Exam ISO-IEC-27001-Lead-Implementer Topic 5 Question 2 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 2
Topic #: 5
Question #: 2
Topic #: 5
Nimbus Route, a cloud-native logistics optimization company based in the Netherlands, offers Al-driven route planning fleet management tools, and real time shipment tracking solutions to clients across Europe and North America. To safeguard sensitive logistics data and ensure resilience across its cloud services. Nimbus Route has implemented an information security management system (ISMS) based on ISO/lEC 27001. The company is also integrating intelligent transport systems and predictive analytics to increase operational efficiency and sustainability. As part of the ISMS implementation process, the company is determining the competence levels required to manage its ISMS. It has considered various factors when defining these competence requirements, including technological advancements, regulatory requirements, the company ' s mission.
strategic objectives, available resources. as well as the needs and expectations of its customers. Furthermore, the company has established clear guidelines for internal and external communication related to the ISMS, defining what information to share, when to share it. with whom, and through which channels. However, not all communications have been formally documented: instead, the company classified and managed communication based on its needs. ensuring that documentation is maintained only to the extent necessary for the ISMS ' s effectiveness To support its expanding digital services and ensure operational scalability. Nimbus Route utilizes virtualized computing resources provided by an external cloud service provider. This setup allows the company to configure and manage its operating systems, deploy applications. and control storage environments as needed while relying on the provider to maintain the underlying cloud environment. To further enhance is predictive capabilities. Nimbus Route is adopting machine learning techniques across several of its core services Specifically, it uses machine learning for route optimization and delivery time estimation, leveraging algorithms such as logistic regression and support vector machines to identify patterns in historical transportation data. As Nimbus Route ' s ISMS matures, the company has chosen a chased approach to its transition into full operational mode Rather than waiting for a formal launch, individual elements of the ISMS, such as risk treatment procedures, access controls, and audit logging, are being activated progressively as soon as they are developed and approved Based on the scenario above answer the following question.
According to scenario 6, is Nimbus Route ' s method of implementing ISMS components consistent with recommended ISMS deployment practices?
strategic objectives, available resources. as well as the needs and expectations of its customers. Furthermore, the company has established clear guidelines for internal and external communication related to the ISMS, defining what information to share, when to share it. with whom, and through which channels. However, not all communications have been formally documented: instead, the company classified and managed communication based on its needs. ensuring that documentation is maintained only to the extent necessary for the ISMS ' s effectiveness To support its expanding digital services and ensure operational scalability. Nimbus Route utilizes virtualized computing resources provided by an external cloud service provider. This setup allows the company to configure and manage its operating systems, deploy applications. and control storage environments as needed while relying on the provider to maintain the underlying cloud environment. To further enhance is predictive capabilities. Nimbus Route is adopting machine learning techniques across several of its core services Specifically, it uses machine learning for route optimization and delivery time estimation, leveraging algorithms such as logistic regression and support vector machines to identify patterns in historical transportation data. As Nimbus Route ' s ISMS matures, the company has chosen a chased approach to its transition into full operational mode Rather than waiting for a formal launch, individual elements of the ISMS, such as risk treatment procedures, access controls, and audit logging, are being activated progressively as soon as they are developed and approved Based on the scenario above answer the following question.
According to scenario 6, is Nimbus Route ' s method of implementing ISMS components consistent with recommended ISMS deployment practices?
Suggested Answer: A Vote an answer
Nimbus Route's phased (incremental) activation of ISMS components is fully consistent with recommended ISMS deployment practices, making Option A correct.
ISO/IEC 27001:2022 does not require a "big bang" implementation. Instead, it supports progressive implementation, continual improvement, and risk-based prioritization.
The scenario explains that Nimbus Route:
Activated ISMS elements as soon as they were developed and approved
Implemented controls such as risk treatment, access control, and audit logging progressively Avoided waiting for a formal, single launch date This approach aligns with:
Clause 6.1 - Actions to address risks and opportunities, which encourages early risk mitigation Clause 8.1 - Operational planning and control, allowing staged operationalization Clause 10.1 - Continual improvement, which supports incremental maturity Options B and C are incorrect because ISO/IEC 27001 does not mandate simultaneous deployment nor does it require waiting until all controls are finalized before operation begins.
ISO/IEC 27001:2022 does not require a "big bang" implementation. Instead, it supports progressive implementation, continual improvement, and risk-based prioritization.
The scenario explains that Nimbus Route:
Activated ISMS elements as soon as they were developed and approved
Implemented controls such as risk treatment, access control, and audit logging progressively Avoided waiting for a formal, single launch date This approach aligns with:
Clause 6.1 - Actions to address risks and opportunities, which encourages early risk mitigation Clause 8.1 - Operational planning and control, allowing staged operationalization Clause 10.1 - Continual improvement, which supports incremental maturity Options B and C are incorrect because ISO/IEC 27001 does not mandate simultaneous deployment nor does it require waiting until all controls are finalized before operation begins.
by Steward at Jun 28, 2026, 08:25 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).