• Home
  • Articles
  • [Nov-2023] Check your preparation for PECB ISO-IEC-27001-Lead-Auditor On-Demand Exam [Q47-Q68]

[Nov-2023] Check your preparation for PECB ISO-IEC-27001-Lead-Auditor On-Demand Exam [Q47-Q68]

Share

[Nov-2023] Check your preparation for PECB ISO-IEC-27001-Lead-Auditor On-Demand Exam

Practice Exam ISO-IEC-27001-Lead-Auditor Realistic Dumps Verified Questions


To achieve the PECB ISO-IEC-27001-Lead-Auditor certification, candidates need to pass an exam that covers various aspects of information security management and auditing. ISO-IEC-27001-Lead-Auditor exam is designed to test the candidate's knowledge and skills in areas such as information security management principles, risk management, audit planning and preparation, audit techniques, and reporting and follow-up. ISO-IEC-27001-Lead-Auditor exam is conducted by PECB and is available in multiple languages.

 

NEW QUESTION # 47
You have a hard copy of a customer design document that you want to dispose off. What would you do

  • A. Be environment friendly and reuse it for writing
  • B. Throw it in any dustbin
  • C. Give it to the office boy to reuse it for other purposes
  • D. Shred it using a shredder

Answer: D


NEW QUESTION # 48
Four types of Data Classification (Choose two)

  • A. Project Data, Highly Confidential Data
  • B. Financial Data, Highly Confidential Data
  • C. Restricted Data, Confidential Data
  • D. Unrestricted Data, Highly Confidential Data

Answer: C,D

Explanation:
Two types of data classification are restricted data and unrestricted data. Restricted data is data that has a high level of sensitivity or confidentiality, and requires strict protection from unauthorized access, disclosure, modification or destruction. Examples of restricted data include personal data, financial data, trade secrets, intellectual property, etc. Unrestricted data is data that has a low level of sensitivity or confidentiality, and can be freely accessed, disclosed, modified or destroyed without significant consequences. Examples of unrestricted data include public information, marketing materials, general news, etc. Data classification is a process of assigning categories or labels to data based on its value, sensitivity, criticality and legal requirements. Data classification helps to determine the appropriate level of security controls and handling procedures for different types of data. ISO/IEC 27001:2022 requires the organization to classify information in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification (see clause A.8.2.1). Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is Data Classification?


NEW QUESTION # 49
Information Security is a matter of building and maintaining ________ .

  • A. Protection
  • B. Trust
  • C. Confidentiality
  • D. Firewalls

Answer: B


NEW QUESTION # 50
You are performing an ISMS audit at a nursing home where residents always wear an electronic wristband for monitoring their location, heartbeat, and blood pressure. The wristband automatically uploads this data to a cloud server for healthcare monitoring and analysis by staff.
You now wish to verify that the information security policy and objectives have been established by top management. You are sampling the mobile device policy and identify a security objective of this policy is "to ensure the security of teleworking and use of mobile devices" The policy states the following controls will be applied in order to achieve this.
Personal mobile devices are prohibited from connecting to the nursing home network, processing, and storing residents' data.
The company's mobile devices within the ISMS scope shall be registered in the asset register.
The company's mobile devices shall implement or enable physical protection, i.e., pin-code protected screen lock/unlock, facial or fingerprint to unlock the device.
The company's mobile devices shall have a regular backup.
To verify that the mobile device policy and objectives are implemented and effective, select three options for your audit trail.

  • A. Review the internal audit report to make sure the IT department has been audited
  • B. Review visitors' register book to make sure no visitor can have their personal mobile phone in the nursing home
  • C. Interview the supplier of the devices to make sure they are aware of the ISMS policy
  • D. Review the asset register to make sure all personal mobile devices are registered
  • E. Sampling some mobile devices from on-duty medical staff and validate the mobile device information with the asset register
  • F. Interview top management to verify their involvement in establishing the information security policy and the information security objectives
  • G. Review the asset register to make sure all company's mobile devices are registered
  • H. Interview the reception personnel to make sure all visitor and employee bags are checked before entering the nursing home

