Exam ISO-IEC-27001-Lead-Auditor Topic 4 Question 14 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 14
Topic #: 4
Question #: 14
Topic #: 4
What is an example of a human threat?
Suggested Answer: C Vote an answer
Explanation
A human threat is a threat that originates from a person or a group of people who intentionally or unintentionally cause harm to an organization's information assets. Examples of human threats include hackers, insiders, terrorists, criminals, competitors, or disgruntled employees. A human threat can exploit technical, physical, or organizational vulnerabilities to compromise the confidentiality, integrity, or availability of information. Phishing is an example of a human threat that uses social engineering techniques to trick users into revealing sensitive information, such as passwords, credit card numbers, or bank account details. Phishing attacks often involve sending fraudulent emails or messages that appear to be from legitimate sources, such as banks, government agencies, or trusted contacts. The messages may contain links to malicious websites or attachments that contain malware. Therefore, the correct answer is C. References: ISO/IEC 27000:2022, clause 3.25; What is Phishing? | How to Identify & Avoid Phishing Scams.
A human threat is a threat that originates from a person or a group of people who intentionally or unintentionally cause harm to an organization's information assets. Examples of human threats include hackers, insiders, terrorists, criminals, competitors, or disgruntled employees. A human threat can exploit technical, physical, or organizational vulnerabilities to compromise the confidentiality, integrity, or availability of information. Phishing is an example of a human threat that uses social engineering techniques to trick users into revealing sensitive information, such as passwords, credit card numbers, or bank account details. Phishing attacks often involve sending fraudulent emails or messages that appear to be from legitimate sources, such as banks, government agencies, or trusted contacts. The messages may contain links to malicious websites or attachments that contain malware. Therefore, the correct answer is C. References: ISO/IEC 27000:2022, clause 3.25; What is Phishing? | How to Identify & Avoid Phishing Scams.
by Gavin at Dec 14, 2025, 05:32 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).