New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

ISO 27001 ISO-IEC-27001-Lead-Auditor PECB Study Notes

Page: 15 / 20
Question 60

In the context of a third-party certification audit, confidentiality is an issue in an audit programme. Select two options which correctly state the function of confidentiality in an audit

Options:

A.

Auditors are forced by regulatory requirements to maintain confidentiality in an audit

B.

Observers in an audit team cannot access any confidential information

C.

Confidentiality is one of the principles of audit conduct

D.

Auditors should obtain the auditee's permission before using a camera or recording equipment

E.

Audit information can be used for improving personal competence by the auditor

F.

As an auditor is always accompanied by a guide, there is no risk to the auditee's sensitive information

Question 61

Which two of the following are valid audit conclusions?

Options:

A.

ISMS induction training does not provide guidance on malware prevention

B.

The risk register had not been updated since June 202X

C.

Corrective action was outstanding for two internal audits

D.

The ISMS policy has been effectively communicated to the organisation

E.

The organisation's ISMS objectives meet the requirements of ISO/IEC 27001:2022

F.

The schedule of applicability was based on the 2013 edition of ISO/IEC 27001, not the 2022 edition

Question 62

You are an experienced ISMS audit team leader guiding an auditor in training. You decide to test her knowledge of follow-up audits by asking her a series of questions. Here are your questions and her answers.

Which four of your questions has she answered correctly?

Options:

A.

Q: Should a follow-up audit seek to identify new nonconformities? A:YES

B.

Q: Should follow-up audits seek to ensure nonconformities have been effectively addressed? A:YES

C.

Q: Should follow-up audits consider agreed opportunities for improvement as well as corrective action? A:No

D.

Q: Is the purpose of a follow-up audit to verify the completion of corrections, corrective actions, and opportunities for improvement? A:YES

E.

Q: Are follow-up audits required for all audits? A:No

F.

Q: Should the outcome from a follow-up audit be reported to the audit team leader who carried out the audit at which the NCs were originally identified? A:YES

G.

Q: Should the outcome from a follow-up audit be reported to the audit client? A:No

Question 63

The audit team leader decided to involve a technical expert as part of the audit team, so they could fill the potential gaps of the audit team members' knowledge. What should the audit team leader consider in this case?

Options:

A.

The technical expert is allowed to take decisions related to the audit process when it is needed

B.

The technical expert should discuss their concerns directly with the certification body, and not with the auditor

C.

The technical expert can communicate their audit findings to the auditee only through one of the audit team members

Page: 15 / 20
Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Last Update: Dec 22, 2024
Questions: 289
ISO-IEC-27001-Lead-Auditor pdf

ISO-IEC-27001-Lead-Auditor PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Auditor Engine

ISO-IEC-27001-Lead-Auditor Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Auditor PDF + Engine

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$40.5  $134.99