Answer: A,E,G

Explanation:
According to ISO/IEC 27001:2022, which specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS), clause 5.2 requires top management to establish an information security policy that provides the framework for setting information security objectives1. Clause 6.2 requires top management to ensure that the information security objectives are established at relevant functions and levels1. Therefore, when verifying that the information security policy and objectives have been established by top management, an ISMS auditor should review relevant documents and records that demonstrate top management's involvement and commitment.
To verify that the mobile device policy and objectives are implemented and effective, an ISMS auditor should review relevant documents and records that demonstrate how the policy and objectives are communicated, monitored, measured, analyzed, and evaluated. The auditor should also sample and verify the implementation of the controls that are stated in the policy.
Three options for the audit trail that are relevant to verifying the mobile device policy and objectives are:
Review the internal audit report to make sure the IT department has been audited: This option is relevant because it can provide evidence of how the IT department, which is responsible for managing the mobile devices and their security, has been evaluated for its conformity and effectiveness in implementing the mobile device policy and objectives. The internal audit report can also reveal any nonconformities, corrective actions, or opportunities for improvement related to the mobile device policy and objectives.
Sampling some mobile devices from on-duty medical staff and validate the mobile device information with the asset register: This option is relevant because it can provide evidence of how the mobile devices that are used by the medical staff, who are involved in processing and storing residents' data, are registered in the asset register and have physical protection enabled. This can verify the implementation and effectiveness of two of the controls that are stated in the mobile device policy.
Review the asset register to make sure all company's mobile devices are registered: This option is relevant because it can provide evidence of how the company's mobile devices that are within the ISMS scope are identified and accounted for. This can verify the implementation and effectiveness of one of the controls that are stated in the mobile device policy.
The other options for the audit trail are not relevant to verifying the mobile device policy and objectives, as they are not related to the policy or objectives or their implementation or effectiveness. For example:
Interview the reception personnel to make sure all visitor and employee bags are checked before entering the nursing home: This option is not relevant because it does not provide evidence of how the mobile device policy and objectives are implemented or effective. It may be related to another policy or objective regarding physical security or access control, but not specifically to mobile devices.
Review visitors' register book to make sure no visitor can have their personal mobile phone in the nursing home: This option is not relevant because it does not provide evidence of how the mobile device policy and objectives are implemented or effective. It may be related to another policy or objective regarding information security awareness or compliance, but not specifically to mobile devices.
Interview the supplier of the devices to make sure they are aware of the ISMS policy: This option is not relevant because it does not provide evidence of how the mobile device policy and objectives are implemented or effective. It may be related to another policy or objective regarding information security within supplier relationships, but not specifically to mobile devices.
Interview top management to verify their involvement in establishing the information security policy and the information security objectives: This option is not relevant because it does not provide evidence of how the mobile device policy and objectives are implemented or effective. It may be related to verifying that the information security policy and objectives have been established by top management, but not specifically to mobile devices.


NEW QUESTION # 51
What is the worst possible action that an employee may receive for sharing his or her password or access with others?

  • A. Forced roll off from the project
  • B. Termination
  • C. The lowest rating on his or her performance assessment
  • D. Three days suspension from work

Answer: B

Explanation:
The worst possible action that an employee may receive for sharing his or her password or access with others is termination, because this is a serious breach of the organization's information security policy and access control policy. Sharing password or access with others may allow unauthorized users to access sensitive or confidential information, or to perform malicious or fraudulent activities on behalf of the employee. The employee should keep his or her password or access confidential and secure, and should not disclose it to anyone under any circumstances. Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], [ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements], Example of an information security policy, Example of an access control policy


NEW QUESTION # 52
Which of the following does an Asset Register contain? (Choose two)

  • A. Asset Type
  • B. Asset Owner
  • C. Process ID
  • D. Asset Modifier

Answer: A,B

Explanation:
An asset register is a document that contains information about the assets associated with information and information processing facilities within the scope of the information security management system. An asset register should include, among other things, the asset type and the asset owner. The asset type is a category or classification of the asset, such as hardware, software, data, document, service, etc. The asset owner is a person or entity that has been assigned the responsibility for managing and protecting the asset throughout its lifecycle. The asset type and the asset owner are important information for identifying and controlling the assets, as well as for performing risk assessments and applying security controls. ISO/IEC 27001:2022 requires the organization to maintain an inventory of assets within the scope of the information security management system (see clause A.8.1.1). Reference: CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course, ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is an Asset Register?


NEW QUESTION # 53
What is the difference between a restricted and confidential document?

