Get PECB ISO-IEC-27002-Foundation Exam Practice Questions - Real and Updated

Answer : B

Control 5.37, Documented operating procedures, aims to ensure the correct and secure operation of information processing facilities. Operating procedures translate security and operational requirements into repeatable instructions for administrators, operators, support teams, and users. They can cover system startup and shutdown, backup, restoration, logging, error handling, media handling, job scheduling, maintenance, incident escalation, access administration, and secure processing steps. Without documented procedures, operations become inconsistent and dependent on individual memory or informal practice, increasing the likelihood of mistakes, outages, unauthorized changes, or insecure handling. Control 7.2, Physical entry, protects secure physical areas by controlling access to facilities, but it does not define operational procedures. Control 5.35, Independent review of information security, assesses whether the information security approach remains suitable, adequate, and effective, but it does not provide the day-to-day operating instructions. ISO/IEC 27002 places documented procedures in the organizational control group because reliable operation requires governance, clarity, and repeatability. Therefore, option B is the verified answer. Reference/Chapters: ISO/IEC 27002:2022, Control 5.37 Documented operating procedures; Control 7.2 Physical entry; Control 5.35 Independent review of information security.

Answer : B

A fire alarm is a detective and technical control. It is detective because it identifies or signals that a fire-related event may be occurring. The alarm does not normally stop the fire from starting, and it does not restore damaged assets after the event. Its purpose is to detect indicators such as smoke, heat, or fire and trigger response actions such as evacuation, suppression, emergency communication, or incident handling. It is technical because it operates through engineered or electronic mechanisms rather than through management approval, legal clauses, or purely administrative processes. ISO/IEC 27002:2022 classifies controls using attributes, including control type. Control types include preventive, detective, and corrective. Fire alarms align with the physical security control area because fire is a physical and environmental threat to information processing facilities, equipment, storage media, and supporting infrastructure. The value of the control is timely detection, reducing the chance that a physical event escalates unnoticed into major damage or service disruption. Reference/Chapters: ISO/IEC 27002:2022, Clause 4 control attributes; Control 7.4 Physical security monitoring; Control 7.5 Protecting against physical and environmental threats.

Answer : B

Company A has implemented Control 8.23, Web filtering. Web filtering is intended to protect systems from compromise by preventing access to known malicious or inappropriate web resources. Blocking IP addresses or domains associated with malicious websites is a typical web filtering technique. It can reduce exposure to malware, phishing pages, command-and-control infrastructure, drive-by downloads, credential harvesting, and unauthorized content. Control 8.11, Data masking, is unrelated because it protects sensitive data by obscuring or substituting values so users or systems do not see the original data. Control 5.18, Access rights, concerns granting, reviewing, modifying, and removing user access privileges to information and systems. Browser configuration that blocks malicious destinations is not primarily user access rights management; it is filtering web traffic based on destination risk. ISO/IEC 27002 places web filtering under technological controls because it is implemented through browsers, gateways, DNS filtering, proxies, endpoint tools, or secure web gateways. Therefore, option B is verified. Reference/Chapters: ISO/IEC 27002:2022, Control 8.23 Web filtering; Control 8.7 Protection against malware; Control 8.20 Network security.

Answer : A

ISO/IEC 27002:2022 provides guidance for selecting, implementing, and managing information security controls. It is not the certification requirements standard; that role belongs to ISO/IEC 27001. ISO/IEC 27002 supports organizations by explaining the purpose of each control, the implementation guidance, and other related information needed to apply controls appropriately. Its controls are grouped into organizational, people, physical, and technological themes. The standard is intended to be used as a reference when organizations design security measures based on their risks, business needs, legal obligations, contractual requirements, and information security objectives. Therefore, option A is correct because ''guidance'' is the core function of ISO/IEC 27002. Option B is incorrect because ISO/IEC 27002 does not set mandatory requirements for certification. Option C is related to risk management, but it is not the main purpose of ISO/IEC 27002; risk management guidance is more directly associated with ISO/IEC 27005. ISO/IEC 27002 guides control implementation after risk and control needs are determined. Reference/Chapters: ISO/IEC 27002:2022, Clause 1 Scope; Clause 4 Structure of the standard; Controls 5--8.

Answer : B

Information gained from evaluating information security incidents should be used to improve both user awareness and training and the incident management plan. Control 5.27 focuses on learning from incidents so that organizations reduce the likelihood or impact of recurrence. Incident evaluation can reveal root causes, control failures, user mistakes, unclear procedures, delayed escalation, insufficient logging, poor communication, supplier weaknesses, or technical vulnerabilities. If users contributed to the incident through phishing response, mishandling of information, weak passwords, or reporting delays, awareness and training should be improved. If the incident response process showed weaknesses in roles, escalation, evidence collection, communication, containment, recovery, or decision-making, the incident management plan should be updated. ISO/IEC 27002 treats incidents as a feedback mechanism for continual improvement, not merely isolated events to close. Option B is correct because both listed uses are valid and mutually reinforcing. Strong incident learning improves controls, procedures, monitoring, user behavior, and readiness for future events. Reference/Chapters: ISO/IEC 27002:2022, Control 5.27 Learning from information security incidents; Control 5.24 Information security incident management planning and preparation; Control 6.3 Information security awareness, education and training.