Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free PECB ISO-IEC-27001-Lead-Auditor Practice Exam with Questions & Answers | Set: 6

Questions 51

When an organisation needs to determine the resources required for the internal audit programme, which one of the following issues does not impact on the achievement of its intended results?

Options:
A.

Availability of competent auditors and technical experts.

B.

Access by the audit program manager to the competence records of the Information Security Management System manager.

C.

Availability of the necessary documented information.

D.

Impact of different time zones.

PECB ISO-IEC-27001-Lead-Auditor Premium Access
Questions 52

Scenario 8

Trustingo has been providing banking and financial services in Estonia since 2010. The company has a network of 30 branches with over 100 ATMs nationwide. To meet strict data security and privacy regulations, Trustingo implemented an information security management system (ISMS) based on ISO/IEC 27001, ensuring better security, improved risk management, and compliance with legal requirements.

Nine months after the successful implementation of the ISMS, Trustingo decided to pursue certification for their ISMS based on ISO/IEC 27001 by an independent certification body. The certification audit included Trustingo's systems, processes, and technologies.

The audit team conducted the Stage 1 and Stage 2 audits jointly, and several nonconformities were detected. The first nonconformity was related to Trustingo’s labeling of information. The company had an information classification scheme but no information labeling procedure. As a result, documents requiring the same level of protection would be labeled differently.

The nonconformity also impacted media handling. The audit team used sampling and concluded that 50 of 200 removable media stored sensitive information mistakenly classified as confidential. According to the classification scheme, confidential information may be stored on removable media, whereas sensitive information is strictly prohibited.

The audit team drafted the nonconformity report and discussed conclusions with Trustingo’s representatives. Trustingo accepted the audit team leader’s proposed solution and addressed the nonconformities by drafting an information labeling procedure and updating the removable media procedure.

Two weeks after audit completion, Trustingo submitted a general corrective action plan. Although it addressed the nonconformities, it lacked detailed action steps and system-specific impacts. As a result, Trustingo received an unfavorable certification recommendation.

Question

Which action in Scenario 8 is unacceptable in an external audit?

Options:
A.

The audit team leader proposed a solution for resolving the nonconformities, which is not allowed in external audits

B.

Stage 1 audit and Stage 2 audits were performed at the same time

C.

The information labeling procedure was incomplete but marked as a minor nonconformity

Questions 53

You are an experienced audit team leader guiding an auditor in training.

Your team is currently conducting a third-party surveillance audit of an organisation that stores data on behalf of external clients. The auditor in training has been tasked with reviewing the PEOPLE controls listed in the

Statement of Applicability (SoA) and implemented at the site.

Select four controls from the following that would you expect the auditor in training to review.

Options:
A.

Confidentiality and nondisclosure agreements

B.

How protection against malware is implemented

C.

Information security awareness, education and training

D.

Remote working arrangements

E.

The conducting of verification checks on personnel

F.

The operation of the site CCTV and door control systems

G.

The organisation's arrangements for information deletion

Questions 54

Question

Which statement regarding maintaining objectivity and impartiality of the internal audit is correct?

Options:
A.

An auditor may perform both operational and audit roles if the roles are unrelated, with documented job descriptions to prevent conflicts of interest

B.

An individual who has undertaken an operational role related to the ISMS must wait at least one year before assuming an internal auditor role

C.

Internal auditors must always be independent of the operational roles, regardless of the time period or job descriptions

Questions 55

You are an experienced ISMS audit team leader, assisting an auditor in training to write their first audit report.

You want to check the auditor in training's understanding of terminology relating to the contents of an audit report and chose to do this by presenting the following examples.

For each example, you ask the auditor in training what the correct term is that describes the activity

Match the activity to the description.

ISO-IEC-27001-Lead-Auditor Question 55

Options:
Questions 56

Scenario:

After an information security incident, an organization created a comprehensive backup procedure involving regular, automated backups of all critical data to offsite storage locations. By doing so, which principle of information security is the organization applying in this case?

Options:
A.

Integrity

B.

Confidentiality

C.

Availability

Questions 57

Which one of the following statements best describes the purpose of conducting a document review?

    To reveal whether the documented management system is nonconforming with audit criteria and to gather evidence to support the audit report

Options:
A.

To decide about the conformity of the documented management system with audit standards and to gather findings to support the audit process

B.

To determine the conformity of the management system, as far as documented, with audit criteria and to gather information to support the on-site audit activities

C.

To detect any nonconformity of the management system, if documented, with audit criteria and to identify information to support the audit plan

Questions 58

How does the use of new technologies such as big data impact auditing?

Options:
A.

It presents new challenges, for example, combining structured and unstructured data

B.

It enhances the audit quality by enabling auditors to collect higher quality audit evidence

C.

It causes significant disruptions, for example, introducing data that is too large or complex for processing by traditional database management tools

Questions 59

You are an experienced ISMS audit team leader, talking to an Auditor in training who has been assigned to your audit team. You want to ensure that they understand the importance of the Check stage of the Plan-Do-Check-Act cycle in respect of the operation of the information security management system.

You do this by asking him to select the words that best complete the sentence:

To complete the sentence with the best word(s), click on the blank section you want to complete so that it is highlighted in red, and then click on the applicable text from the options below. Alternatively, you may drag and drop the option to the appropriate blank section.

ISO-IEC-27001-Lead-Auditor Question 59

Options:
Questions 60

ISO-IEC-27001-Lead-Auditor Question 60

Options: