New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

ISO-IEC-27001-Lead-Auditor Leak Questions

Page: 2 / 20
Question 8

A marketing agency has developed its own risk assessment approach as part of the ISMS implementation. Is this acceptable?

Options:

A.

Yes, any risk assessment methodology that complies with the ISO/IEC 27001 requirements can be used

B.

Yes, only if the risk assessment methodology is aligned with recognized risk assessment methodologies

C.

No, when implementing an ISMS, the risk assessment methodology provided by ISO/IEC 27001 should be used

Question 9

An external auditor received an offer to conduct an ISMS audit at a research development company. Before accepting it, they discussed with the internal auditor of the auditee, who was their friend, about previous audit reports. Is this acceptable?

Options:

A.

No, the external auditor should discuss about the auditee's previous audit reports only with the certification body

B.

Yes, the auditor can review and discuss the previous audit reports before accepting an audit mandate

C.

No, the auditor should uphold objectivity even when deciding whether to accept the audit mandate or not

Question 10

You are an ISMS auditor conducting a third-party surveillance audit of a telecom's provider. You are in the equipment staging room where network switches are pre-programmed before being despatched to clients. You note that recently there has been a significant increase in the number of switches failing their initial configuration test and being returned for reprogramming.

You ask the Chief Tester why and she says, 'It's a result of the recent ISMS upgrade'. Before the upgrade each technician had their own hard copy work instructions. Now, the eight members of my team have to share two laptops to access the clients' configuration instructions online. These delays put pressure on the technicians, resulting in more mistakes being made'.

Based solely on the information above, which clause of ISO to raise a nonconformity against' Select one.

Options:

A.

Clause 7.5 - Documented information

B.

Clause 8.1 - Operational planning and control

C.

Clause 10.2 - Nonconformity and corrective action

D.

Clause 7.3 - Awareness

E.

Clause 7.2 - Competence

F.

Clause 7.4 - Communication

Question 11

Which statement below best describes the relationship between information security aspects?

Options:

A.

Threats exploit vulnerabilities to damage or destroy assets

B.

Controls protect assets by reducing threats

C.

Risk is a function of vulnerabilities that harm assets

Page: 2 / 20
Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Last Update: Dec 22, 2024
Questions: 289
ISO-IEC-27001-Lead-Auditor pdf

ISO-IEC-27001-Lead-Auditor PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Auditor Engine

ISO-IEC-27001-Lead-Auditor Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Auditor PDF + Engine

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$40.5  $134.99