PECB iso iec 27001 lead auditor practice test

ISO/IEC 27001 Lead Auditor Exam

Last exam update: Mar 11 ,2025
Page 1 out of 7. Viewing questions 1-15 out of 100

Question 1

Below is Purpose of "Integrity", which is one of the Basic Components of Information Security

  • B. the property of safeguarding the accuracy and completeness of assets. Most Votes
  • C. the property that information is not made available or disclosed to unauthorized individuals
  • D. the property of being accessible and usable upon demand by an authorized entity.
Mark Question:
Answer:

B


User Votes:
B 70 votes
50%
C 10 votes
50%
D 8 votes
50%
Discussions
vote your answer:
B
C
D
0 / 1000
ashok
1 year, 1 month ago

the property of safeguarding the accuracy and completeness of assets.

ashok
1 year ago

the property of safeguarding the accuracy and completeness of assets

ashgu
1 year ago

ddddddddddddddddddddddddddddddddddddddddd

Luffy619
11 months, 1 week ago

the property of safeguarding the accuracy and completeness of assets.

robdavies66
8 months, 1 week ago

the property of safeguarding the accuracy and completeness of assets.

robdavies66
8 months ago

the property of safeguarding the accuracy and completeness of assets.

medmond
7 months, 3 weeks ago

the property of safeguarding the accuracy and completeness of assets.

medmond
7 months, 3 weeks ago

the property of safeguarding the accuracy and completeness of assets

Ndanga
7 months, 2 weeks ago

the property of safeguarding the accuracy and completeness of assets.

ASRARMA
7 months, 1 week ago

the property of safeguarding the accuracy and completeness of assets.

Mans
7 months ago

the property that information is not made available or disclosed to unauthorized individuals

Priyachoudhari
6 months, 3 weeks ago

Safeguarding the accuracy and completeness of the assests

ASK
6 months ago

C. the property that information is not made available or disclosed to unauthorized individuals

grosso62
2 months, 1 week ago

B. the property of safeguarding the accuracy and completeness of assets.

grosso62
1 month, 4 weeks ago

B. the property of safeguarding the accuracy and completeness of assets.

cyber-auditor
1 month, 1 week ago

Integrity is the pillar of information security that safeguards the accuracy of the data

syma1970
2 weeks, 6 days ago

Integrity in information security focuses on ensuring that data is accurate, consistent, and reliable. It's about preventing unauthorized modifications or corruptions.


Question 2

-------------------------is an asset like other important business assets has value to an organization and
consequently needs to be protected.

  • A. Infrastructure
  • B. Data
  • C. Information Most Votes
  • D. Security
Mark Question:
Answer:

C


User Votes:
A 8 votes
50%
B 31 votes
50%
C 52 votes
50%
D 5 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Abansal
1 year, 4 months ago

Information

ashok
1 year ago

Information

robdavies66
8 months, 1 week ago

Information

robdavies66
8 months ago

Information

ASRARMA
7 months, 1 week ago

Information

Mans
7 months ago

Data is an asset like other important business assets has value to an organization and consequently needs to be protected

Priyachoudhari
6 months, 3 weeks ago

Information

grosso62
2 months, 1 week ago

C. Information

grosso62
1 month, 4 weeks ago

C. Information

syma1970
2 weeks, 6 days ago

All of these are assets that an organization must protect.


Question 3

What is we do in ACT - From PDCA cycle

  • B. Take actions to continually improve process performance Most Votes
  • C. Take actions to continually monitor process performance
  • D. Take actions to continually improve people performance
Mark Question:
Answer:

B


User Votes:
B 64 votes
50%
C 11 votes
50%
D 6 votes
50%
Discussions
vote your answer:
B
C
D
0 / 1000
ashok
1 year ago

Take actions to continually improve process performance

ashok
1 year ago

Take actions to continually improve process performance

robdavies66
8 months, 1 week ago

Take actions to continually improve process performance

robdavies66
8 months ago

Take actions to continually improve process performance

ASRARMA
7 months, 1 week ago

B. Take actions to continually improve process performance

Mans
7 months ago

Take actions to continually improve process performance

Priyachoudhari
6 months, 3 weeks ago

Continuly improve process performance

grosso62
2 months, 1 week ago

B. Take actions to continually improve process performance

grosso62
1 month, 4 weeks ago

B. Take actions to continually improve process performance

syma1970
2 weeks, 6 days ago

The "Act" phase is where you standardize successful changes, or take corrective actions if the results were not as expected.


