New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

All ISO-IEC-27001-Lead-Auditor Test Inside PECB Questions

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam Questions and Answers

Question 25

Which four of the following statements about audit reports are true?

Options:

A.

Audit reports should be produced by the audit team leader with input from the audit team

B.

Audit reports should include or refer to the audit plan

C.

Audit reports should be sent to the organisation's top management first because their contents could be embarrassing

D.

Audit reports should be assumed suitable for general circulation unless they are specifically marked confidential

E.

Audit reports should only evidence nonconformity

F.

Audit reports should be produced within an agreed timescale

G.

Audit reports that are no longer required can be destroyed as part of the organisation's general waste

Question 26

Which situation presented below represents a threat?

Options:

A.

HackX uses and distributes pirated software

B.

The information security training was provided to only the IT team members of the organization

C.

Hackers compromised the administrator's account by cracking the password

Question 27

Which two activities align with the “Check’’ stage of the Plan-Do-Check-Act cycle when applied to the process of managing an internal audit program as described in ISO 19011?

Options:

A.

Retains records of internal audits

B.

Define audit criteria and scope for each internal audit

C.

Update the internal audit programme

D.

Establish a risk-based internal audit programme

E.

Conduct internal audits

F.

Verify effectiveness of the internal audit programme

G.

Review trends in internal audit result

Question 28

You ask the IT Manager why the organisation still uses the mobile app while personal data

encryption and pseudonymisation tests failed. Also, whether the Service Manager is authorised to approve the test.

The IT Manager explains the test results should be approved by him according to the software security management procedure. The reason why the encryption and pseudonymisation functions failed is that these functions heavily slowed down the system and service performance. An extra 150% of resources are needed to cover this. The Service Manager agreed that access control is good enough and acceptable. That's why the Service Manager signed the approval.

You are preparing the audit findings. Select the correct option.

Options:

A.

There is a nonconformity (NC). The organisation and developer do not perform acceptance tests. (Relevant to clause 8.1, control A.8.29)

B.

There is a nonconformity (NC). The Service Manager does not comply with the software security management procedure. (Relevant to clause 8.1, control A.8.30)

C.

There is a nonconformity (NC). The organisation and developer perform security tests that fail. (Relevant to clause 8.1, control A.8.29)

D.

There is NO nonconformity (NC). The Service Manager makes a good decision to continue the service. (Relevant to clause 8.1, control A.8.30)