QUESTION 31
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?

QUESTION 32
What should TradeB do in order to deal with residual risks? Refer to scenario 4.

QUESTION 33
Why did InfoSec establish an IRT? Refer to scenario 7.

QUESTION 34
An organization uses Platform as a Services (PaaS) to host its cloud-based services As such, the cloud provider manages most off the services to the organization. However, the organization still manages____________________

QUESTION 35
An organization wants to enable the correlation and analysis of security-related events and other recorded data and to support investigations into information security incidents. Which control should it implement7

QUESTION 36
Logging in to a computer system is an access-granting process consisting of three steps: identification, authentication and authorization. What occurs during the first step of this process: identification?

QUESTION 37
Based on scenario 1. what is a potential impact of the loss of integrity of information in HealthGenic?

QUESTION 38
An organization has decided to conduct information security awareness and training sessions on a monthly basis for all employees. Only 45% of employees who attended these sessions were able to pass the exam.
What does the percentage represent?

QUESTION 39
The identified owner of an asset is always an individual

QUESTION 40
Based on scenario 4, the fact that TradeB defined the level of risk based on three nonnumerical categories indicates that;

QUESTION 41
NetworkFuse should_________________to ensure that employees are prepared for the audit. Refer to scenario
10.

QUESTION 42
Scenario 8: SunDee is an American biopharmaceutical company, headquartered in California, the US. It specializes in developing novel human therapeutics, with a focus on cardiovascular diseases, oncology, bone health, and inflammation. The company has had an information security management system (ISMS) based on SO/IEC 27001 in place for the past two years. However, it has not monitored or measured the performance and effectiveness of its ISMS and conducted management reviews regularly Just before the recertification audit, the company decided to conduct an internal audit. It also asked most of their staff to compile the written individual reports of the past two years for their departments. This left the Production Department with less than the optimum workforce, which decreased the company’s stock.
Tessa was SunDee’s internal auditor. With multiple reports written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever Tessa concluded that SunDee must evaluate the performance of the ISMS adequately. She defined SunDee’s negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations. Additionally, Tessa created a new plan which would enable SunDee to resolve these issues and presented it to the top management Based on the scenario above, answer the following question:
What caused SunDee’s workforce disruption?

QUESTION 43
Based on scenario 6. when should Colin deliver the next training and awareness session?

QUESTION 44
One of the ways Internet of Things (IoT) devices can communicate with each other (or ‘the outside world’) is using a so-called short-range radio protocol. Which kind of short-range radio protocol makes it possible to use your phone as a credit card?

QUESTION 45
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?