New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

PECB Updated ISO-IEC-27001-Lead-Auditor Exam Questions and Answers by sonia

Page: 5 / 20

PECB ISO-IEC-27001-Lead-Auditor Exam Overview :

Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Exam Code: ISO-IEC-27001-Lead-Auditor Dumps
Vendor: PECB Certification: ISO 27001
Questions: 289 Q&A's Shared By: sonia
Question 20

Scenario 4: SendPay is a financial company that provides its services through a network of agents and financial institutions. One of their main services is transferring money worldwide. SendPay, as a new company, seeks to offer top quality services to its clients. Since the company offers international transactions, it requires from their clients to provide personal information, such as their identity, the reason for the transactions, and other details that might be needed to complete the transaction. Therefore, SendPay has implemented security measures to protect their clients' information, including detecting, investigating, and responding to any information security threats that may emerge. Their commitment to offering secure services was also reflected during the ISMS implementation where the company invested a lot of time and resources.

Last year, SendPay unveiled their digital platform that allows money transactions through electronic devices, such as smartphones or laptops, without requiring an additional fee. Through this platform, SendPay's clients can send and receive money from anywhere and at any time. The digital platform helped SendPay to simplify the company's operations and further expand its business. At the time, SendPay was outsourcing its software operations, hence the project was completed by the software development team of the outsourced company. The same team was also responsible for maintaining the technology infrastructure of SendPay.

Recently, the company applied for ISO/IEC 27001 certification after having an ISMS in place for almost a year. They contracted a certification body that fit their criteria. Soon after, the certification body appointed a team of four auditors to audit SendPay's ISMS.

During the audit, among others, the following situations were observed:

1.The outsourced software company had terminated the contract with SendPay without prior notice. As a result, SendPay was unable to immediately bring the services back in-house and its operations were disrupted for five days. The auditors requested from SendPay's representatives to provide evidence that they have a plan to follow in cases of contract terminations. The representatives did not provide any documentary evidence but during an interview, they told the auditors that the top management of SendPay had identified two other software development companies that could provide services immediately if similar situations happen again.

2.There was no evidence available regarding the monitoring of the activities that were outsourced to the software development company. Once again, the representatives of SendPay told the auditors that they regularly communicate with the software development company and that they are appropriately informed for any possible change that might occur.

3.There was no nonconformity found during the firewall testing. The auditors tested the firewall configuration in order to determine the level of security provided by

these services. They used a packet analyzer to test the firewall policies which enabled them to check the packets sent or received in real-time.

Based on this scenario, answer the following question:

Why could SendPay not restore their services back in-house after the contract termination? Refer to scenario 4.

Options:

A.

Because SendPay did not monitor the technology infrastructure of the outsourced software operations

B.

Because SendPay lacked a comprehensive business continuity plan with potential impact of contract terminations

C.

Because the outsourced software company terminated the contract with SendPay without prior notice

Discussion
Question 21

OrgXY is an ISO/IEC 27001-certified software development company. A year after being certified, OrgXY's top management informed the certification body that the company was not ready for conducting the surveillance audit. What happens in this case?

Options:

A.

The certification is suspended

B.

The current certification is used until the next surveillance audit

C.

OrgXY transfers its registration to another certification body

Discussion
Question 22

The scope of an organization certified against ISO/IEC 27001 states that they provide editing and web hosting services. However, due to some changes in the organization, the technical support related to the web hosting services has been outsourced. Should a change in the scope be initiated in this case?

Options:

A.

Yes, because any change in the external environment initiates a change in the scope

B.

No, because the change does not require implementation of new security controls

C.

No, because the organization is already certified for its editing and web hosting services

Discussion
Ella-Rose
Amazing website with excellent Dumps. I passed my exam and secured excellent marks!!!
Alisha Aug 17, 2024
Extremely accurate. They constantly update their materials with the latest exam questions and answers, so you can be confident that what you're studying is up-to-date.
Honey
I highly recommend it. They made a big difference for me and I'm sure they'll help you too. Just make sure to use them wisely and not solely rely on them. They should be used as a supplement to your regular studies.
Antoni Oct 25, 2024
Good point. Thanks for the advice. I'll definitely keep that in mind.
Sarah
Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.
Aaliyah Aug 27, 2024
Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.
Laila
They're such a great resource for anyone who wants to improve their exam results. I used these dumps and passed my exam!! Happy customer, always prefer. Yes, same questions as above I know you guys are perfect.
Keira Aug 12, 2024
100% right….And they're so affordable too. It's amazing how much value you get for the price.
Teddie
yes, I passed my exam with wonderful score, Accurate and valid dumps.
Isla-Rose Aug 18, 2024
Absolutely! The questions in the dumps were almost identical to the ones that appeared in the actual exam. I was able to answer almost all of them correctly.
Question 23

You are conducting an ISMS audit. The next step in your audit plan is to verify that the organisation's

information security risk treatment plan has been established and implemented properly. You decide to

interview the IT security manager.

You: Can you please explain how the organisation performs its information security risk assessment and

treatment process?

IT Security Manager: We follow the information security risk management procedure which generates a

risk treatment plan.

Narrator: You review risk treatment plan No. 123 relating to the planned installation of an electronic

(invisible) fence to improve the physical security of the nursing home. You found the risk treatment plan was

approved by IT Security Manager.

You: Who is responsible for physical security risks?

IT Security Manager: The Facility Manager is responsible for the physical security risk. The IT department helps them to monitor the alarm. The Facility Manager is authorized to approve the budget for risk treatment plan No. 123.

You: What residual information security risks exist after risk treatment plan No. 123 was implemented?

IT Security Manager: There is no information for the acceptance of residual information security risks as far as I know.

You prepare your audit findings. Select three options for findings that are justified in the scenario.

Options:

A.

Nonconformity (NC) - The information for the acceptance of residual information security risks should be updated after the risk treatment is implemented. Clause 6.1.3.f

B.

There is an opportunity for improvement (OI) to conduct security checks on the perimetre fence

C.

There is an opportunity for improvement (OI) once the Electronic (invisible) fence is installed. Residents' physical security is improved

D.

Nonconformity (NC) - Top management must ensure that the resources needed for the ISMS are available. Clause 5.1.c

E.

Nonconformity (NC) - The IT security manager should be aware of and understand his authority and area of responsibility. Clause 7.3

F.

Nonconformity (NC) - The organization should provide the resources needed for the continual improvement of the ISMS. Clause 7.1

G.

Nonconformity (NC) - The risk treatment plan No. 123 should be approved by the risk owner, the Facility Manager in this case. Clause 6.1.3.f

Discussion
Page: 5 / 20
Title
Questions
Posted

ISO-IEC-27001-Lead-Auditor
PDF

$36.75  $104.99

ISO-IEC-27001-Lead-Auditor Testing Engine

$43.75  $124.99

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$57.75  $164.99