The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
A. Information Security Management System
B. The use of tokens to gain access to information systems
C. Validation of input and output data in applications
D. Encryption of information
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
A. ISO/IEC 27001:2005
B. Intellectual Property Rights
C. ISO/IEC 27002:2005
D. Personal data protection legislation
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?
A. The costs for automating are easier to charge to the responsible departments.
B. A determination can be made as to which report should be printed first and which ones can wait a little longer.
C. Everyone can easily see how sensitive the reports' contents are by consulting the grading label.
D. Reports can be developed more easily and with fewer errors.
What sort of security does a Public Key Infrastructure (PKI) offer?
A. It provides digital certificates that can be used to digitally sign documents. Such signatures irrefutably determine from whom a document was sent.
B. Having a PKI shows customers that a web-based business is secure.
C. By providing agreements, procedures and an organization structure, a PKI defines which person or which system belongs to which specific public key.
D. A PKI ensures that backups of company data are made on a regular basis.
Of the following, which is the best organization or set of organizations to contribute to compliance?
A. IT only
B. IT, business management, HR and legal
C. IT and management
D. IT and legal
ISO 27002 provides guidance in the following area
A. PCI environment scoping
B. Information handling recommendations
C. Framework for an overall security and compliance program
D. Detailed lists of required policies and procedures
Companies use 27002 for compliance for which of the following reasons:
A. A structured program that helps with security and compliance
B. Explicit requirements for all regulations
C. Compliance with ISO 27002 is sufficient to comply with all regulations
How many domains does ISO / IEC 27002: 2013 have?
A. 140
B. 14
C. 110
D. 114
Select risk control activities for domain "10. Encryption" of ISO / 27002: 2013 (Choose two)
A. Work in safe areas
B. Cryptographic Controls Use Policy
C. Physical security perimeter
D. Key management
Select the controls that correspond to the domain "9. ACCESS CONTROL" of ISO / 27002 (Choose three)
A. Restriction of access to information
B. Return of assets
C. Management of access rights with special privileges
D. Withdrawal or adaptation of access rights
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only GAQM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ISO-IEC-LI exam preparations and GAQM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.