Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free PECB ISO-IEC-27001-Lead-Auditor Practice Exam with Questions & Answers | Set: 8

Questions 71

You are an experienced ISMS audit team leader providing instruction to a class of auditors in training. The subject of today's lesson is the management of information security risk in accordance with the requirements of ISO/IEC 27001:2022.

You provide the class with a series of activities. You then ask the class to sort these activities into the order in which they appear in the standard.

What is the correct sequence they should report back to you?

ISO-IEC-27001-Lead-Auditor Question 71

Options:
PECB ISO-IEC-27001-Lead-Auditor Premium Access
Questions 72

Question

Another auditor appointed by the certification body reviews the audit team leader’s working documents before the audit conclusions are finalized. According to good auditing practice, which statement is correct?

Options:
A.

Such a review is acceptable if the reviewing auditor is appointed by the certification body and qualified to perform it

B.

The audit team leader's work may only be reviewed after the audit conclusions have been finalized

C.

The audit team leader alone is responsible for reviewing their own working documents without any external review

Questions 73

Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in 1999 by Thomas Fin in San Jose, California, Fintive

offers services to companies that operate online and want to improve their information security, prevent fraud, and protect user information such as PII. Fintive centers

its decision-making and operating process based on previous cases. They gather customer data, classify them depending on the case, and analyze them. The company

needed a large number of employees to be able to conduct such complex analyses. After some years, however, the technology that assists in conducting such analyses

advanced as well. Now, Fintive is planning on using a modern tool, a chatbot, to achieve pattern analyses toward preventing fraud in real-time. This tool would also be

used to assist in improving customer service.

This initial idea was communicated to the software development team, who supported it and were assigned to work on this project. They began integrating the chatbot

on their existing system. In addition, the team set an objective regarding the chatbot which was to answer 85% of all chat queries.

After the successful integration of the chatbot, the company immediately released it to their customers for use. The chatbot, however, appeared to have some issues.

Due to insufficient testing and lack of samples provided to the chatbot during the training phase, in which it was supposed "to learn" the queries pattern, the chatbot

failed to address user queries and provide the right answers. Furthermore, the chatbot sent random files to users when it received invalid inputs such as odd patterns

of dots and special characters. Therefore, the chatbot was unable to properly answer customer queries and the traditional customer support was overwhelmed with

chat queries and thus was unable to help customers with their requests.

Consequently, Fintive established a software development policy. This policy specified that whether the software is developed in-house or outsourced, it will undergo a

black box testing prior to its implementation on operational systems.

What type of security control does the use of black box testing represent? Refer to scenario 1.

Options:
A.

Corrective and technical

B.

Detective and managerial

C.

Preventive and technical

Questions 74

Question:

What is the purpose of using a combination of audit test plans?

Options:
A.

To verify compliance with standards and criteria through multiple methods

B.

To ensure that all areas of the organization are audited equally

C.

To reduce the need for frequent audits

Questions 75

Which two of the following statements are true?

Options:
A.

The organisation is only required to comply with legislation that directly relates to its information security management system.

B.

During a third-party audit, the auditor evaluates how the organisation ensures that it is made aware of changes to the legal requirements.

C.

The organisation is not allowed to outsource the task of reviewing the legislative environment to ensure legal compliance is maintained.

D.

As part of a certification body audit, the auditor is responsible for verifying the organisation's legal compliance status.

E.

During a certification body audit, the auditor should ensure documented information is retained which identifies the legislation the organisation is required to comply with.

F.

The role of a certification body auditor involves evaluating the organisation's processes to ensure compliance with their legal requirements.

Questions 76

A decent visitor is roaming around without visitor's ID. As an employee you should do the following, except:

Options:
A.

Say "hi" and offer coffee

B.

Call the receptionist and inform about the visitor

C.

Greet and ask him what is his business

D.

Escort him to his destination

Questions 77

You are an ISMS auditor conducting a third-party surveillance audit of a telecom's provider. You are in the equipment staging room where network switches are pre-programmed before being despatched to clients. You note that recently there has been a significant increase in the number of switches failing their initial configuration test and being returned for reprogramming.

You ask the Chief Tester why and she says, 'It's a result of the recent ISMS upgrade'. Before the upgrade each technician had their own hard copy work instructions. Now, the eight members of my team have to share two laptops to access the clients' configuration instructions online. These delays put pressure on the technicians, resulting in more mistakes being made'.

Based solely on the information above, which clause of ISO to raise a nonconformity against' Select one.

Options:
A.

Clause 7.5 - Documented information

B.

Clause 8.1 - Operational planning and control

C.

Clause 10.2 - Nonconformity and corrective action

D.

Clause 7.3 - Awareness

E.

Clause 7.2 - Competence

F.

Clause 7.4 - Communication

Questions 78

You are an ISMS audit team leader who has been assigned by your certification body to carry out a follow-up audit of a client. You are preparing your audit plan for this audit.

Which two of the following statements are true?

Options:
A.

Verification should focus on whether any action undertaken taken has been undertaken efficiently

B.

Corrections should be verified first, followed by corrective actions and finally opportunities for improvement

C.

Verification should focus on whether any action undertaken is complete

D.

Opportunities for improvement should be verified first, followed by corrections and finally corrective actions

E.

Corrective actions should be reviewed first, followed by corrections and finally opportunities for improvement

F.

Verification should focus on whether any action undertaken has been undertaken effectively

Questions 79

Which three of the following work documents are not required for audit planning by an auditor conducting a certification audit?

Options:
A.

An audit plan

B.

A sample plan

C.

An organisation's financial statement

D.

A checklist

E.

A career history of the IT manager

F.

A list of external providers

Questions 80

Which of the options below is a control related to the management of personnel that aims to avoid the occurrence of incidents?

Options:
A.

The organization regularly provides security awareness and training sessions for its employees

B.

The organization always reviews the security policy after the integration of a new division to the organization

C.

The organization conducts regular user access reviews to verify that only authorized employees have access to confidential information