New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Download Full Version ISO-IEC-27001-Lead-Auditor PECB Exam

Page: 4 / 20
Question 16

You are performing an ISMS audit at a nursing home where residents always wear an electronic wristband for monitoring their location, heartbeat, and blood pressure. The wristband automatically uploads this data to a cloud server for healthcare monitoring and analysis by staff.

You now wish to verify that the information security policy and objectives have been established by top management. You are sampling the mobile device policy and identify a security objective of this policy is "to ensure the security of teleworking and use of mobile devices" The policy states the following controls will be applied in order to achieve this.

Personal mobile devices are prohibited from connecting to the nursing home network, processing, and storing residents'

data.

The company's mobile devices within the ISMS scope shall be registered in the asset register.

The company's mobile devices shall implement or enable physical protection, i.e., pin-code protected screen lock/unlock,

facial or fingerprint to unlock the device.

The company's mobile devices shall have a regular backup.

To verify that the mobile device policy and objectives are implemented and effective, select three options for your audit trail.

Options:

A.

Interview the reception personnel to make sure all visitor and employee bags are checked before entering the nursing home

B.

Review visitors' register book to make sure no visitor can have their personal mobile phone in the nursing home

C.

Review the internal audit report to make sure the IT department has been audited

D.

Review the asset register to make sure all personal mobile devices are registered

E.

Sampling some mobile devices from on-duty medical staff and validate the mobile device information with the asset register

F.

Review the asset register to make sure all company's mobile devices are registered

G.

Interview the supplier of the devices to make sure they are aware of the ISMS policy

Question 17

The auditor was unable to identify that Company A hid their insecure network architecture. What type of audit risk is this?

Options:

A.

Inherent

B.

Control

C.

Detection

Question 18

In the event of an Information security incident, system users' roles and responsibilities are to be observed, except:

Options:

A.

Report suspected or known incidents upon discovery through the Servicedesk

B.

Preserve evidence if necessary

C.

Cooperate with investigative personnel during investigation if needed

D.

Make the information security incident details known to all employees

Question 19

The auditor should consider (1)-------when determining the (2)--------

Options:

A.

(1) Standard requirements. (2) audit criteria

B.

(1) Audit risks, (2) audit objectives

C.

(1) Penalties related to legal noncompliance, (2) materiality

Page: 4 / 20
Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Last Update: Dec 22, 2024
Questions: 289
ISO-IEC-27001-Lead-Auditor pdf

ISO-IEC-27001-Lead-Auditor PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Auditor Engine

ISO-IEC-27001-Lead-Auditor Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Auditor PDF + Engine

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$40.5  $134.99