PECB Lead Auditor Exam Questions

Question 6 of 169

After an information security incident, an organization created a comprehensive backup procedure involving regular, automated backups of all critical data to offsite storage locations. By doing so, which principle of information security is the organization applying in this case?

A.

Integrity

B.

Confidentiality

C.

Availability

Question 7 of 169

A data processing tool crashed when a user added more data to the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?

A.

Intrinsic vulnerability, i.e., inability to bound check arrays, is a characteristic of the data processing tool

B.

Extrinsic vulnerability, i.e., the exploit of the buffer overflow vulnerability, is caused by an external factor

C.

None; buffer overflow is not a vulnerability; it is a threat

Question 8 of 169

Which of the following best defines managerial controls?

A.

Controls related to the management of personnel, including training of employees, management reviews, and internal audits

B.

Controls related to organizational structure, such as segregation of duties, job rotations, job descriptions, and approval processes

C.

Controls related to the use of technical measures or technologies, such as firewalls, alarm systems, surveillance cameras, and IDSs

Question 9 of 169

What is the objective of penetration testing in the risk assessment process?

A.

To conduct thorough code reviews

B.

To identify potential failures in the ICT protection schemes

C.

To physically inspect hardware components

Question 10 of 169

Which controls are related to the Annex A controls of ISO/IEC 27001 and are often selected from other guides and standards or defined by the organization to meet its specific needs?

A.

General controls

B.

Strategic controls

C.

Specific controls