New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

PECB ISO-IEC-27001-Lead-Auditor Questions Answers

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam Questions and Answers

Question 61

You are conducting an ISMS audit in the despatch department of an international logistics organisation that provides shipping services to large organisations including local hospitals and government offices. Parcels typically contain pharmaceutical products, biological samples, and documents such as passports and driving licences. You note that the company records show a very large number of returned items with causes including mis-addressed labels and, in 15% of company cases, two or more labels for different addresses for the one package. You are interviewing the Shipping Manager (SM).

You: Are items checked before being dispatched?

SH: Any obviously damaged items are removed by the duty staff before being dispatched, but the small profit margin makes it uneconomic to implement a formal checking process.

You: What action is taken when items are returned?

SM: Most of these contracts are relatively low value, therefore it has been decided that it is easier and more convenient to simply reprint the label and re-send individual parcels than it is to implement an investigation.

You raise a nonconformity. Referencing the scenario, which six of the following Appendix A controls would you expect the auditee to have implemented when you conduct the follow-up audit?

Options:

A.

5.11 Return of assets

B.

8.12 Data leakage protection

C.

5.3 Segregation of duties

D.

6.3 Information security awareness, education, and training

E.

7.10 Storage media

F.

8.3 Information access restriction

G.

5.6 Contact with special interest groups

Question 62

You have to carry out a third-party virtual audit. Which two of the following issues would you need to inform the auditee about before you start conducting the audit ?

Options:

A.

You will ask to see the ID card of the person that is on the screen.

B.

You will take photos of every person you interview.

C.

You will ask those being interviewed to state their name and position beforehand.

D.

You will ask for a 360-degree view of the room where the audit is being carried out.

E.

You will not record any part of the audit, unless permitted.

F.

You expect the auditee to have assessed all risks associated with online activities.

Question 63

A telecommunications company uses the AES method for ensuring that confidential information is protected. This means that they use a single key to encrypt and

decrypt the information. What kind of control does the company use?

Options:

A.

Detective

B.

Corrective

C.

Preventive

Question 64

The audit lifecycle describes the ISO 19011 process for conducting an individual audit. Drag and drop the steps of the audit lifecycle into the correct sequence.

Options: