New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

PECB Updated ISO-IEC-27001-Lead-Auditor Exam Questions and Answers by soraya

Page: 10 / 20

PECB ISO-IEC-27001-Lead-Auditor Exam Overview :

Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Exam Code: ISO-IEC-27001-Lead-Auditor Dumps
Vendor: PECB Certification: ISO 27001
Questions: 289 Q&A's Shared By: soraya
Question 40

Which two of the following phrases would apply to "plan" in relation to the Plan-Do-Check-Act cycle for a business process?

Options:

A.

Retaining documentation

B.

Retaining documentation

C.

Organising changes

D.

Setting objectives

E.

Training staff

F.

Providing ICT assets

Discussion
Yusra
I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.
Alisha Aug 29, 2024
I recently used their dumps for the certification exam I took and I have to say, I was really impressed.
Esmae
I highly recommend Cramkey Dumps to anyone preparing for the certification exam.
Mollie Aug 15, 2024
Absolutely. They really make it easier to study and retain all the important information. I'm so glad I found Cramkey Dumps.
Nia
Why are these Dumps so important for students these days?
Mary Oct 9, 2024
With the constantly changing technology and advancements in the industry, it's important for students to have access to accurate and valid study material. Cramkey Dumps provide just that. They are constantly updated to reflect the latest changes and ensure that the information is up-to-date.
Victoria
Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.
Isabel Sep 21, 2024
Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.
Question 41

Scenario 6: Sinvestment is an insurance company that offers home, commercial, and life insurance. The company was founded in North Carolina, but have recently expanded in other locations, including Europe and Africa.

Sinvestment is committed to complying with laws and regulations applicable to their industry and preventing any information security incident. They have implemented an ISMS based on ISO/IEC 27001 and have applied for ISO/IEC 27001 certification.

Two auditors were assigned by the certification body to conduct the audit. After signing a confidentiality agreement with Sinvestment. they started the audit activities. First, they reviewed the documentation required by the standard, including the declaration of the ISMS scope, information security policies, and internal audits reports. The review process was not easy because, although Sinvestment stated that they had a documentation procedure in place, not all documents had the same format.

Then, the audit team conducted several interviews with Sinvestment's top management to understand their role in the ISMS implementation. All activities of the stage 1 audit were performed remotely, except the review of documented information, which took place on-site, as requested by Sinvestment.

During this stage, the auditors found out that there was no documentation related to information security training and awareness program. When asked, Sinvestment's representatives stated that the company has provided information security training sessions to all employees. Stage 1 audit gave the audit team a general understanding of Sinvestment's operations and ISMS.

The stage 2 audit was conducted three weeks after stage 1 audit. The audit team observed that the marketing department (which was not included in the audit scope) had no procedures in place to control employees’ access rights. Since controlling employees' access rights is one of the ISO/IEC 27001 requirements and was included in the information security policy of the company, the issue was included in the audit report. In addition, during stage 2 audit, the audit team observed that Sinvestment did not record logs of user activities. The procedures of the company stated that "Logs recording user activities should be retained and regularly reviewed," yet the company did not present any evidence of the implementation of such procedure.

During all audit activities, the auditors used observation, interviews, documented information review, analysis, and technical verification to collect information and evidence. All the audit findings during stages 1 and 2 were analyzed and the audit team decided to issue a positive recommendation for certification.

According to scenario 6, the marketing department employees were not following the access control policy. Which option is correct in this case?

Options:

A.

The marketing department is not included in the audit scope, so the issue should only be communicated to Sinvestment's representatives

B.

The employees' access right control is included in Sinvestment’s information security policy, so the issue must be communicated to Sinvestment's representatives and included in the audit report

C.

Sinvestment is not controlling the employees' access rights, which represents a potential information security risk and should be reported as a major nonconformity

Discussion
Question 42

You are an experienced ISMS audit team leader providing guidance to an ISMS auditor in training. They have been asked to carry out an assessment of external providers and have prepared a checklist containing the following activities. They have asked you to review their checklist to confirm that the actions they are proposing are appropriate.

The audit they have been invited to participate in is a third-party surveillance audit of a data centre . The data centre agent is part of a wider telecommunication group. Each data centre within the group operates its own ISMS and holds its own certificate.

Select three options that relate to ISO/IEC 27001:2022's requirements regarding external providers.

Options:

A.

I will check the other data centres are treated as external providers, even though they are part of the same telecommunication group

B.

I will ensure external providers have a documented process in place to notify the organisation of any risks arising from the use of its products or services

C.

I will ensure that the organisation has a reserve external provider for each process it has identified as critical to preservation of the confidentiality, integrity and accessibility of its information

D.

I will limit my audit activity to externally provided processes as there is no need to audit externally provided products of services

E.

I will ensure the organization is regularly monitoring, reviewing and evaluating external provider performance

F.

I will ensure the organization is has determined the need to communicate with external providers regarding the ISMS

G.

I will ensure that top management have assigned roles and responsibilities for those providing external ISMS processes as well as internal ISMS processes

Discussion
Question 43

In the context of a third-party certification audit, which two options state the management responsibilities of the audit team leader in managing the audit and the audit team?

Options:

A.

Interviewing the ISMS manager

B.

Adopting a risk-based approach to planning the audit

C.

Auditing top management

D.

Establishing contact with the auditee

E.

Issuing the management system certificate

F.

Preparing the audit nonconformity reports

Discussion
Page: 10 / 20
Title
Questions
Posted

ISO-IEC-27001-Lead-Auditor
PDF

$36.75  $104.99

ISO-IEC-27001-Lead-Auditor Testing Engine

$43.75  $124.99

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$57.75  $164.99