Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27001-Lead-Implementer Topic 6 Question 55 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 55
Topic #: 6
[All ISO-IEC-27001-Lead-Implementer Questions]

Scenario 7: InfoSec, based in Boston, MA, is a multinational corporation offering professional electronics, gaming, and entertainment products. Following several information security incidents, InfoSec has decided to establish teams of experts and implement measures to prevent potential incidents in the future.

Emma, Bob, and Anna were hired as the new members of InfoSec's information security team, which consists of a security architecture team, an incident response team (IRT), and a forensics team. Emma's job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively. Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant.

Bob, a network expert, will implement a screened subnet network architecture. This architecture will isolate the demilitarized zone (DMZ), to which hosted public services are attached, and InfoSec's publicly accessible resources from their private network. Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company's network. Bob is also responsible for ensuring a thorough evaluation of the nature of an unexpected event, including how the event happened and what or whom it might affect.

On the other hand, Anna will create records of the data, reviews, analyses, and reports to keep evidence for disciplinary and legal action and use them to prevent future incidents. To do the work accordingly, she should be aware of the company's information security incident management policy beforehand. Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have.

As part of InfoSec's initiative to strengthen information security measures, Anna will conduct information security risk assessments only when significant changes are proposed and will document the results of these risk assessments. Upon completion of the risk assessment process, Anna is responsible for developing and implementing a plan for treating information security risks and documenting the risk treatment results.

Furthermore, while implementing the communication plan for information security, InfoSec's top management was responsible for creating a roadmap for new product development. This approach helps the company to align its security measures with the product development efforts, demonstrating a commitment to integrating security into every aspect of its business operations.

InfoSec uses a cloud service model that includes cloud-based apps accessed through the web or an application programming interface (API). All cloud services are provided by the cloud service provider, while data is managed by InfoSec. This introduces unique security considerations and becomes a primary focus for the information security team to ensure data and systems are protected in this environment.

Based on this scenario, answer the following question:

Does InfoSec comply with ISO/IEC 27001 requirements regarding the information security risk treatment plan?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

Sherell
27 days ago
Option C is clearly the funniest choice here. As if the top management alone can handle the entire risk treatment plan. That's a good one!
upvoted 0 times
Pamella
9 days ago
Emma: Definitely, Bob. It's important for everyone in the organization to be involved in implementing security measures.
upvoted 0 times
...
Ria
10 days ago
Bob: I agree, Anna. It takes a team effort to effectively manage information security risks.
upvoted 0 times
...
Sherrell
12 days ago
Anna: Option C is hilarious! Top management handling the entire risk treatment plan? That's a good joke.
upvoted 0 times
...
...
Detra
28 days ago
Hold up, why do they need to document the risk treatment results? Isn't that just a waste of time? Let's just focus on actually fixing the issues.
upvoted 0 times
...
Ceola
30 days ago
As the external consultant, I can confirm that InfoSec's approach aligns with the ISO/IEC 27001 standard. Solid documentation is essential for legal and disciplinary purposes.
upvoted 0 times
Bernardo
10 hours ago
Absolutely, having a clear plan and documenting the results is key to effective information security management.
upvoted 0 times
...
Antonio
1 days ago
A) Yes, it's important to have a thorough risk treatment plan in place to address potential security risks.
upvoted 0 times
...
Hubert
2 days ago
As the external consultant, I agree. Solid documentation is crucial for maintaining compliance.
upvoted 0 times
...
Frederica
12 days ago
A) Yes, it complies with ISO/IEC 27001 requirements by implementing a risk treatment plan and documenting risk treatment results
upvoted 0 times
...
...
Lashandra
1 months ago
Yes, I also believe that InfoSec is doing the right thing by developing and implementing a plan for treating information security risks.
upvoted 0 times
...
Freida
2 months ago
I agree with Cathrine. Our risk treatment plan is essential for managing information security risks effectively.
upvoted 0 times
...
Yolande
2 months ago
I agree, option A is the way to go. Establishing a comprehensive risk treatment plan and keeping proper records is crucial for information security compliance.
upvoted 0 times
Desmond
18 days ago
Emma: It's important to follow ISO/IEC 27001 requirements for our risk treatment plan.
upvoted 0 times
...
Bernadine
20 days ago
Anna: Definitely, documenting risk treatment results is key in information security.
upvoted 0 times
...
Judy
27 days ago
Bob: I agree, having a risk treatment plan is essential for compliance.
upvoted 0 times
...
Goldie
1 months ago
Emma: I think option A is the best choice.
upvoted 0 times
...
...
Cathrine
2 months ago
I think InfoSec complies with ISO/IEC 27001 requirements by implementing a risk treatment plan and documenting risk treatment results.
upvoted 0 times
...
Elenora
2 months ago
Looks like InfoSec is on the right track with their risk treatment plan. Documenting the results is a key requirement under ISO/IEC 27001, so option A seems to be the correct answer here.
upvoted 0 times
Leah
2 months ago
Yes, option A is the correct answer as InfoSec complies with ISO/IEC 27001 requirements by implementing a risk treatment plan and documenting the results.
upvoted 0 times
...
Raelene
2 months ago
I agree, documenting the risk treatment results is crucial for compliance with ISO/IEC 27001.
upvoted 0 times
...
...

Save Cancel