LEAD-IMPLEMENTER Question #220: Real Exam Question with Answer & Explanation

Scenario 2: NyvMarketing is a marketing firm that provides different services to clients across various industries. With expertise in digital marketing. branding, and market research, NyvMarketing has built a solid reputation for delivering innovative and impactful marketing campaigns. With the growing Significance Of data Security and information protection within the marketing landscape, the company decided to implement an ISMS based on 27001. While implementing its ISMS NyvMarketing encountered a significant challenge; the threat of insufficient resources, This challenge posed a risk to effectively executing its ISMS objectives and could potentially undermine the company'S efforts to safeguard Sensitive information. TO address this threat, NyvMarketing adopted a proactive approach by appointing Michael to manage the risks related to resource Constraints. Michael was pivotal in identifying and addressing resource gaps. strategizing risk mitigation. and allocating resources effectively for ISMS implementation at NyvMarket穘g, strengthening the company's resilience against resource challenges. Furthermore, NyvMarketing prioritized industry standards and best practices in information security, diligently following ISOfIEC 27002 guidelines. This commitment, driven by excellence and ISO/IEC 27001 requirements, underscored NyvMafketinq穝 dedication to upholding the h穏hest Standards Of information security governance. While working on the ISMS implementation, NyvMarketing opted to exclude one Of the requirements related to competence (as stipulated in ISO/IEC 27001, Clause 7.2). The company believed that its existing workforce possessed the necessary competence to fulfill ISMS穞elated tasks_ However, it did not provide a valid justification for this omission. Moreover. when specific controls from Annex A Of ISO/IEC 27001 were not implemented. NyvMarketing neglected to provide an acceptable justification for these exclusions. During the ISMS implementation, NFMarketing thoroughly assessed vulnerabilities that could affect its information Security These vulnerabilities included insufficient maintenance and faulty installation Of storage media, insufficient periodic replacement schemes for equipment, Inadequate software testing. and unprotected communication lines. Recognizing that these vulnerabilities could pose risks to its data security. NBMarketing took steps to address these specific weaknesses by implementing the necessary controls and countermeasures- Based on the scenario above, answer the following question. In the scenario 2. NyvMarketing faced the threat of insufficient resources during the ISMS implementation. In which of the following categories does this threat fall? According to scenario 2, did NyvMarketing take actions that comply with ISO/IEC 27001 regarding the implementation of Annex A controls?