  • A. Restricted - to be shared among an authorized group
    Confidential - to be shared among named individuals
  • B. Restricted - to be shared among named individuals
    Confidential - to be shared with friends and family
  • C. Restricted - to be shared among named individuals
    Confidential - to be shared among an authorized group
  • D. Restricted - to be shared among named individuals
    Confidential - to be shared across the organization only

Answer: C

Explanation:
The difference between a restricted and confidential document is that a restricted document is to be shared among named individuals, while a confidential document is to be shared among an authorized group. Restricted and confidential are examples of information classification levels that indicate the sensitivity and value of information and the degree of protection required for it. Restricted documents contain information that could cause serious damage or harm to the organization or its stakeholders if disclosed to unauthorized persons. Therefore, they should only be accessed by specific individuals who have a legitimate need to know and are authorized by the information owner. Confidential documents contain information that could cause damage or harm to the organization or its stakeholders if disclosed to unauthorized persons. Therefore, they should only be accessed by a defined group of people who have a legitimate need to know and are authorized by the information owner. ISO/IEC 27001:2022 requires the organization to classify information in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification (see clause A.8.2.1). Reference: CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course, ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is Information Classification?


NEW QUESTION # 54
Which of the following factors does NOT contribute to the value of data for an organisation?

  • A. The importance of data for processes
  • B. The indispensability of data
  • C. The content of data
  • D. The correctness of data

Answer: C


NEW QUESTION # 55
Which of the following is a possible event that can have a disruptive effect on the reliability of information?

  • A. Threat
  • B. Vulnerability
  • C. Dependency
  • D. Risk

Answer: A

Explanation:
A possible event that can have a disruptive effect on the reliability of information is a threat. A threat is anything that has the potential to harm an asset or its protection, such as a natural disaster, a human error, a malicious attack, etc. A threat can exploit a vulnerability or weakness in an asset or its protection and cause an adverse impact on the confidentiality, integrity or availability of information. ISO/IEC 27001:2022 defines threat as "potential cause of an unwanted incident, which can result in harm to a system or organization" (see clause 3.48). Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, What is Threat?


NEW QUESTION # 56
There is a scheduled fire drill in your facility. What should you do?

  • A. Call in sick
  • B. Participate in the drill
  • C. Excuse yourself by saying you have an urgent deliverable
  • D. None of the above

Answer: B

Explanation:
You should participate in the drill, because this is part of the organization's business continuity plan and emergency response procedures. The drill is intended to test the effectiveness and efficiency of the organization's preparedness for fire incidents, and to ensure the safety and security of the personnel and assets. By participating in the drill, you are demonstrating your compliance with the organization's information security policy and culture, as well as your awareness of the potential risks and impacts of fire incidents. The drill is also an opportunity for you to learn and improve your skills and knowledge on how to respond to fire emergencies. Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements, Why fire drills are important


NEW QUESTION # 57
Who are allowed to access highly confidential files?

  • A. Employees with a business need-to-know
  • B. Employees with signed NDA have a business need-to-know
  • C. Non-employees designated with approved access and have signed NDA
  • D. Contractors with a business need-to-know

Answer: A

Explanation:
According to ISO/IEC 27001:2022, clause 8.2.1, the organization shall ensure that access to information and information processing facilities is limited to authorized users based on the access control policy and in accordance with the business requirements of access control2. Therefore, only employees with a business need-to-know are allowed to access highly confidential files, and not contractors, non-employees or employees with signed NDA. Reference: ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) | CQI | IRCA


NEW QUESTION # 58
A scenario wherein the city or location where the building(s) reside is / are not accessible.

  • A. Component
  • B. Facility
  • C. City
  • D. Country

Answer: C

Explanation:
A scenario wherein the city or location where the building(s) reside is / are not accessible is called a city disaster scenario, according to the CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course. This scenario is one of the four types of disaster scenarios that should be considered in the business continuity planning process, along with component, facility and country scenarios. A city scenario may be caused by events such as natural disasters, civil unrest, terrorist attacks or pandemic outbreaks that affect the entire city or region where the organization operates. Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course]


NEW QUESTION # 59
You are an experienced ISMS audit team leader guiding an auditor in training. Your team has just completed a third-party surveillance audit of a mobile telecom provider. The auditor in training asks you how you intend to prepare for the Closing meeting. Which four of the following are appropriate responses?

  • A. I will contact head office to ensure our invoice has been paid, If not, I will cancel the closing meeting and temporarily withhold the audit report
  • B. I will review and, as appropriate, approve my teams audit conclusions
  • C. I will discuss any follow-up required with my audit team
  • D. I will review the audit evidence and the audit findings with the rest of the team
  • E. I will advise the auditee that the purpose of the closing meeting is for the audit team to communicate our findings. It is not an opportunity for the auditee to challenge these
  • F. I will schedule a closing meeting with the auditee's representatives at which the audit conclusions will be presented
  • G. I will instruct my audit team to wait outside the auditee's offices so we can leave as quickly as possible after the closing meeting. This saves our time and the client's time too
  • H. It is not necessary to prepare for the closing meeting. Once you have carried out as many audits as I have you already know what needs to be discussed

Answer: C,D,E,F

Explanation:
According to ISO 19011:2018, which provides guidelines for auditing management systems, clause 6.6 requires the audit team leader to conduct a closing meeting with the auditee's representatives at the end of the audit to present the audit conclusions and any findings1. The closing meeting should also provide an opportunity for the auditee to ask questions, clarify issues, acknowledge the findings, and comment on the audit process1. Therefore, when preparing for the closing meeting, an ISMS auditor should consider the following actions:
I will advise the auditee that the purpose of the closing meeting is for the audit team to communicate our findings. It is not an opportunity for the auditee to challenge these: This action is appropriate because it reflects the fact that the auditor has followed a systematic and consistent approach to collecting and evaluating audit evidence and reaching audit conclusions. The auditor should advise the auditee that the purpose of the closing meeting is for the audit team to communicate their findings, which are based on objective evidence and professional judgement. The auditor should also explain that it is not an opportunity for the auditee to challenge these findings, as they have already been discussed and confirmed during the audit. However, the auditor should also invite the auditee to ask questions, clarify issues, acknowledge the findings, and comment on the audit process1.
I will schedule a closing meeting with the auditee's representatives at which the audit conclusions will be presented: This action is appropriate because it reflects the fact that the auditor has followed a planned and agreed audit programme and schedule. The auditor should schedule a closing meeting with the auditee's representatives at which the audit conclusions will be presented, in accordance with clause 6.6 of ISO 19011:20181. The auditor should also ensure that the closing meeting is attended by those responsible for managing or implementing the ISMS, as well as any other relevant parties1.
I will discuss any follow-up required with my audit team: This action is appropriate because it reflects the fact that the auditor has followed a risk-based approach to determining and reporting any follow-up actions required by the auditee or the certification body. The auditor should discuss any follow-up required with their audit team, such as verifying corrective actions for nonconformities or conducting a subsequent audit1. The auditor should also document any follow-up actions in the audit report1.
I will review and, as appropriate, approve my teams audit conclusions: This action is appropriate because it reflects the fact that the auditor has followed a rigorous and professional process to reaching and reporting audit conclusions. The auditor should review and, as appropriate, approve their teams audit conclusions, which are based on objective evidence and professional judgement. The auditor should also ensure that their teams audit conclusions are consistent with the audit objectives and scope, and reflect the overall performance and conformity of the ISMS1.


NEW QUESTION # 60
You are an experienced ISMS audit team leader guiding an auditor in training. You are testing her understanding of follow-up audits by asking her a series of questions to which the answer is either "true* or 'false'. Which four of the following questions should the answer be true"'

  • A. The outcomes of a follow-up audit should be reported to top management and the audit team leader who carried out the audit where the nonconformities were initially identified
  • B. The outcome of a follow-up audit could be a recommendabon to suspend the client's certification
  • C. The outcome of a follow-up audit could lower a major nonconformity to minor status
  • D. A follow-up audit is required only in instances where a major nonconformity has been identified
  • E. The outcomes of a follow-up audit should be reported to the individual managing the audit programme and the audit client
  • F. A follow-up audit is required in all instances where nonconformities have been identified
  • G. A follow-up audit may be carried out where nonconformities are minor
  • H. A follow-up audit may be carried out where nonconformities are major