Question 4

Implement plan on a test basis - this comes under which section of PDCA

  • A. Plan
  • B. Do Most Votes
  • C. Act
  • D. Check
Mark Question:
Answer:

B


User Votes:
A 14 votes
50%
B 44 votes
50%
C 14 votes
50%
D 5 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Abansal
1 year, 4 months ago

The answer is "DO"

ashok
1 year ago

Do Implement plan on a test basis

robdavies66
8 months, 1 week ago

The answer is B:Do

robdavies66
8 months ago

B. Do B. Do

ASRARMA
7 months, 1 week ago

the answer is B. Do

Mans
7 months ago

Check implement plan on a test basis

Priyachoudhari
6 months, 3 weeks ago

Do under pdca

grosso62
2 months, 1 week ago

This comes under section of PDCA Do

syma1970
2 weeks, 6 days ago

When you "implement a plan on a test basis," you are performing the "Do" portion of the PDCA


Question 5

Which is the glue that ties the triad together

  • A. Process Most Votes
  • B. People
  • C. Collaboration
  • D. Technology
Mark Question:
Answer:

A


User Votes:
A 37 votes
50%
B 12 votes
50%
C 17 votes
50%
D 10 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Abansal
1 year, 4 months ago

Process is the glue that triad togather

ashok
1 year ago

Process is the glue that ties the triad together

robdavies66
8 months, 1 week ago

A Process

robdavies66
8 months ago

A, Process

ASRARMA
7 months, 1 week ago

A. Process

Priyachoudhari
6 months, 3 weeks ago

Process is a triad

grosso62
2 months, 1 week ago

A. Process

syma1970
2 weeks, 6 days ago

people are the essential element that makes the other parts of an information security system function. They are the "glue" that holds it all together.


Question 6

Who are allowed to access highly confidential files?

  • A. Employees with a business need-to-know
  • B. Contractors with a business need-to-know
  • C. Employees with signed NDA have a business need-to-know Most Votes
  • D. Non-employees designated with approved access and have signed NDA
Mark Question:
Answer:

C


User Votes:
A 11 votes
50%
B 2 votes
50%
C 50 votes
50%
D 8 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Abansal
1 year, 4 months ago

Employee with signed NDA have a business need to know

ashok
1 year ago

Employees with signed NDA have a business need-to-know

ashok
1 year ago

Employees with signed NDA have a business need-to-know

robdavies66
8 months, 1 week ago

Employees with signed NDA have a business need-to-know

robdavies66
8 months ago

Employees with signed NDA have a business need-to-know

ASRARMA
7 months, 1 week ago

C. Employees with signed NDA have a business need-to-know

Priyachoudhari
6 months, 3 weeks ago

Employee with nda

grosso62
2 months, 1 week ago

C. Employees with signed NDA have a business need-to-know

syma1970
2 weeks, 6 days ago

while contractors and non-employees might have access in some cases, the core of the answer is employees that have a business need to know.


Question 7

Which is not a requirement of HR prior to hiring?

  • A. Undergo background verification
  • B. Applicant must complete pre-employment documentation requirements
  • C. Must undergo Awareness training on information security. Most Votes
  • D. Must successfully pass Background Investigation
Mark Question:
Answer:

C


User Votes:
A
50%
B 5 votes
50%
C 43 votes
50%
D 6 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
ashok
1 year ago

Must undergo Awareness training on information security.

robdavies66
8 months, 1 week ago

Must undergo Awareness training on information security

robdavies66
8 months ago

Must undergo Awareness training on information security.

ASRARMA
7 months, 1 week ago

Must undergo Awareness training on information security.

grosso62
2 months, 1 week ago

C. Must undergo Awareness training on information security.

syma1970
2 weeks, 6 days ago

Awareness training on information security is typically conducted after an individual is hired and becomes an employee.


