Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

Exam ISO-IEC-27001-Lead-Implementer Topic 2 Question 337 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 337
Topic #: 2
Infralink is a medium-sized IT consultancy firm headquartered in Dublin, Ireland. It specializes in secure cloud infrastructure, software integration, and data analytics, serving a diverse client base in the healthcare, financial services, and legal sectors, including hospitals, insurance providers, and law firms. To safeguard sensitive client data and support business continuity, Infralink has implemented an information security management system (ISMS) aligned with the requirements of ISO/IEC 27001.
In developing its security architecture, the company adopted services to support centralized user identification and shared authentication mechanisms across its departments. These services also governed the creation and management of credentials within the company. Additionally, Infralink deployed solutions to protect sensitive data in transit and at rest, maintaining confidentiality and integrity across its systems.
In preparation for implementing information security controls, the company ensured the availability of necessary resources, personnel competence, and structured planning. It conducted a cost-benefit analysis, scheduled implementation phases, and prepared documentation and activity checklists for each phase. The intended outcomes were clearly defined to align security controls with business objectives.
Infralink started by implementing several controls from Annex A of ISO/IEC 27001. These included regulating physical and logical access to information and assets in accordance with business and information security requirements, managing the identity life cycle, and establishing procedures for providing, reviewing, modifying, and revoking access rights. However, controls related to the secure allocation and management of authentication information, as well as the establishment of rules or agreements for secure information transfer, have not yet been implemented. During the documentation process, the company ensured that all ISMS- related documents supported traceability by including titles, creation or update dates, author names, and unique reference numbers. Based on the scenario above, answer the following question.
Based on the controls implemented by Infralink. which category of information security controls do They fall under? Refer to scenario 3.

Suggested Answer: A Vote an answer

The correct and verified answer is A. Technological, based on the nature of the controls implemented by Infralink in Scenario 3.
The controls implemented-A.5.15 Access control, A.5.16 Identity management, and A.5.18 Access rights- are enforced primarily through technical mechanisms, such as:
* Centralized identity systems
* Authentication platforms
* Access control lists
* Role-based access control
* System-enforced provisioning and revocation
Although these controls are classified under "Organizational controls" in Annex A's grouping, their implementation and enforcement mechanisms are technological in nature. ISO/IEC 27001:2022 emphasizes that effective security requires technical enforcement, not reliance on human behavior alone.
These controls are supported by technological services such as identity and access management (IAM), directory services, and authentication systems, which automatically enforce restrictions.
* People controls relate to awareness, training, and disciplinary processes.
* Organizational controls define policy and governance.
* Technological controls enforce access restrictions, identity validation, and authorization at system level.
Given that the scenario focuses on centralized identification, shared authentication mechanisms, and system- enforced access control, the implemented controls fall under the Technological category in practice.

by Woodrow at Jul 09, 2026, 06:11 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.