Requirements3 ISO/IEC 27002:2022 Code of Practice for Information Security Controls4 What are Information Security Controls? - SecurityScorecard4 What Are the Types of Information Security Controls? - RiskOptics2 Integrity is the property of safeguarding the accuracy and completeness of information and processing methods. A breach of integrity occurs when information is modified or destroyed in an unauthorized or unintended manner. In this case, Diana accidently modified the order details of a customer without their permission, which resulted in the customer receiving an incorrect product. This means that the information about the customer's order was not accurate or complete, and therefore, the integrity principle was breached. Availability and confidentiality are two other information security principles, but they were not violated in this case. Availability is the property of being accessible and usable upon demand by an authorized entity, and confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems.
The IT Department of a financial institution decided to implement preventive controls to avoid potential security breaches. Therefore, they separated the development, testing, and operating equipment, secured their offices, and used cryptographic keys. However, they are seeking further measures to enhance their security and minimize the risk of security breaches. An access control software would help the IT Department achieve this objective by adding another layer of protection to their sensitive files and information, and ensuring that only authorized personnel can access them.
Reference:
ISO/IEC 27001:2022 Lead Implementer Course Guide1
ISO/IEC 27001:2022 Lead Implementer Info Kit2
ISO/IEC 27001:2022 Information Security Management Systems - Requirements3 ISO/IEC 27002:2022 Code of Practice for Information Security Controls4 What are Information Security Controls? - SecurityScorecard4 What Are the Types of Information Security Controls? - RiskOptics2 Integrity is the property of safeguarding the accuracy and completeness of information and processing methods. A breach of integrity occurs when information is modified or destroyed in an unauthorized or unintended manner. In this case, Diana accidently modified the order details of a customer without their permission, which resulted in the customer receiving an incorrect product. This means that the information about the customer's order was not accurate or complete, and therefore, the integrity principle was breached. Availability and confidentiality are two other information security principles, but they were not violated in this case. Availability is the property of being accessible and usable upon demand by an authorized entity, and confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems.
- Question List (56q)
- Question 1: Org Y. a well-known bank, uses an online banking platform th...
- Question 2: Scenario 3: Socket Inc is a telecommunications company offer...
- Question 3: Scenario 10: NetworkFuse develops, manufactures, and sells n...
- Question 4: What risk treatment option has Company A implemented if it h...
- Question 5: Why is the power/interest matrix used for?...
- Question 6: Which statement is an example of risk retention?...
- Question 7: Scenario 7: InfoSec is a multinational corporation headquart...
- Question 8: Which of the following is the information security committee...
- Question 9: Diana works as a customer service representative for a large...
- Question 10: The purpose of control 5.9 inventory of Information and othe...
- Question 11: An organization wants to enable the correlation and analysis...
- Question 12: Scenario 8: SunDee is an American biopharmaceutical company,...
- Question 13: Scenario 5: Operaze is a small software development company ...
- Question 14: Scenario 5: Operaze is a small software development company ...
- Question 15: Which situation described in scenario 7 Indicates that Texas...
- Question 16: Scenario 7: InfoSec is a multinational corporation headquart...
- Question 17: According to scenario 2, Solena decided to issue a press rel...
- Question 18: An organization has established a policy that provides the p...
- Question 19: Scenario 5: Operaze is a small software development company ...
- Question 20: FinanceX, a well-known financial institution, uses an online...
- Question 21: An employee of the organization accidentally deleted custome...
- Question 22: What is the main purpose of Annex A 7.1 Physical security pe...
- Question 23: Based on scenario 9. is the action plan for treating the non...
- Question 24: An organization documented each security control that it Imp...
- Question 25: Scenario 3: Socket Inc is a telecommunications company offer...
- Question 26: Who should be involved, among others, in the draft, review, ...
- Question 27: Scenario 8: SunDee is an American biopharmaceutical company,...
- Question 28: Del&Co has decided to improve their staff-related contro...
- Question 29: Scenario 6: Skyver offers worldwide shipping of electronic p...
- Question 30: Company X restricted the access of the internal auditor of s...
- Question 31: Based on scenario 2. which principle of information security...
- Question 32: An organization uses Platform as a Services (PaaS) to host i...
- Question 33: Scenario 6: Skyver offers worldwide shipping of electronic p...
- Question 34: Scenario 2: Beauty is a cosmetics company that has recently ...
- Question 35: Which option below should be addressed in an information sec...
- Question 36: Upon the risk assessment outcomes. Socket Inc. decided to: *...
- Question 37: An organization documented each security control that it Imp...
- Question 38: Scenario 5: Operaze is a small software development company ...
- Question 39: According to scenario 6. Alex used terminology and concepts ...
- Question 40: The IT Department of a financial institution decided to impl...
- Question 41: Based on scenario 5. Socket Inc. decided to assign users lo ...
- Question 42: Scenario 10: NetworkFuse develops, manufactures, and sells n...
- Question 43: Which situation presented in scenario 8 is not in compliance...
- Question 44: Scenario 1: HealthGenic is a pediatric clinic that monitors ...
- Question 45: According to scenario 7, the team prevented a potential atta...
- Question 46: Once they made sure that the attackers do not have access in...
- Question 47: How can Invalid Electric's ensure that Us employees are prep...
- Question 48: Based on scenario 9. the top management decided to accept th...
- Question 49: Scenario 10: NetworkFuse develops, manufactures, and sells n...
- Question 50: Why should the security testing processes be defined and imp...
- Question 51: Scenario 1: HealthGenic is a pediatric clinic that monitors ...
- Question 52: TradeB communicated the information security processes and p...
- Question 53: Scenario 2: Beauty is a cosmetics company that has recently ...
- Question 54: Following a repotted event, an Information security event ti...
- Question 55: Scenario 9: OpenTech provides IT and communications services...
- Question 56: Scenario 8: SunDee is an American biopharmaceutical company,...
[×]
Download PDF File
Enter your email address to download PECB.ISO-IEC-27001-Lead-Implementer.v2024-08-20.q56.pdf