Question 8

CMM stands for?

  • A. Capability Maturity Matrix
  • B. Capacity Maturity Matrix
  • C. Capability Maturity Model Most Votes
  • D. Capable Mature Model
Mark Question:
Answer:

C


User Votes:
A 8 votes
50%
B 5 votes
50%
C 39 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Abansal
1 year, 4 months ago

Capacity Maturity Model

ashok
1 year ago

Capability Maturity Model

robdavies66
8 months, 1 week ago

Capability Maturity Model

robdavies66
8 months ago

Capability Maturity Model

ASRARMA
7 months, 1 week ago

Capability Maturity Model

grosso62
2 months, 1 week ago

C. Capability Maturity Model

syma1970
2 weeks, 6 days ago

CMM can also stand for "Coordinate Measuring Machine" in the field of metrology. 1 So the context of the question is very important. But in the context of software development process improvement, it is Capability Maturity Model


Question 9

In acceptable use of Information Assets, which is the best practice?

  • A. Access to information and communication systems are provided for business purpose only Most Votes
  • B. Interfering with or denying service to any user other than the employee's host
  • C. Playing any computer games during office hours
  • D. Accessing phone or network transmissions, including wireless or wifi transmissions
Mark Question:
Answer:

A


User Votes:
A 49 votes
50%
B 3 votes
50%
C 2 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Abansal
1 year, 4 months ago

A is the answer

ashok
1 year ago

Access to information and communication systems are provided for business purpose only

robdavies66
8 months, 1 week ago

Access to information and communication systems are provided for business purpose only

robdavies66
8 months ago

Access to information and communication systems are provided for business purpose only

ASRARMA
7 months, 1 week ago

A. Access to information and communication systems are provided for business purpose only

grosso62
2 months, 1 week ago

A. Access to information and communication systems are provided for business purpose only

syma1970
2 weeks, 6 days ago

This principle aligns with the core idea of responsible and productive use of company resources. It minimizes risks, maximizes efficiency, and protects sensitive information.


Question 10

All are prohibited in acceptable use of information assets, except:

  • A. Electronic chain letters
  • B. E-mail copies to non-essential readers
  • C. Company-wide e-mails with supervisor/TL permission. Most Votes
  • D. Messages with very large attachments or to a large number ofrecipients.
Mark Question:
Answer:

C


User Votes:
A 7 votes
50%
B 10 votes
50%
C 33 votes
50%
D 5 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
ashok
1 year ago

Company-wide e-mails with supervisor/TL permission.

ashok
1 year ago

Company-wide e-mails with supervisor/TL permission.

robdavies66
8 months, 1 week ago

Company-wide e-mails with supervisor/TL permission

robdavies66
8 months ago

Company-wide e-mails with supervisor/TL permission

ASRARMA
7 months, 1 week ago

C. Company-wide e-mails with supervisor/TL permission.

grosso62
2 months, 1 week ago

C. Company-wide e-mails with supervisor/TL permission.

syma1970
2 weeks, 6 days ago

While company-wide emails should be used judiciously, they are sometimes necessary for important announcements or updates. With supervisor/TL permission, there is oversight and control.


Question 11

Information Security is a matter of building and maintaining ________ .

  • A. Confidentiality
  • B. Trust Most Votes
  • C. Protection
  • D. Firewalls
Mark Question:
Answer:

B


User Votes:
A 27 votes
50%
B 32 votes
50%
C 9 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
ashok
1 year ago

Information Security is a matter of building and maintaining Trust

robdavies66
8 months, 1 week ago

B. Trust trust

robdavies66
8 months ago

B trust b trust

robdavies66
8 months ago

B. Trust B. Trust

grosso62
2 months, 1 week ago

A. Confidentiality

cyber-auditor
1 month, 1 week ago

It has to be trust. If we choose confidentiality then its not only in the CIA TRIAD, rather integrity and availability would also need to be mentioned.


Question 12

Phishing is what type of Information Security Incident?

