Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free PECB ISO-IEC-27001-Lead-Auditor Practice Exam with Questions & Answers | Set: 7

Questions 61

Scenario 9: Techmanic is a Belgian company founded in 1995 and currently operating in Brussels. It provides IT consultancy, software design, and hardware/software services, including deployment and maintenance. The company serves sectors like public services, finance, telecom, energy, healthcare, and education. As a customer-centered company, it prioritizes strong client relationships and leading security practices.

Techmanic has been ISO/IEC 27001 certified for a year and regards this certification with pride. During the certification audit, the auditor found some inconsistencies in its ISMS implementation. Since the observed situations did not affect the capability of its ISMS to achieve the intended results, Techmanic was certified after auditors followed up on the root cause analysis and corrective actions remotely During that year, the company added hosting to its list of services and requested to expand its certification scope to include that area The auditor in charge approved the request and notified Techmanic that the extension audit would be conducted during the surveillance audit

Techmanic underwent a surveillance audit to verify its iSMS's continued effectiveness and compliance with ISO/IEC 27001. The surveillance audit aimed to ensure that Techmanic’s security practices, including the recent addition of hosting services, aligned seamlessly with the rigorous requirements of the certification

The auditor strategically utilized the findings from previous surveillance audit reports in the recertification activity with the purpose of replacing the need for additional recertification audits, specifically in the IT consultancy sector. Recognizing the value of continual improvement and learning from past assessments. Techmanic implemented a practice of reviewing previous surveillance audit reports. This proactive approach not only facilitated identifying and resolving potential nonconformities but also aimed to streamline the recertification process in the IT consultancy sector.

During the surveillance audit, several nonconformities were found. The ISMS continued to fulfill the ISO/IEC 27001*s requirements, but Techmanic failed to resolve the nonconformities related to the hosting services, as reported by its internal auditor. In addition, the internal audit report had several inconsistencies, which questioned the independence of the internal auditor during the audit of hosting services. Based on this, the extension certification was not granted. As a result. Techmanic requested a transfer to another certification body. In the meantime, the company released a statement to its clients stating that the ISO/IEC 27001 certification covers the IT services, as well as the hosting services.

Based on the scenario above, answer the following question:

Question:

According to Scenario 9, the auditor decided to conduct the extension audit during the surveillance audit. How do you define this situation?

Options:
A.

Acceptable, as extension audits are conducted during the surveillance audit

B.

Unacceptable, as the auditor cannot approve the extension audit

C.

Unacceptable, as extension audits are only conducted after the second year of the initial certification audit

PECB ISO-IEC-27001-Lead-Auditor Premium Access
Questions 62

During discussions with the individual(s) managing the audit programme of a certification body, the Management System Representative of the client organisation asks for a specific auditor for the certification audit. Select two of the following options for how the individual(s) managing the audit programme should respond.

Options:
A.

Advise the Management System Representative that his request can be accepted

B.

Suggest that the Management System Representative chooses another certification body

C.

State that his request will be considered but may not be taken up

D.

Suggest asking the certification body management to permit the request

E.

Advise the Management System Representative that the audit team selection is a decision that the audit programme manager needs to make based on the resources available

Questions 63

Question:

What is the main reason for sending an engagement letter before the initial contact with the auditee?

Options:
A.

To confirm the authority to conduct the audit

B.

To provide initial audit details and schedule the initial contact

C.

To establish the audit objectives

Questions 64

An auditor of organisation A performs an audit of supplier B. Which two of the following actions is likely to represent a breach of confidentiality by the auditor after having identified findings in B's information security management system?

Options:
A.

Shares the findings with other relevant managers in A

B.

Shares the findings with B's Information Security Manager

C.

Shares the findings with A's supplier evaluation team

D.

Shares the findings with B's other customers

E.

Shares the findings with B's certification body

F.

Shares the findings with other relevant managers in B

Questions 65

Which two of the following phrases would apply to "audit objectives"?

Options:
A.

Audit duration

B.

Determining conformity

C.

Checking legal compliance

D.

Auditor competence

E.

Revising management policy

F.

Identifying opportunities for improvement, if required

Questions 66

Question:

Which controls are related to the Annex A controls of ISO/IEC 27001 and are often selected from other guides and standards or defined by the organization to meet its specific needs?

Options:
A.

General controls

B.

Strategic controls

C.

Specific controls

Questions 67

Which one of the following options describes the main purpose of a Stage 1 audit?

    To determine readiness for Stage 2

Options:
A.

To check for legal compliance by the organisation

B.

To get to know the organisation

C.

To compile the audit plan

Questions 68

Which one of the following options best describes the purpose of a Stage 2 audit?

Options:
A.

To check for legal compliance by the organisation

B.

To ensure that the audit plan is carried out

C.

To evaluate the implementation of the management system

D.

To get to know the organisation's processes

Questions 69

Select two options that describe an advantage of using a checklist.

    Using the same checklist for every audit without review

Options:
A.

Restricting interviews to nominated parties

B.

Ensuring relevant audit trails are followed

C.

Ensuring the audit plan is implemented

D.

Reducing audit duration

E.

Not varying from the checklist when necessary

Questions 70

During a follow-up audit, you notice that a nonconformity identified for completion before the follow-up audit is still outstanding.

Which four of the following actions should you take?

Options:
A.

Report the failure to address the corrective action for the outstanding nonconformity to the organisation's top management

B.

Immediately raise an nonconformity as the date for completion has been exceeded

C.

If the delay is justified agree on a revised date for clearing the nonconformity with the auditee/audit client

D.

Contact the individuals) managing the audit programme to seek their advice as to how to proceed

E.

Decide whether the delay in addressing the nonconformity is justified

F.

Cancel the follow-up audit and return when an assurance has been received that the nonconformity has been cleared

G.

Note the nonconformity is still outstanding and follow audit trails to determine why