Online Access Free ISO-IEC-27001-Lead-Auditor Exam Questions

You received an email requiring you to send information such as name, email, and password in order to continue using your email account. If you do not send such information, your email account will be disabled. What does this scenario present?

• A.An unauthorized action type of threat
• B.A compromise of information type of threat
• C.A personnel type of vulnerability

In the context of a third-party certification audit, confidentiality is an issue in an audit programme. Select two options which correctly state the function of confidentiality in an audit

• A.Auditors should obtain the auditee's permission before using a camera or recording equipment
• B.Audit information can be used for improving personal competence by the auditor
• C.Observers in an audit team cannot access any confidential information
• D.Auditors are forced by regulatory requirements to maintain confidentiality in an audit
• E.As an auditor is always accompanied by a guide, there is no risk to the auditee's sensitive information
• F.Confidentiality is one of the principles of audit conduct

You are an ISMS auditor conducting a third-party surveillance audit of a telecom's provider. You are in the equipment staging room where network switches are pre-programmed before being despatched to clients. You note that recently there has been a significant increase in the number of switches failing their initial configuration test and being returned for reprogramming.
You ask the Chief Tester why and she says, 'It's a result of the recent ISMS upgrade'. Before the upgrade each technician had their own hard copy work instructions. Now, the eight members of my team have to share two laptops to access the clients' configuration instructions online. These delays put pressure on the technicians, resulting in more mistakes being made'.
Based solely on the information above, which clause of ISO to raise a nonconformity against' Select one.

• A.Clause 7.3 - Awareness
• B.Clause 10.2 - Nonconformity and corrective action
• C.Clause 8.1 - Operational planning and control
• D.Clause 7.4 - Communication
• E.Clause 7.2 - Competence
• F.Clause 7.5 - Documented information

You are an experienced ISMS audit team leader conducting a third-party surveillance visit.
You notice that although the auditee is claiming conformity with ISO/IEC 27001:2022 they are still referring to Improvement as clause 10.2 (as it was in the 2013 edition) when this is now clause 10.1 in the 2022 edition. You have confirmed they are meeting all of the 2022 requirements set out in the standard.
Select one option of the action you should take.

• A.Raise a nonconformity against clause 7.5.3 - Control of documented information
• B.Bring the matter up at the closing meeting
• C.Note the issue in the audit report
• D.Raise it as an opportunity for improvement

You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services. You find all nursing home residents wear an electronic wristband for monitoring their location, heartbeat, and blood pressure always. You learned that the electronic wristband automatically uploads all data to the artificial intelligence (AI) cloud server for healthcare monitoring and analysis by healthcare staff.
To verify the scope of ISMS, you interview the management system representative (MSR) who explains that the ISMS scope covers an outsourced data center.
Select one option of the correct statement which defines the content of the scope of the ISMS.

• A.The most likely ISMS scope is to cover the IT department and the outsourced data centre
• B.The ISMS scope should not cover external service providers because they can have compliance difficulties with the information security policy and requirements
• C.The ISMS scope should take any information security issues that have occurred and any interested parties' requirements into consideration
• D.The organisation should only follow the government's recommendation, i.e., legal and legislation to define the ISMS scope