GAQM ISO-IEC-LI Exam Practice Test Instant Access

Question 1

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

ARisk bearing

BRisk avoiding

CRisk neutral

DRisk passing

Answer : C

Question 2

You have just started working at a large organization. You have been asked to sign a code of conduct as well as a contract. What does the organization wish to achieve with this?

AA code of conduct helps to prevent the misuse of IT facilities.

BA code of conduct is a legal obligation that organizations have to meet.

CA code of conduct prevents a virus outbreak.

DA code of conduct gives staff guidance on how to report suspected misuses of IT facilities.

Answer : A

Question 3

What do employees need to know to report a security incident?

AHow to report an incident and to whom.

BWhether the incident has occurred before and what was the resulting damage.

CThe measures that should have been taken to prevent the incident in the first place.

DWho is responsible for the incident and whether it was intentional.

Answer : A

Question 4

What is the best description of a risk analysis?

AA risk analysis is a method of mapping risks without looking at company processes.

BA risk analysis helps to estimate the risks and develop the appropriate security measures.

CA risk analysis calculates the exact financial consequences of damages.

Answer : B

Question 5

The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?

AInformation Security Management System

BThe use of tokens to gain access to information systems

CValidation of input and output data in applications

DEncryption of information

Answer : A

Question 6

Responsibilities for information security in projects should be defined and allocated to:

Athe project manager

Bspecified roles defined in the used project management method of the organization

Cthe InfoSec officer

Dthe owner of the involved asset

Answer : B

Question 7

In the context of contact with special interest groups, any information-sharing agreements should identify requirements for the protection of _________ information.

AAvailability

BConfidential

CAuthentic

DAuthorization

Answer : B

GAQM ISO / IEC 27002 - Lead Implementer Exam Practice Test