New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

PECB Updated ISO-IEC-27001-Lead-Auditor Exam Questions and Answers by lilia

Page: 3 / 20

PECB ISO-IEC-27001-Lead-Auditor Exam Overview :

Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Exam Code: ISO-IEC-27001-Lead-Auditor Dumps
Vendor: PECB Certification: ISO 27001
Questions: 289 Q&A's Shared By: lilia
Question 12

Scenario 4: SendPay is a financial company that provides its services through a network of agents and financial institutions. One of their main services is transferring money worldwide. SendPay, as a new company, seeks to offer top quality services to its clients. Since the company offers international transactions, it requires from their clients to provide personal information, such as their identity, the reason for the transactions, and other details that might be needed to complete the transaction. Therefore, SendPay has implemented security measures to protect their clients' information, including detecting, investigating, and responding to any information security threats that may emerge. Their commitment to offering secure services was also reflected during the ISMS implementation where the company invested a lot of time and resources.

Last year, SendPay unveiled their digital platform that allows money transactions through electronic devices, such as smartphones or laptops, without requiring an additional fee. Through this platform, SendPay's clients can send and receive money from anywhere and at any time. The digital platform helped SendPay to simplify the company's operations and further expand its business. At the time, SendPay was outsourcing its software operations, hence the project was completed by the software development team of the outsourced company. The same team was also responsible for maintaining the technology infrastructure of SendPay.

Recently, the company applied for ISO/IEC 27001 certification after having an ISMS in place for almost a year. They contracted a certification body that fit their criteria. Soon after, the certification body appointed a team of four auditors to audit SendPay's ISMS.

During the audit, among others, the following situations were observed:

1.The outsourced software company had terminated the contract with SendPay without prior notice. As a result, SendPay was unable to immediately bring the services back in-house and its operations were disrupted for five days. The auditors requested from SendPay's representatives to provide evidence that they have a plan to follow in cases of contract terminations. The representatives did not provide any documentary evidence but during an interview, they told the auditors that the top management of SendPay had identified two other software development companies that could provide services immediately if similar situations happen again.

2.There was no evidence available regarding the monitoring of the activities that were outsourced to the software development company. Once again, the representatives of SendPay told the auditors that they regularly communicate with the software development company and that they are appropriately informed for any possible change that might occur.

3.There was no nonconformity found during the firewall testing. The auditors tested the firewall configuration in order to determine the level of security provided by

these services. They used a packet analyzer to test the firewall policies which enabled them to check the packets sent or received in real-time.

Based on this scenario, answer the following question:

How do you evaluate the evidence obtained related to the monitoring process of outsourced operations? Refer to scenario 4.

Options:

A.

Irrelevant, monitoring the outsourced operations is not a requirement of the standard

B.

Not reliable. SendPay provided only verbal evidence regarding the monitoring of its outsourced operations

C.

Appropriate and sufficient, verbal confirmation from the SendPay's representatives indicates that the they were aware that outsourced operations must be monitored

Discussion
Question 13

You are an ISMS audit team leader tasked with conducting a follow-up audit at a client's data centre. Following two days on-site you conclude that of the original 12 minor and 1 major nonconformities that prompted the follow-up audit, only 1 minor nonconformity still remains outstanding.

Select four options for the actions you could take.

Options:

A.

Book another follow-up audit on-site to review the one outstanding minor nonconformity once it has been cleared

B.

Recommend that the outstanding minor nonconformity is dealt with at the next surveillance audit

C.

Advise the auditee that you will arrange an online audit to deal with the outstanding nonconformity

D.

Note the progress made but hold the audit open until all corrective action has been cleared

E.

Agree with the auditee/audit client how the remaining nonconformity will be cleared, by when, and how its clearance will be verified

F.

Advise the individual managing the audit programme of any decision taken regarding the outstanding nonconformity

G.

Recommend suspension of the organisation's certification as they have failed to implement the agreed corrections and corrective actions within the agreed timescale

Discussion
Question 14

You are an experienced audit team leader guiding an auditor in training.

Your team is currently conducting a third-party surveillance audit of an organisation that stores data on behalf of external clients. The auditor in training has been tasked with reviewing the PEOPLE controls listed in the

Statement of Applicability (SoA) and implemented at the site.

Select four controls from the following that would you expect the auditor in training to review.

Options:

A.

Confidentiality and nondisclosure agreements

B.

How protection against malware is implemented

C.

Information security awareness, education and training

D.

Remote working arrangements

E.

The conducting of verification checks on personnel

F.

The operation of the site CCTV and door control systems

G.

The organisation's arrangements for information deletion

Discussion
Question 15

You are carrying out your first third-party ISMS surveillance audit as an audit team leader. You are presently in the auditee's data centre with another member of your audit team and the organisation's guide.

You request access to a locked room protected by a combination lock and iris scanner. The room contains several rows of uninterruptable power supplies along with several data cabinets containing client-supplied

equipment, predominantly servers, and switches.

You note that there is a gas-based fire extinguishing system in place. A label indicates that the system requires testing every 6 months however the most recent test recorded on the label was carried out by the

manufacturer 12 months ago.

Based on the scenario above which two of the following actions would you now take?

Options:

A.

Determine if requirements for recording fire extinguisher checks have been revised within the last year. If so, suggest these are referenced on the existing labels as an opportunity for improvement

B.

Make a note to ask the site maintenance manager for evidence that a fire extinguishing system test was carried out 6 months ago

C.

Providing water-based extinguishers are accessible in the room, take no further action as these provide an alternative means to put out a fire

D.

Raise a nonconformity against control A.5.7 'threat intelligence' as the organisation has not identified the need to take action against the threat of fire

E.

Raise a nonconformity against control A.7.11 'supporting utilities' as information processing facilities are not adequately protected against possible disruption

F.

Require the guide to initiate the organisation's information security incident process

Discussion
Mariam
Do anyone think Cramkey questions can help improve exam scores?
Katie Nov 2, 2024
Absolutely! Many people have reported improved scores after using Cramkey Dumps, and there are also success stories of people passing exams on the first try. I already passed this exam. I confirmed above questions were in exam.
Inaaya
Are these Dumps worth buying?
Fraser Oct 9, 2024
Yes, of course, they are necessary to pass the exam. They give you an insight into the types of questions that could come up and help you prepare effectively.
Anaya
I found so many of the same questions on the real exam that I had already seen in the Cramkey Dumps. Thank you so much for making exam so easy for me. I passed it successfully!!!
Nina Oct 14, 2024
It's true! I felt so much more confident going into the exam because I had already seen and understood the questions.
Nadia
Why these dumps are important? Can I pass my exam without these dumps?
Julian Oct 22, 2024
The questions in the Cramkey dumps are explained in detail and there are also study notes and reference materials provided. This made it easier for me to understand the concepts and retain the information better.
Everleigh
I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.
Huxley Aug 26, 2024
That's great to know. So, you think new students should buy these dumps?
Page: 3 / 20
Title
Questions
Posted

ISO-IEC-27001-Lead-Auditor
PDF

$36.75  $104.99

ISO-IEC-27001-Lead-Auditor Testing Engine

$43.75  $124.99

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$57.75  $164.99