New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Pearson ISO-IEC-27001-Lead-Auditor New Attempt

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam Questions and Answers

Question 69

You are carrying out a third-party surveillance audit of a client's ISMS. You are currently in the secure storage area of the data centre where the organisation's customers are able to temporarily locate equipment coming into or going out of the site. The equipment is contained within locked cabinets and each cabinet is allocated to a single, specific client.

Out of the corner of your eye you spot movement near the external door of the storage area. This is followed by a loud noise. You ask the guide what is going on. They tell you that recent high rainfall has raised local river levels and caused an infestation of rats. The noise was a specialist pest control stunning device being triggered. You check the device in the corner and find there is a large immobile rat contained within it.

What three actions would be appropriate to take next?

Options:

A.

Take no further action. This is an ISMS audit, not an environmental management system audit

B.

Investigate whether pest infestation is an identified risk and if so, what risk treatment is to be applied

C.

Determine whether the high levels of rainfall have had other impacts on data centre operations e.g. damage to infrastructure, access issues for clients, invocation of business continuity arrangements

D.

Raise a nonconformity against control 7.4 Physical Security monitoring

E.

Raise a nonconformity against control 7.2 Physical Entry

F.

Check with the guide that they intend to initiate the organisation's information security incident process

G.

Inspect the client cabinets for signs of rodent ingress and record your findings as audit evidence

Question 70

During a follow-up audit, you notice that a nonconformity identified for completion before the follow-up audit is still outstanding.

Which four of the following actions should you take?

Options:

A.

Report the failure to address the corrective action for the outstanding nonconformity to the organisation's top management

B.

Immediately raise an nonconformity as the date for completion has been exceeded

C.

If the delay is justified agree on a revised date for clearing the nonconformity with the auditee/audit client

D.

Contact the individuals) managing the audit programme to seek their advice as to how to proceed

E.

Decide whether the delay in addressing the nonconformity is justified

F.

Cancel the follow-up audit and return when an assurance has been received that the nonconformity has been cleared

G.

Note the nonconformity is still outstanding and follow audit trails to determine why

Question 71

Scenario 9: UpNet, a networking company, has been certified against ISO/IEC 27001. It provides network security, virtualization, cloud computing, network hardware, network management software, and networking technologies.

The company's recognition has increased drastically since gaining ISO/IEC 27001 certification. The certification confirmed the maturity of UpNefs operations and its compliance with a widely recognized and accepted standard.

But not everything ended after the certification. UpNet continually reviewed and enhanced its security controls and the overall effectiveness and efficiency of the ISMS by conducting internal audits. The top management was not willing to employ a full-time team of internal auditors, so they decided to outsource the internal audit function. This form of internal audits ensured independence, objectivity, and that they had an advisory role about the continual improvement of the ISMS.

Not long after the initial certification audit, the company created a new department specialized in data and storage products. They offered routers and switches optimized for data centers and software-based networking devices, such as network virtualization and network security appliances. This caused changes to the operations of the other departments already covered in the ISMS certification scope.

Therefore. UpNet initiated a risk assessment process and an internal audit. Following the internal audit result, the company confirmed the effectiveness and efficiency of the existing and new processes and controls.

The top management decided to include the new department in the certification scope since it complies with ISO/IEC 27001 requirements. UpNet announced that it is ISO/IEC 27001 certified and the certification scope encompasses the whole company.

One year after the initial certification audit, the certification body conducted another audit of UpNefs ISMS. This audit aimed to determine the UpNefs ISMS fulfillment of specified ISO/IEC 27001 requirements and ensure that the ISMS is being continually improved. The audit team confirmed that the certified ISMS continues to fulfill

the requirements of the standard. Nonetheless, the new department caused a significant impact on governing the management system. Moreover, the certification body was not informed about any changes. Thus, the UpNefs certification was suspended.

Based on the scenario above, answer the following question:

UpNet announced that the ISMS certification scope encompasses the whole company once ensuring that the new department also complies with the ISO/IEC 27001 requirements. How would you classify this situation illustrated in scenario 9?

Options:

A.

Unacceptable, the internal auditor should have approved the extension audit, not the top management

B.

Unacceptable, UpNet should have requested and granted an extension audit prior to making the announcement

C.

Acceptable, the internal audit confirmed the effectiveness and efficiency of the existing and new processes and controls

Question 72

You are carrying out your first third-party ISMS surveillance audit as an Audit Team Leader. You are presently in the auditee's data centre with another member of your audit team.

Your colleague seems unsure as to the difference between an information security event and an information security incident. You attempt to explain the difference by providing examples.

Which three of the following scenarios can be defined as information security incidents?

Options:

A.

The organisation's malware protection software prevents a virus

B.

A hard drive is used after its recommended replacement date

C.

The organisation receives a phishing email

D.

An employee fails to clear their desk at the end of their shift

E.

A contractor who has not been paid deletes top management ICT accounts

F.

An unhappy employee changes payroll records without permission

G.

The organisation fails a third-party penetration test