Black Friday Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Page: 1 / 20

ISO 27001 PECB Certified ISO/IEC 27001 2022 Lead Auditor exam

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam

Last Update Nov 25, 2024
Total Questions : 289

To help you prepare for the ISO-IEC-27001-Lead-Auditor PECB exam, we are offering free ISO-IEC-27001-Lead-Auditor PECB exam questions. All you need to do is sign up, provide your details, and prepare with the free ISO-IEC-27001-Lead-Auditor practice questions. Once you have done that, you will have access to the entire pool of PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor test questions which will help you better prepare for the exam. Additionally, you can also find a range of PECB Certified ISO/IEC 27001 2022 Lead Auditor exam resources online to help you better understand the topics covered on the exam, such as PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor video tutorials, blogs, study guides, and more. Additionally, you can also practice with realistic PECB ISO-IEC-27001-Lead-Auditor exam simulations and get feedback on your progress. Finally, you can also share your progress with friends and family and get encouragement and support from them.

Questions 2

You are an experienced ISMS audit team leader providing instruction to a class of auditors in training. The subject of today's lesson is the management of information security risk in accordance with the requirements of ISO/IEC 27001:2022.

You provide the class with a series of activities. You then ask the class to sort these activities into the order in which they appear in the standard.

What is the correct sequence they should report back to you?

Questions 2

Options:

Discussion 0
Questions 3

The audit team leader decided to involve a technical expert as part of the audit team, so they could fill the potential gaps of the audit team members' knowledge. What should the audit team leader consider in this case?

Options:

A.  

The technical expert is allowed to take decisions related to the audit process when it is needed

B.  

The technical expert should discuss their concerns directly with the certification body, and not with the auditor

C.  

The technical expert can communicate their audit findings to the auditee only through one of the audit team members

Discussion 0
Questions 4

You are conducting an ISMS audit in the despatch department of an international logistics organisation that provides shipping services to large organisations including local hospitals and government offices. Parcels typically contain pharmaceutical products, biological samples, and documents such as passports and driving licences. You note that the company records show a very large number of returned items with causes including misaddressed labels and, in 15% of cases, two or more labels for different addresses for the one package. You are interviewing the Shipping Manager (SM).

You: Are items checked before being dispatched?

SM: Any obviously damaged items are removed by the duty staff before being dispatched, but the small profit margin makes it uneconomic to implement a formal checking process.

You: What action is taken when items are returned?

SM: Most of these contracts are relatively low value, therefore it has been decided that it is easier and more convenient to simply reprint the label and re-send individual parcels than it is to implement an investigation.

You raise a nonconformity against ISO 27001:2022 based on the lack of control of the labelling process.

At the closing meeting, the Shipping Manager issues an apology to you that his comments may have been misunderstood. He says that he did not realise that there is a background IT process that automatically checks that the right label goes onto the right parcel otherwise the parcel is ejected at labelling. He asks that you withdraw your nonconformity.

Select three options of the correct responses that you as the audit team leader would make to the request of the Shipping Manager.

Options:

A.  

Advise the Shipping Manager that his request will be included in the audit report

B.  

Advise management that the new information provided will be discussed when the auditors have more time

C.  

Inform the Shipping Manager that the nonconformity is minor and should be quickly corrected

D.  

Ask the audit team members to state what they think should happen

E.  

Inform him of your understanding and withdraw the nonconformity

F.  

Thank the Shipping Manager for his honesty but advise that withdrawing the nonconformity is not the right way to proceed

G.  

Advise the Shipping Manager that the nonconformity must stand since the evidence obtained for it was dear

Discussion 0
Questions 5

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify that the Statement of Applicability (SoA) contains the necessary controls. You review the latest SoA (version 5) document, sampling the access control to the source code (A.8.4), and want to know how the organisation secures ABC's healthcare mobile app source code received from an outsourced software developer.

The IT Security Manager explains the received source code will be checked into the SCM system to make sure of its integrity and security. Only authorised users will be able to check out the software to update it. Both check-in and check-out activities will be logged by the system automatically. The version control is managed by the system automatically.

You found a total of 10 user accounts on the SCM. All of them are from the IT department. You further check with the Human Resource manager and confirm that one of the users, Scott, resigned 9 months ago. The SCM System Administrator confirmed Scott's last check-out of the source code was found 1 month ago. He was using one of the authorised desktops from the local network in a secure area.

You check the user de-registration procedure which states "Managers have to make sure of deregistration of the user account and authorisation immediately from the relevant ICT system and/or equipment after resignation approval." There was no deregistration record for user Scott.

The IT Security Manager explains that Scott is a very good software engineer, an ex-colleague, and a friend. He still comes back to the office every month after he resigned to provide support on source code maintenance. That's why his account on SCM still exists. "We know Scott well and he passed all our background checks when he joined us. As such we didn't feel it necessary to agree any further information security requirements with him just because he is now an external provider".

You prepare the audit findings. Select the three correct options.

Options:

A.  

There is a nonconformity (NC). Scott should have been advised of applicable information security requirements relevant to his new relationship (external provider) with the nursing home. The IT security manager has however confirmed that this did not take place. This does not conform with control

A.  

5.20.

B.  

There is a nonconformity (NC). The organisation's access control arrangements are not operating effectively as an individual who is no longer employed by the organisation is being permitted to access the nursing home's ICT systems. This does not conform with control A.5.15.

C.  

There is a nonconformity (NC). The IT Security manager did not make sure the user account for Scott was removed from the SCM and did not complete the user deregistration process after the resignation. This does not conform with clause 9.1 and control A.5.15.

D.  

There is a nonconformity (NC). The operating procedures are not well documented. This prevented the SCM System Administrator from being able to remove a user account immediately. This does not conform with clause 9.1 and control A.5.37.

E.  

There is a nonconformity (NC). The organisation does not have a documented procedure setting out the use of systematic tools to provide access and version control of the source code. This does not conform with clause 9.1 and control A.8.4.

F.  

There is a nonconformity (NC). The organisation has failed to identify the security risks associated with leaving Scott's account open when he was only re-engaged for a short period monthly. This does not conform with clause 8.2.

G.  

There is a nonconformity (NC). The SCM is open-source system software. It is not secured and cannot be used for access and version control of the source code. This does not conform with clause 9.1 and control A.8.4.

Discussion 0
Neve
Will I be able to achieve success after using these dumps?
Rohan Oct 24, 2024
Absolutely. It's a great way to increase your chances of success.
Freddy
I passed my exam with flying colors and I'm confident who will try it surely ace the exam.
Aleksander Sep 26, 2024
Thanks for the recommendation! I'll check it out.
Mariam
Do anyone think Cramkey questions can help improve exam scores?
Katie Nov 2, 2024
Absolutely! Many people have reported improved scores after using Cramkey Dumps, and there are also success stories of people passing exams on the first try. I already passed this exam. I confirmed above questions were in exam.
Yusra
I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.
Alisha Aug 29, 2024
I recently used their dumps for the certification exam I took and I have to say, I was really impressed.
Cecilia
Yes, I passed my certification exam using Cramkey Dumps.
Helena Sep 19, 2024
Great. Yes they are really effective
Title
Questions
Posted

ISO-IEC-27001-Lead-Auditor
PDF

$36.75  $104.99

ISO-IEC-27001-Lead-Auditor Testing Engine

$43.75  $124.99

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$57.75  $164.99