Independence Day Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

PECB ISO-IEC-27001-Lead-Auditor Exam Made Easy: Step-by-Step Preparation Guide

Questions 41

A data processing tool crashed when a user added more data in the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?

Options:

A.

Intrinsic vulnerability, because inability to bound check arrays is a characteristic of the data processing tool

B.

Extrinsic vulnerability, because inability to bound check arrays is related to external factors

C.

None, the tool's inability to bound check arrays is not a vulnerability, but a threat

Buy Now
Questions 42

Which three of the following options are an advantage of using a sampling plan for the audit?

Options:

A.

Overrules the auditor's instincts

B.

Use of the plan for consecutive audits

C.

Provides a suitable understanding of the ISMS

D.

Implements the audit plan efficiently

E.

Gives confidence in the audit results

F.

Misses key issues

Buy Now
Questions 43

Which two of the following statements are true?

Options:

A.

The benefit of certifying an ISMS is to show the accreditation certificate on the website.

B.

The purpose of an ISMS is to demonstrate awareness of information security issues by management.

C.

The benefit of certifying an ISMS is to increase the number of customers.

D.

The benefits of implementing an ISMS primarily result from a reduction in information security risks.

E.

The purpose of an ISMS is to apply a risk management process for preserving information security.

F.

The purpose of an ISMS is to demonstrate compliance with regulatory requirements.

Buy Now
Questions 44

Which two of the following statements are true?

Options:

A.

The benefits of implementing an ISMS primarily result from a reduction in information security risks

B.

The benefit of certifying an ISMS is to obtain contracts from governmental institutions

C.

The purpose of an ISMS is to apply a risk management process for preserving information security

D.

The purpose of an ISMS is to demonstrate compliance with regulatory requirements

Buy Now
Questions 45

You have a hard copy of a customer design document that you want to dispose off. What would you do

Options:

A.

Throw it in any dustbin

B.

Shred it using a shredder

C.

Give it to the office boy to reuse it for other purposes

D.

Be environment friendly and reuse it for writing

Buy Now
Questions 46

Which four of the following statements about audit reports are true?

Options:

A.

Audit reports should be produced by the audit team leader with input from the audit team

B.

Audit reports should include or refer to the audit plan

C.

Audit reports should be sent to the organisation's top management first because their contents could be embarrassing

D.

Audit reports should be assumed suitable for general circulation unless they are specifically marked confidential

E.

Audit reports should only evidence nonconformity

F.

Audit reports should be produced within an agreed timescale

G.

Audit reports that are no longer required can be destroyed as part of the organisation's general waste

Buy Now
Questions 47

An auditor of organisation A performs an audit of supplier B. Which two of the following actions is likely to represent a breach of confidentiality by the auditor after having identified findings in B's information security management system?

Options:

A.

Shares the findings with other relevant managers in A

B.

Shares the findings with B's Information Security Manager

C.

Shares the findings with A's supplier evaluation team

D.

Shares the findings with B's other customers

E.

Shares the findings with B's certification body

F.

Shares the findings with other relevant managers in B

Buy Now
Questions 48

Based on the identified nonconformities. Company A established action plans that included the detected nonconformities, the root causes, and a general statement regarding each action that would be taken. Is this acceptable?

Options:

A.

No, the action plans should include information on the systems that will be installed and how these systems will eliminate the root causes

B.

No, the auditee is required to submit action plans that include detailed information on how every corrective action will be implemented

C.

Yes, the auditee is required to submit action plans that include a general statement regarding the actions that will be taken

Buy Now
Questions 49

Which option below about the ISMS scope is correct?

Options:

A.

ISMS scope should be available as documented information

B.

ISMS scope should ensure continual improvement

C.

ISMS scope should be compatible with the strategic orientation of the organization

Buy Now
Questions 50

A property of Information that has the ability to prove occurrence of a claimed event.

Options:

A.

Electronic chain letters 

B.

Integrity

C.

Availability

D.

Accessibility

Buy Now