Answer: A,E,G,H

Explanation:
A follow-up audit may be carried out where nonconformities are major. This is true because a major nonconformity is a situation that raises significant doubt about the ability of the organization's management system to achieve its intended results, and therefore requires immediate corrective action. A follow-up audit is necessary to verify the effectiveness of the corrective action and the conformity of the management system12.
A follow-up audit may be carried out where nonconformities are minor. This is true because a minor nonconformity is a situation that does not affect the capability of the management system to achieve its intended results, but represents a deviation from the specified requirements. A follow-up audit may be conducted to check the implementation of the corrective action and the improvement of the management system12.
The outcomes of a follow-up audit should be reported to top management and the audit team leader who carried out the audit where the nonconformities were initially identified. This is true because the top management is responsible for ensuring the effectiveness and continual improvement of the management system, and the audit team leader is accountable for the audit process and the audit conclusions. The follow-up audit report should provide them with objective evidence of the status of the nonconformities and the corrective actions taken by the auditee13.
The outcomes of a follow-up audit should be reported to the individual managing the audit programme and the audit client. This is true because the individual managing the audit programme is responsible for planning, implementing, monitoring and reviewing the audit activities, and the audit client is the organization or person requesting an audit. The follow-up audit report should inform them of the results of the follow-up audit and any changes in the certification status of the auditee13.
Reference:
ISO 19011:2022 Guidelines for auditing management systems
ISO/IEC 27001:2022 Information technology - Security techniques - Information security management systems - Requirements ISO/IEC 17021-1:2022 Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements


NEW QUESTION # 61
Which of the following is a possible event that can have a disruptive effect on the reliability of information?

  • A. Threat
  • B. Vulnerability
  • C. Dependency
  • D. Risk

Answer: A


NEW QUESTION # 62
CEO sends a mail giving his views on the status of the company and the company's future strategy and the CEO's vision and the employee's part in it. The mail should be classified as

  • A. Restricted Mail
  • B. Confidential Mail
  • C. Public Mail
  • D. Internal Mail

Answer: D


NEW QUESTION # 63
A fire breaks out in a branch office of a health insurance company. The personnel are transferred to neighboring branches to continue their work.
Where in the incident cycle is moving to a stand-by arrangements found?

  • A. between recovery and threat
  • B. between incident and damage
  • C. between threat and incident
  • D. between damage and recovery

Answer: B

Explanation:
Moving to a stand-by arrangement is found between incident and damage in the incident cycle. The incident cycle is a model that describes the phases of an incident from its occurrence to its resolution. The incident cycle consists of four phases: threat, incident, damage, and recovery1. A threat is a potential cause or source of harm to an organization's information assets or systems. An incident is an event that compromises the confidentiality, integrity, or availability of information assets or systems. Damage is the negative impact or consequence of an incident on the organization's assets, operations, reputation, or legal obligations. Recovery is the process of restoring normal service and operations after an incident and preventing recurrence2. Moving to a stand-by arrangement is a form of contingency plan that enables the organization to continue its critical activities in an alternative location or mode after an incident. This measure is taken before the damage caused by the incident is fully assessed or contained. Therefore, moving to a stand-by arrangement is found between incident and damage in the incident cycle. Reference: [ISO/IEC 27031:2011], clause 4.2; [ISO/IEC 27035:2016], clause 4.


NEW QUESTION # 64
Changes on project-managed applications or database should undergo the change control process as documented.

  • A. True
  • B. False

Answer: A


NEW QUESTION # 65
The following are definitions of Information, except:

  • A. can lead to understanding and decrease in uncertainty
  • B. accurate and timely data
  • C. mature and measurable data
  • D. specific and organized data for a purpose

Answer: C


NEW QUESTION # 66
A planning process that introduced the concept of planning as a cycle that forms the basis for continuous improvement is called:

  • A. planning for continuous improvement.
  • B. plan, do, check, act.
  • C. time based planning.
  • D. RACI Matrix

Answer: B


NEW QUESTION # 67
Which is not a requirement of HR prior to hiring?

  • A. Must undergo Awareness training on information security.
  • B. Applicant must complete pre-employment documentation requirements
  • C. Undergo background verification
  • D. Must successfully pass Background Investigation

Answer: A


NEW QUESTION # 68
......

Valid ISO-IEC-27001-Lead-Auditor Dumps for Helping Passing PECB Exam: https://www.pdfvce.com/PECB/ISO-IEC-27001-Lead-Auditor-exam-pdf-dumps.html

Download Free PECB ISO-IEC-27001-Lead-Auditor Exam Questions & Answer: https://drive.google.com/open?id=16qrOBAcNvCKIyGDg59GF3pq82Uyivlwq

Related Articles

more
PECB ISO-IEC-27001-Lead-Auditor Certification Practice Exam