New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Download Latest ISO-IEC-27001-Lead-Auditor Questions

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam Questions and Answers

Question 65

You ask the IT Manager why the organisation still uses the mobile app while personal data

encryption and pseudonymization tests failed. Also, whether the Service Manager is authorized to approve the test.

The IT Manager explains the test results should be approved by him according to the software security management procedure. The reason why the encryption and pseudonymization functions failed is that these functions heavily slowed down the system and service performance. An extra 150% of resources are needed to cover this. The Service Manager agreed that access control is good enough and acceptable. That's why the Service Manager signed the approval.

You sample one of the medical staff's mobile and found that ABC's healthcare mobile app, version 1.01 is installed. You found that version 1.01 has no test record.

The IT Manager explains that because of frequent ransomware attacks, the outsourced mobile app development company gave a free minor update on the tested software, performed an emergency release of the updated software, and gave a verbal guarantee that there will be no impact on any security functions. Based on his 20 years of information security experience, there is no need to re-test.

You are preparing the audit findings Select two options that are correct.

Options:

A.

There is NO nonconformity (NC). The IT Manager demonstrates he is fully competent. (Relevant to clause 7.2)

B.

There is a nonconformity (NC). The IT Manager does not comply with the software security management procedure. (Relevant to clause 8.1, control A.8.30)

C.

There is a nonconformity (NC). The organisation does not control planned changes and review the consequences of unintended changes. (Relevant to clause 8.1)

D.

There is an opportunity for improvement (OI). The organisation selects an external service provider based on the extent of free services it will provide. (Relevant to clause 8.1, control A.5.21)

E.

There is NO nonconformity (NC). The IT Manager demonstrates good leadership. (Relevant to clause 5.1, control 5.4)

F.

There is an opportunity for improvement (OI). The IT Manager should make the decision to continue the service based on appropriate testing. (Relevant to clause 8.1, control A.8.30)

Question 66

Audit methods can be either with or without interaction with individuals representing the auditee. Which two of the following methods are with interaction?

Options:

A.

Sampling (e.g. products)

B.

Observing work performed via live video streaming

C.

Reviewing checklists with auditee

D.

Checking legal compliance with local authorities

E.

Conducting interviews

F.

Analysing documents provided in advance of the audit

Question 67

ISMS (1)---------------helps determine (2)--------------,

Options:

A.

(1) Continual improvement, (2) the effectiveness of corrective actions

B.

Q (1) Management review, (2) opportunities for continual improvement

C.

(1) Internal audit, (2) the ISMS scope

Question 68

You are an ISMS audit team leader tasked with conducting a follow-up audit at a client's data centre. Following two days on-site you conclude that of the original 12 minor and 1 major nonconformities that prompted the follow-up audit, only 1 minor nonconformity still remains outstanding.

Select four options for the actions you could take.

Options:

A.

Book another follow-up audit on-site to review the one outstanding minor nonconformity once it has been cleared

B.

Recommend that the outstanding minor nonconformity is dealt with at the next surveillance audit

C.

Advise the auditee that you will arrange an online audit to deal with the outstanding nonconformity

D.

Note the progress made but hold the audit open until all corrective action has been cleared

E.

Agree with the auditee/audit client how the remaining nonconformity will be cleared, by when, and how its clearance will be verified

F.

Advise the individual managing the audit programme of any decision taken regarding the outstanding nonconformity

G.

Recommend suspension of the organisation's certification as they have failed to implement the agreed corrections and corrective actions within the agreed timescale