New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

ISO-IEC-27001-Lead-Auditor Exam Results

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam Questions and Answers

Question 41

You are the audit team leader conducting a third-party audit of an online insurance organisation. During Stage 1, you found that the organisation took a very cautious risk approach and included all the information security controls in ISO/IEC 27001:2022 Appendix A in their Statement of Applicability.

During the Stage 2 audit, your audit team found that there was no evidence of the implementation of the three controls (5.3 Segregation of duties, 6.1 Screening, 7.12 Cabling security) shown in the extract from the Statement of Applicability. No risk treatment plan was found.

Select three options for the actions you would expect the auditee to take in response to a

nonconformity against clause 6.1.3.e of ISO/IEC 27001:2022.

Options:

A.

Allocate responsibility for producing evidence to prove to auditors that the controls are implemented.

B.

Compile plans for the periodic assessment of the risks associated with the controls.

C.

Implement the appropriate risk treatment for each of the applicable controls.

D.

Incorporate written procedures for the controls into the organisation's Security Manual.

E.

Remove the three controls from the Statement of Applicability.

F.

Revise the relevant content in the Statement of Applicability to justify their exclusion.

G.

Revisit the risk assessment process relating to the three controls.

Question 42

Which two of the following statements are true?

Options:

A.

Responsibility for managing the audit programme rests with the audit team leader.

B.

The audit plan describes the arrangements for a set of one or more audits planned for a specific time frame and directed towards a specific purpose.

C.

Once agreed, the audit plan is fixed and cannot be changed during the conducting of the audi.

D.

The audit programme describes the arrangements for a set of one or more audits planned for a specific time frame and directed towards a specific purpose.

E.

The audit plan describes the activities and arrangements for an audit.

F.

The audit programme describes the activities and arrangements for an audit.

Question 43

Select the words that best complete the sentence below to describe audit resources:

Options:

Question 44

You are an experienced ISMS audit team leader, assisting an auditor in training to write their first audit report.

You want to check the auditor in training's understanding of terminology relating to the contents of an audit report and chose to do this by presenting the following examples.

For each example, you ask the auditor in training what the correct term is that describes the activity

Match the activity to the description.

Options: