New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

ISO 27001 Changed ISO-IEC-27001-Lead-Implementer Questions

Page: 12 / 13
Question 48

Who should verily the effectiveness of the corrective actions taken by the auditee after an internal audit?

Options:

A.

An Independent auditor should be contracted to perform this evaluation

B.

The internal auditor

C.

The information security manager

Question 49

Scenario 9:

OpenTech, headquartered in San Francisco, specializes in information and communication technology (ICT) solutions. Its clientele primarily includes data communication enterprises and network operators. The company's core objective is to enable its clients to transition smoothly into multi-service providers, aligning their operations with the complex demands of the digital landscape.

Recently, Tim, the internal auditor of OpenTech, conducted an internal audit that uncovered nonconformities related to their monitoring procedures and system vulnerabilities. In response to these nonconformities, OpenTech decided to employ a comprehensive problem-solving approach to address the issues systematically. This method encompasses a team-oriented approach, aiming to identify, correct, and eliminate the root causes of the issues. The approach involves several steps: First, establish a group of experts with deep knowledge of processes and controls. Next, break down the nonconformity into measurable components and implement interim containment measures. Then, identify potential root causes and select and verify permanent corrective actions. Finally, put those actions into practice, validate them, take steps to prevent recurrence, and recognize and acknowledge the team's efforts.

Following the analysis of the root causes of the nonconformities, OpenTech's ISMS project manager, Julia, developed a list of potential actions to address the identified nonconformities. Julia carefully evaluated the list to ensure that each action would effectively eliminate the root cause of the respective nonconformity. While assessing potential corrective actions, Julia identified one issue as significant and assessed a high likelihood of its recurrence. Consequently, she chose to implement temporary corrective actions. Julia then combined all the nonconformities into a single action plan and sought approval from top management. The submitted action plan was written as follows:

"A new version of the access control policy will be established and new restrictions will be created to ensure that network access is effectively managed and monitored by the Information and Communication Technology (ICT) Department."

However, Julia's submitted action plan was not approved by top management. The reason cited was that a general action plan meant to address all nonconformities was deemed unacceptable. Consequently, Julia revised the action plan and submitted separate ones for approval. Unfortunately, Julia did not adhere to the organization's specified deadline for submission, resulting in a delay in the corrective action process. Additionally, the revised action plans lacked a defined schedule for execution.

Which method did OpenTech choose to use for addressing and preventing reoccurring problems after identifying the nonconformities?

Options:

A.

The Eight Disciplines Problem Solving (8Ds) method

B.

DMAIC (Define, Measure, Analyze, Improve, Control) method

C.

Lean Six Sigma method

Question 50

Which of the following traits is NOT associated with an external audit?

Options:

A.

It is always conducted in a planned and timely manner

B.

It assesses the effectiveness and efficiency of ISMS

C.

It has no advisory role within the organization

Question 51

What does the organization still need to manage when using Platform as a Service (PaaS)?

Options:

A.

Operating system and virtualization

B.

Servers and storage

C.

Application and data

Page: 12 / 13
Exam Name: PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam
Last Update: Dec 22, 2024
Questions: 179
ISO-IEC-27001-Lead-Implementer pdf

ISO-IEC-27001-Lead-Implementer PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Implementer Engine

ISO-IEC-27001-Lead-Implementer Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Implementer PDF + Engine

ISO-IEC-27001-Lead-Implementer PDF + Testing Engine

$40.5  $134.99