ISO-IEC-27001 Lead Auditor V2

DRAG DROP You are an experienced ISMS audit team leader providing instruction to an auditor in training. They are unclear in their understanding of risk processes and ask you to provide them with an example of each of the processes detailed below. Match each of the descriptions provided to one...

Which one of the following statements best describes the purpose of conducting a document review?A . To reveal whether the documented management system is nonconforming with audit criteria and to gather evidence to support the audit reportB . To decide about the conformity of the documented management system with audit...

In the context of a third-party certification audit, confidentiality is an issue in an audit programme. Select two options which correctly state the function of confidentiality in an auditA . Auditors are forced by regulatory requirements to maintain confidentiality in an auditB . Observers in an audit team cannot access...

Which one of the following options describes the main purpose of a Stage 1 audit?A . To determine readiness for Stage 2B . To check for legal compliance by the organisationC . To get to know the organisationD . To compile the audit planView AnswerAnswer: A Explanation: The main purpose...

Which three of the following work documents are not required for audit planning by an auditor conducting a certification audit?A . An audit planB . A sample planC . An organisation's financial statementD . A checklistE . A career history of the IT managerF . A list of external providersView...

What is the difference between a restricted and confidential document? A. Restricted - to be shared among an authorized group Confidential - to be shared among named individuals B. Restricted - to be shared among named individuals Confidential - to be shared among an authorized group C. Restricted - to...

DRAG DROP You are an experienced ISMS audit team leader, talking to an Auditor in training who has been assigned to your audit team. You want to ensure that they understand the importance of the Check stage of the Plan-Do-Check-Act cycle in respect of the operation of the information security...

CMM stands for?A . Capability Maturity MatrixB . Capacity Maturity MatrixC . Capability Maturity ModelD . Capable Mature ModelView AnswerAnswer: C Explanation: Capability Maturity Model (CMM) is a framework that describes the key elements of an effective software process. It defines five levels of maturity for software development organizations, from...

During a third-party certification audit you are presented with a list of issues by an auditee. Which four of the following constitute 'external' issues in the context of a management system to ISO/IEC 27001:2022?A . A rise in interest rates in response to high inflationB . A reduction in grants...

What is the standard definition of ISMS?A . Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing,operating and maintaining organization's reputation.B . A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improvingC . A project-based approach...