  • A. Private Incidents
  • B. Cracker/Hacker Attacks Most Votes
  • C. Technical Vulnerabilities
  • D. Legal Incidents
Mark Question:
Answer:

B


User Votes:
A 6 votes
50%
B 44 votes
50%
C 10 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
ashok
1 year ago

Cracker/Hacker Attacks

ashok
1 year ago

Cracker/Hacker Attacks

robdavies66
8 months, 1 week ago

Cracker/Hacker Attacks

robdavies66
8 months ago

Cracker/Hacker Attacks

robdavies66
8 months ago

Cracker/Hacker Attacks

ASRARMA
7 months, 1 week ago

B. Cracker/Hacker Attacks

grosso62
2 months, 1 week ago

B. Cracker/Hacker Attacks

syma1970
2 weeks, 6 days ago

Phishing is a social engineering attack used by malicious actors (crackers/hackers) to deceive individuals into revealing sensitive information.1 It's a method they employ to gain unauthorized access


Question 13

The following are the guidelines to protect your password, except: 

  • A. Don't use the same password for various company system security access
  • B. Do not share passwords with anyone Most Votes
  • C. For easy recall, use the same password for company and personal accounts Most Votes
  • D. Change a temporary password on first log-on
Mark Question:
Answer:

B,C


User Votes:
A 3 votes
50%
B 16 votes
50%
C 38 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
ashok
1 year ago

For easy recall, use the same password for company and personal accounts

robdavies66
8 months, 1 week ago

For easy recall, use the same password for company and personal accounts

robdavies66
8 months ago

For easy recall, use the same password for company and personal accounts

robdavies66
8 months ago

For easy recall, use the same password for company and personal accounts

maximea
4 months, 1 week ago

Utiliser le même mot de passe pour les comptes de l'entreprise et les comptes personnels n'est pas recommandé car cela augmente le risque de compromission de la sécurité.

grosso62
2 months, 1 week ago

D. Change a temporary password on first log-on

syma1970
2 weeks, 6 days ago

Using the same password across multiple accounts, especially company and personal, significantly increases the risk. If one account is compromised, all accounts using that password are vulnerable


Question 14

The following are purposes of Information Security, except:

  • A. Ensure Business Continuity
  • B. Minimize Business Risk
  • C. Increase Business Assets Most Votes
  • D. Maximize Return on Investment
Mark Question:
Answer:

C


User Votes:
A 1 votes
50%
B 7 votes
50%
C 35 votes
50%
D 24 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
ashok
1 year ago

Increase Business Assets

robdavies66
8 months, 1 week ago

Increase Business Assets

robdavies66
8 months ago

Increase Business Assets

robdavies66
8 months ago

Increase Business Assets

robdavies66
8 months ago

Increase Business Assets

ASRARMA
7 months, 1 week ago

C. Increase Business Assets

maximea
4 months, 1 week ago

n'est pas un objectif direct de la sécurité de l'information

grosso62
2 months, 1 week ago

D. Maximize Return on Investment


Question 15

Which of the following is not a type of Information Security attack?

  • A. Legal Incidents
  • B. Vehicular Incidents Most Votes
  • C. Technical Vulnerabilities
  • D. Privacy Incidents
Mark Question:
Answer:

B


User Votes:
A 7 votes
50%
B 40 votes
50%
C 4 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Abansal
1 year, 4 months ago

Vehicular incident

Abansal
1 year, 4 months ago

Vehicular Incidents

ashok
1 year ago

Vehicular Incidents

robdavies66
8 months, 1 week ago

Vehicular Incidents

robdavies66
8 months, 1 week ago

Vehicular Incidents

robdavies66
8 months ago

Vehicular Incidents

robdavies66
8 months ago

Vehicular Incidents

robdavies66
8 months ago

Vehicular Incidents

ASRARMA
7 months, 1 week ago

B. Vehicular Incidents

ASK
6 months ago

Vehicular Incidents

maximea
4 months, 1 week ago

B. Vehicular Incidents

grosso62
2 months, 1 week ago

B. Vehicular Incidents

syma1970
2 weeks, 6 days ago

Vehicular incidents, while potentially disruptive, are not directly related to attacks on information systems or data.

To page 2