Академический Документы
Профессиональный Документы
Культура Документы
www.pecb.com
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
The objective of the “PECB Certified ISO/IEC 27032 Lead Cybersecurity Manager”
examination is to ensure that the candidate has the knowledge and competence needed to
support an organization in implementing and managing a Cybersecurity Program based on
ISO/IEC 27032 and the NIST Cybersecurity Framework.
Page 2 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Page 3 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
2. Ability to explain the role of stakeholders 2. Knowledge of the consumers’ role and their
in enhancing a Cybersecurity impact on cyberspace.
programme.
3. Knowledge of the roles of various
3. Ability to understand the roles and individuals in the cyberspace.
responsibilities of providers and
consumers as the main stakeholders in 4. Knowledge of government and law
cybersecurity. enforcement agencies’ role and their impact
on cyberspace.
4. Ability to distinguish between the roles of
the individuals and roles of the
organization in the cyberspace.
Page 4 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Main objective: Ensure that the candidate can implement a methodology of risk
assessment adapted to the needs of the organization.
1. Ability to understand the Cybersecurity 1. Knowledge of the concept of risk and its
risk to organizational operations (including application in Cybersecurity.
mission, functions, image, or reputation),
organizational assets, and individuals. 2. Knowledge of risk analysis methods.
5. Ability to understand and explain the risk 6. Knowledge of Cybersecurity assets and
management framework based on their importance.
ISO/IEC 27005.
Page 5 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Main objective: Ensure that the candidate can understand and explain top cyber-
threats and their mitigation vectors, and implement key cybersecurity controls as guided
in ISO/IEC 27032.
8. Knowledge of Cryptography.
Page 6 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Main objective: Ensure that the candidate can establish an Information Sharing and
Coordination framework based on the ISO/IEC 27032.
2. Ability to determine and implement the 2. Knowledge of the roles and responsibilities
required methods and processes for of the key actors during the implementation
information sharing and coordination of an information sharing and coordination
framework. framework.
Page 7 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
3. Ability to define the format and structure 3. Knowledge of the principles of business
of a cybersecurity continuity plan. continuity as indicated in ISO/IEC 27031.
Page 8 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Page 9 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Based on these 7 domains and their relevance, 12 questions are included in the exam as
summarized in the table below:
Level of Understanding
(Cognitive/Taxonomy) Required
Cybersecurity
Risk 10 x
Management 2 16.67 15 20.00
5 x
Content Area/Competence Domains
Attack
mechanisms 10 x
Integrating
Cybersecurity 5 x
Program in
Business 2 16.67 10 13.33
Continuity 5 x
Management
Cybersecurity
incident 5 x
management,
and 2 16.67 10 13.33
performance
5 x
measurement
Total points 75
Number of questions per level of
7 5
understanding
% of test devoted to each level of
58.33 41.67
understanding
(cognitive/taxonomy)
After successfully passing the exam, candidates will be able to apply for the “PECB Certified
ISO/IEC 27032 Lead Cybersecurity Manager” credential, depending on their level of experience.
Page 10 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Candidates will be required to arrive at least thirty (30) minutes before the beginning of the
certification exam. Candidates arriving late will not be given compensatory time for the late
arrival and may be denied entry to the exam.
All candidates are required to present a valid identity card such as a national ID card, driver’s
license, or passport to the invigilator.
The exam contains essay type questions: This type of format was selected as a means of
determining whether an examinee can clearly answer training related questions, by assessing
problem solving techniques and formulating arguments supported with reasoning and evidence.
The exam is set to be “open book”, and does not measure the recall of data or information. The
examination evaluates the candidates’ comprehension, application and analyzing skills.
Therefore, candidates will have to justify their answers by providing concrete explanations as to
demonstrate that they have been capable of understanding the training concepts. At the end of
this document, you will find samples of exam questions and potential answers.
The use of electronic devices, such as laptops, cell phones, etc., is not allowed.
All attempts to copy, collude or otherwise cheat during the exam will automatically lead to the
failure of the exam.
PECB exams are available in English. For availability of the exam in a language other than
English, please contact examination@pecb.com.
Results will be communicated by email within a period of 6 to 8 weeks from your examination
date. The candidate will be provided with only two possible examination results: pass or fail,
rather than an exact grade.
Candidates who successfully complete the examination will be able to apply for a certified
scheme.
In case of a failure, the results will be accompanied with the list of domains where the candidate
failed to fully answer the question. This can help the candidate better prepare for a retake the
exam.
Page 11 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Candidates who disagree with the exam results may file a complaint by writing to
examination@pecb.com. For more information, please refer to www.pecb.com.
There is no limit on the number of times a candidate may retake an exam. However, there are
some limitations in terms of the allowed time-frame in between exam retakes, such as:
If a candidate does not pass the exam on the first attempt, he/she must wait 15 days for
the next attempt (1st retake). Retake fee applies.
Note: Students, who have completed the full training but failed the written exam, are eligible to
retake the exam once for free within a 12 month period from the initial date of the exam.
If a candidate does not pass the exam on the second attempt, he/she must wait 3
months (from the initial date of the exam) for the next attempt (2nd retake). Retake fee
applies.
If a candidate does not pass the exam on the third attempt, he/she must wait 6 months
(from the initial date of the exam) for the next attempt (3rd retake). Retake fee applies.
After the fourth attempt, a waiting period of 12 months from the last session date is required in
order for the candidate to retake the same exam. Regular fee applies.
For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official
training in order to be better prepared for the exam.
To arrange exam retakes (date, time, place, costs), the candidate needs to contact the PECB
partner who has initially organized the session.
CLOSING A CASE
If an applicant does not apply for his/her certificate within three years, their case will be closed.
Even though an applicant’s certification period expires they have the right to reopen their case,
however, PECB will no longer be responsible for any changes regarding the conditions,
standards, policies, candidate handbook or exam preparation guide that were applicable before
the applicant’s case was closed. Applicants requesting their case to reopen must do so in
writing, and pay the required fees.
EXAMINATION SECURITY
Page 12 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Possible answer:
According to clause 10.3 of ISO/IEC 27032, service providers are expected to observe the
same roles and responsibilities as consumer organizations, however, they have additional
responsibilities in maintaining or even enhancing security of the Cyberspace by:
— providing security inputs to other providers and to consumers about trends and observations
of traffic in their networks and services.
By the time that they provide information and services to the cyberspace and the cyberspace
environment depends on them, they should be considered stakeholders.
So, providers are affected by the outcome of the Cyberspace or the services in it and also they
are involved in Cybersecurity condition.
Possible answer:
2. Clause 12.4.a - Use of supported operating systems, with the most updated security
patches installed.
Keep operating system up to date regarding security patches.
Ask for reports to ensure that consumers are aware of, and follow organizational policy
regarding supported operating systems.
Page 13 of 14
PECB-820-34-ISO/IEC 27032 LCM Exam Preparation Guide
Possible answer:
Share a policy about the use of supported operating system and there is a need for
updates and security patches installed.
Share a policy and appropriate information regarding the use of the latest supported
software applications, with the most updated patches installed.
Share appropriate information and policy on the use of anti-virus and anti-spyware tools.
Send notifications to the end users about new updates and potential threats.
Advise them to understand and read more about cybersecurity threats.
Keep them abreast about the new security capabilities to protect users against risks.
Page 14 of 14