New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

PECB Updated ISO-IEC-27001-Lead-Auditor Exam Questions and Answers by alicja

Page: 2 / 20

PECB ISO-IEC-27001-Lead-Auditor Exam Overview :

Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Exam Code: ISO-IEC-27001-Lead-Auditor Dumps
Vendor: PECB Certification: ISO 27001
Questions: 289 Q&A's Shared By: alicja
Question 8

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident management process. The IT Security Manager presents the information

security incident management procedure (Document reference ID: ISMS_L2_16, version 4) and explains that the process is

based on ISO/IEC 27035-1:2016.

You review the document and notice a statement "any information security weakness, event, and incident should be reported

to the Point of Contact (PoC) within 1 hour after identification". When interviewing staff, you found that there were differences

in the understanding of the meaning of "weakness, event, and incident".

The IT Security Manager explained that an online "information security handling" training seminar was conducted 6 months

ago. All of the interviewed persons participated in and passed the reporting exercise and course assessment.

You are preparing the audit findings. Select two options that are correct.

Options:

A.

There is a nonconformity (NC). The information security incident training has failed. This is not conforming with clause 7.2 and control A.6.3.

B.

There is a nonconformity (NC). The terminology of the the incident management reporting process is unclear as evidenced by staff misunderstanding of the meaning of "weakness, event and incident". This is not conforming with clause 9.1 and control A.5.24.

C.

There is an opportunity for improvement (OFI). The information security incident training effectiveness can be improved. This is relevant to clause 7.2 and control A.6.3.

D.

There is an opportunity for improvement (OFI). The information security weaknesses, events, and incidents are reported. This is relevant to clause 9.1 and control A.5.24.

E.

There is no nonconformance. The information security handling training has been effective. This conforms with clause 7.2 and control A.6.3.

F.

There is no nonconformance. The information security weaknesses, events, and incidents are reported. This conforms with clause 9.1 and control A.5.24.

Discussion
Question 9

Scenario 3: NightCore is a multinational technology company based in the United States that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence. After having an information security management system (ISMS) implemented for over 8 months, they contracted a certification body to conduct a third party audit in order to get certified against ISO/IEC 27001.

The certification body set up a team of seven auditors. Jack, the most experienced auditor, was assigned as the audit team leader. Over the years, he received many well known certifications, such as the ISO/IEC 27001 Lead Auditor, CISA, CISSP, and CISM.

Jack conducted thorough analyses on each phase of the ISMS audit, by studying and evaluating every information security requirement and control that was implemented by NightCore. During stage 2 audit. Jack detected several nonconformities. After comparing the number of purchased invoices for software licenses with the software inventory, Jack found out that the company has been using the illegal versions of a software for many computers. He decided to ask for an explanation from the top management about this nonconformity and see whether they were aware about this. His next step was to audit NightCore's IT Department. The top management assigned Tom, NightCore's system administrator, to act as a guide and accompany Jack and the audit team toward the inner workings of their system and their digital assets infrastructure.

While interviewing a member of the Department of Finance, the auditors discovered that the company had recently made some unusual large transactions to one of their consultants. After gathering all the necessary details regarding the transactions. Jack decided to directly interview the top management.

When discussing about the first nonconformity, the top management told Jack that they willingly decided to use a copied software over the original one since it was cheaper. Jack explained to the top management of NightCore that using illegal versions of software is against the requirements of ISO/IEC 27001 and the national laws and regulations. However, they seemed to be fine with it.

Several months after the audit, Jack sold some of NightCore's information that he collected during the audit for a huge amount of money to competitors of NightCore.

Based on this scenario, answer the following question:

Does ISO/IEC 27001 require organizations to comply with national laws and regulations?

Options:

A.

Yes, but relevant legal and contractual requirements do not need to be explicitly identified

B.

No, there is no clear indication in the standard as to whether the organization should comply with the national laws and regulations

C.

Yes, complying with the applicable legislation is a requirement of ISO/IEC 27001

Discussion
Question 10

Which one of the following options describes the main purpose of a Stage 1 audit?

Options:

A.

To determine readiness for Stage 2

B.

To check for legal compliance by the organisation

C.

To get to know the organisation

D.

To compile the audit plan

Discussion
Hassan
Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.
Kasper Oct 20, 2024
Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.
Lennie
I passed my exam and achieved wonderful score, I highly recommend it.
Emelia Oct 2, 2024
I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!
Ari
Can anyone explain what are these exam dumps and how are they?
Ocean Oct 16, 2024
They're exam preparation materials that are designed to help you prepare for various certification exams. They provide you with up-to-date and accurate information to help you pass your exams.
Miriam
Highly recommended Dumps. 100% authentic and reliable. Passed my exam with wonderful score.
Milan Sep 24, 2024
I see. Thanks for the information. I'll definitely keep Cramkey in mind for my next exam.
Question 11

You have just completed a scheduled information security audit of your organisation when the IT Manager approaches you and asks for your assistance in the revision of the company's risk management process.

He is attempting to update the current documentation to make it easier for other managers to understand, however, it is clear from your discussion he is confusing several key terms.

You ask him to match each of the descriptions with the appropriate risk term. What should the correct answers be?

Questions 11

Options:

Discussion
Page: 2 / 20
Title
Questions
Posted

ISO-IEC-27001-Lead-Auditor
PDF

$36.75  $104.99

ISO-IEC-27001-Lead-Auditor Testing Engine

$43.75  $124.99

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$57.75  $164.99