New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Complete ISO-IEC-27001-Lead-Auditor PECB Materials

Page: 16 / 20
Question 64

You are an experienced audit team leader guiding an auditor in training.

Your team is currently conducting a third-party surveillance audit of an organisation that stores data on behalf of external clients. The auditor in training has been tasked with reviewing the PHYSICAL controls listed in the Statement of Applicability (SoA) and implemented at the site.

Select four controls from the following that would you expect the auditor in training to review.

Options:

A.

Access to and from the loading bay

B.

How power and data cables enter the building

C.

Information security awareness, education, and training

D.

The conducting of verification checks on personnel

E.

The development and maintenance of an information asset inventory

F.

The operation of the site CCTV and door control systems

G.

The organisation's arrangements for maintaining equipment

Question 65

Review the following statements and determine which two are false:

Options:

A.

Conducting a technology check in advance of a virtual audit can improve the effectiveness and efficiency of the audit

B.

During a virtual audit, auditees participating in interviews are strongly recommended to keep their webcam enabled

C.

The number of days assigned to a third-party audit is determined by the auditee's availability

D.

Due to confidentiality and security concerns, screen sharing during a virtual audit is one method by which the audit team can review the auditee's documentation

E.

The selection of onsite, virtual or combination audits should take into consideration historical performance and previous audit results

F.

Auditors approved for conducting onsite audits do not require additional training for virtual audits, as there are no significant differences in the skillset required

Question 66

You are conducting an ISMS audit. The next step in your audit plan is to verify that the organisation's

information security risk treatment plan has been established and implemented properly. You decide to

interview the IT security manager.

You: Can you please explain how the organisation performs its information security risk assessment and

treatment process?

IT Security Manager: We follow the information security risk management procedure which generates a

risk treatment plan.

Narrator: You review risk treatment plan No. 123 relating to the planned installation of an electronic

(invisible) fence to improve the physical security of the nursing home. You found the risk treatment plan was

approved by IT Security Manager.

You: Who is responsible for physical security risks?

IT Security Manager: The Facility Manager is responsible for the physical security risk. The IT department helps them to monitor the alarm. The Facility Manager is authorized to approve the budget for risk treatment plan No. 123.

You: What residual information security risks exist after risk treatment plan No. 123 was implemented?

IT Security Manager: There is no information for the acceptance of residual information security risks as far as I know.

You prepare your audit findings. Select three options for findings that are justified in the scenario.

Options:

A.

Nonconformity (NC) - The information for the acceptance of residual information security risks should be updated after the risk treatment is implemented. Clause 6.1.3.f

B.

There is an opportunity for improvement (OI) to conduct security checks on the perimetre fence

C.

There is an opportunity for improvement (OI) once the Electronic (invisible) fence is installed. Residents' physical security is improved

D.

Nonconformity (NC) - Top management must ensure that the resources needed for the ISMS are available. Clause 5.1.c

E.

Nonconformity (NC) - The IT security manager should be aware of and understand his authority and area of responsibility. Clause 7.3

F.

Nonconformity (NC) - The organization should provide the resources needed for the continual improvement of the ISMS. Clause 7.1

G.

Nonconformity (NC) - The risk treatment plan No. 123 should be approved by the risk owner, the Facility Manager in this case. Clause 6.1.3.f

Question 67

Information Security is a matter of building and maintaining ________ .

Options:

A.

Confidentiality

B.

Trust

C.

Protection

D.

Firewalls

Page: 16 / 20
Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Last Update: Dec 22, 2024
Questions: 289
ISO-IEC-27001-Lead-Auditor pdf

ISO-IEC-27001-Lead-Auditor PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Auditor Engine

ISO-IEC-27001-Lead-Auditor Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Auditor PDF + Engine

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$40.5  $134.99