New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

ISO 27001 ISO-IEC-27001-Lead-Auditor Release Date

Page: 3 / 20
Question 12

During a third-party certification audit you are presented with a list of issues by an auditee. Which four of the following constitute 'external' issues in the context of a management system to ISO/IEC 27001:2022?

Options:

A.

A rise in interest rates in response to high inflation

B.

A reduction in grants as a result of a change in government policy

C.

Poor levels of staff competence as a result of cuts in training expenditure

D.

Increased absenteeism as a result of poor management

E.

Higher labour costs as a result of an aging population

F.

Inability to source raw materials due to government sanctions

G.

Poor morale as a result of staff holidays being reduced

Question 13

You have to carry out a third-party virtual audit. Which two of the following issues would you need to inform the auditee about before you start conducting the audit ?

Options:

A.

You will ask to see the ID card of the person that is on the screen.

B.

You will take photos of every person you interview.

C.

You will ask those being interviewed to state their name and position beforehand.

D.

You will ask for a 360-degree view of the room where the audit is being carried out.

E.

You will not record any part of the audit, unless permitted.

F.

You expect the auditee to have assessed all risks associated with online activities.

Question 14

Scenario 8: EsBank provides banking and financial solutions to the Estonian banking sector since September 2010. The company has a network of 30 branches with over 100 ATMs across the country.

Operating in a highly regulated industry, EsBank must comply with many laws and regulations regarding the security and privacy of data. They need to manage information security across their operations by implementing technical and nontechnical controls. EsBank decided to implement an ISMS based on ISO/IEC 27001 because it provided better security, more risk control, and compliance with key requirements of laws and regulations.

Nine months after the successful implementation of the ISMS, EsBank decided to pursue certification of their ISMS by an independent certification body against ISO/IEC 27001 .The certification audit included all of EsBank’s systems, processes, and technologies.

The stage 1 and stage 2 audits were conducted jointly and several nonconformities were detected. The first nonconformity was related to EsBank’s labeling of information. The company had an information classification scheme but there was no information labeling procedure. As a result, documents requiring the same level of protection would be labeled differently (sometimes as confidential, other times sensitive).

Considering that all the documents were also stored electronically, the nonconformity also impacted media handling. The audit team used sampling and concluded that 50 of 200 removable media stored sensitive information mistakenly classified as confidential. According to the information classification scheme, confidential information is allowed to be stored in removable media, whereas storing sensitive information is strictly prohibited. This marked the other nonconformity.

They drafted the nonconformity report and discussed the audit conclusions with EsBank’s representatives, who agreed to submit an action plan for the detected nonconformities within two months.

EsBank accepted the audit team leader's proposed solution. They resolved the nonconformities by drafting a procedure for information labeling based on the classification scheme for both physical and electronic formats. The removable media procedure was also updated based on this procedure.

Two weeks after the audit completion, EsBank submitted a general action plan. There, they addressed the detected nonconformities and the corrective actions taken, but did not include any details on systems, controls, or operations impacted. The audit team evaluated the action plan and concluded that it would resolve the nonconformities. Yet, EsBank received an unfavorable recommendation for certification.

Based on the scenario above, answer the following question:

Which action illustrated in scenario 8 is unacceptable in an external audit?

Options:

A.

The audit team leader suggested a specific solution on resolving the nonconformities

B.

Stage 1 audit and stage 2 audits were performed at the same time

C.

The lack of an information labeling procedure existed was marked as a minor nonconformity

Question 15

Which two of the following options do not participate in a first-party audit?

Options:

A.

A certification body auditor

B.

An audit team from an accreditation body

C.

An auditor certified by CQI and IRCA

D.

An auditor from a consultancy organisation

E.

An auditor trained in the CQI and IRCA scheme

F.

An auditor trained in the organization

Page: 3 / 20
Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Last Update: Dec 22, 2024
Questions: 289
ISO-IEC-27001-Lead-Auditor pdf

ISO-IEC-27001-Lead-Auditor PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Auditor Engine

ISO-IEC-27001-Lead-Auditor Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Auditor PDF + Engine

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$40.5  $134.99