Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Legit ISO-IEC-27001-Lead-Auditor Exam Download

Page: 12 / 20
Question 48

AppFolk, a software development company, is seeking certification against ISO/IEC 27001. In the initial phases of the external audit, the certification body in discussion with the company excluded the marketing division from the audit scope, although they stated in their ISMS scope that the whole company is included. Is this acceptable?

Options:

A.

Yes, audit and ISMS scope do not necessarily need to be the same

B.

No, divisions that are not critical for the industrial sector in which the auditee operates can be excluded from the audit scope

C.

No, audit scope should reflect all of the organization’s divisions covered by the ISMS

Question 49

An auditor of organisation A performs an audit of supplier B. Which two of the following actions is likely to represent a breach of confidentiality by the auditor after having identified findings in B's information security management system?

Options:

A.

Shares the findings with other relevant managers in A

B.

Shares the findings with B's Information Security Manager

C.

Shares the findings with A's supplier evaluation team

D.

Shares the findings with B's other customers

E.

Shares the findings with B's certification body

F.

Shares the findings with other relevant managers in B

Question 50

You are conducting an ISMS audit in the despatch department of an international logistics organisation that provides shipping services to large organisations including local hospitals and government offices. Parcels typically contain pharmaceutical products, biological samples, and documents such as passports and driving licences. You note that the company records show a very large number of returned items with causes including mis-addressed labels and, in 15% of company cases, two or more labels for different addresses for the one package. You are interviewing the Shipping Manager (SM).

You: Are items checked before being dispatched?

SH: Any obviously damaged items are removed by the duty staff before being dispatched, but the small profit margin makes it uneconomic to implement a formal checking process.

You: What action is taken when items are returned?

SM: Most of these contracts are relatively low value, therefore it has been decided that it is easier and more convenient to simply reprint the label and re-send individual parcels than it is to implement an investigation.

You raise a nonconformity. Referencing the scenario, which six of the following Appendix A controls would you expect the auditee to have implemented when you conduct the follow-up audit?

Options:

A.

5.11 Return of assets

B.

8.12 Data leakage protection

C.

5.3 Segregation of duties

D.

6.3 Information security awareness, education, and training

E.

7.10 Storage media

F.

8.3 Information access restriction

G.

5.6 Contact with special interest groups

Question 51

Below is Purpose of "Integrity", which is one of the Basic Components of Information Security

Options:

A.

the property that information is not made available or disclosed to unauthorized individuals

B.

the property of safeguarding the accuracy and completeness of assets.

C.

the property that information is not made available or disclosed to unauthorized individuals

D.

the property of being accessible and usable upon demand by an authorized entity.

Page: 12 / 20
Exam Name: PECB Certified ISO/IEC 27001 2022 Lead Auditor exam
Last Update: Nov 24, 2024
Questions: 289
ISO-IEC-27001-Lead-Auditor pdf

ISO-IEC-27001-Lead-Auditor PDF

$25.5  $84.99
ISO-IEC-27001-Lead-Auditor Engine

ISO-IEC-27001-Lead-Auditor Testing Engine

$28.5  $94.99
ISO-IEC-27001-Lead-Auditor PDF + Engine

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$40.5  $134.99