ISO-IEC-27001 Lead Auditor exam

Which three of the following options are an advantage of using a sampling plan for the audit?A . Overrules the auditor's instinctsB . Use of the plan for consecutive auditsC . Provides a suitable understanding of the ISMSD . Implements the audit plan efficientlyE . Gives confidence in the audit...

Which two of the following phrases would apply to "plan" in relation to the Plan-Do-Check-Act cycle for a business process?A . Retaining documentationB . Retaining documentationC . Organising changesD . Setting objectivesE . Training staffF . Providing ICT assetsView AnswerAnswer: DE Explanation: The Plan-Do-Check-Act (PDCA) cycle is a four-step method...

Which is the glue that ties the triad togetherA . ProcessB . PeopleC . CollaborationD . TechnologyView AnswerAnswer: D Explanation: The triad refers to the three elements of information security: confidentiality, integrity and availability3. Technology is the glue that ties the triad together, as it provides the means to implement...

In the event of an Information security incident, system users' roles and responsibilities are to be observed, except: A. Report suspected or known incidents upon discovery through the Servicedesk B. Preserve evidence if necessary C. Cooperate with investigative personnel during investigation if needed D. Make the information security incident details...

During an opening meeting of a Stage 2 audit, the Managing Director of the client organisation invites the audit team to view a new company video lasting 45 minutes. Which two of the following responses should the audit team leader make?A . Advise the Managing Director that the audit team...

You ask the IT Manager why the organisation still uses the mobile app while personal data encryption and pseudonymisation tests failed. Also, whether the Service Manager is authorised to approve the test. The IT Manager explains the test results should be approved by him according to the software security management...

You are an ISMS auditor conducting a third-party surveillance audit of a telecom's provider. You are in the equipment staging room where network switches are pre-programmed before being despatched to clients. You note that recently there has been a significant increase in the number of switches failing their initial configuration...

During a follow-up audit, you notice that a nonconformity identified for completion before the follow-up audit is still outstanding. Which four of the following actions should you take? A. Report the failure to address the corrective action for the outstanding nonconformity to the organisation's top management B. Immediately raise an...

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security of the business continuity management process. During the audit, you learned that the organisation activated one of the business continuity plans (BCPs)...

You are an experienced ISMS auditor conducting a third-party surveillance audit at an organisation which offers ICT reclamation services. ICT equipment which companies no longer require is processed by the organisation. It Is either recommissioned and reused or is securely destroyed. You notice two servers on a bench in the...