Pecb udemy selected Iso-iec-27001-lead-auditor Iso 27001 Questions Answers by Neve q90 vce pdf

Page: 6 / 20

Exam Name:	PECB Certified ISO/IEC 27001 Lead Auditor exam
Exam Code:	ISO-IEC-27001-Lead-Auditor Dumps
Vendor:	PECB	Certification:	ISO 27001
Questions:	275 Q&A's	Shared By:	neve

Question 24

What is we do in ACT - From PDCA cycle

Options:

Take actions to continually monitor process performance

Take actions to continually improve process performance

Take actions to continually monitor process performance

Take actions to continually improve people performance

Discussion

Hassan

Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.

Kasper (not set)

Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel (not set)

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Lois

I passed my exam with wonderful score. Their dumps are 100% valid and I felt confident during the exam.

Ernie (not set)

Absolutely. The best part is, the answers in the dumps were correct. So, I felt confident and well-prepared for the exam.

Aliza

I used these dumps for my recent certification exam and I can say with certainty that they're absolutely valid dumps. The questions were very similar to what came up in the actual exam.

Jakub (not set)

That's great to hear. I am going to try them soon.

Melody

My experience with Cramkey was great! I was surprised to see that many of the questions in my exam appeared in the Cramkey dumps.

Colby (not set)

Yes, In fact, I got a score of above 85%. And I attribute a lot of my success to Cramkey's dumps.

Question 25

After drafting the audit conclusions, the work documents of the audit team leader were reviewed by another auditor selected by the certification body. Is this acceptable?

Options:

Yes, the work documents of the audit team leader must be reviewed by another auditor after reaching audit conclusions

No, the work of the audit team leader must be reviewed before reaching an audit conclusion

No' it is only the audit team leader that reviews the work documents of each auditor

Discussion

Question 26

Scenario 5: Data Grid Inc. is a well-known company that delivers security services across the entire information technology infrastructure. It provides cybersecurity software, including endpoint security, firewalls, and antivirus software. For two decades, Data Grid Inc. has helped various companies secure their networks through advanced products and services. Having achieved reputation in the information and network security field, Data Grid Inc. decided to obtain the ISO/IEC 27001 certification to better secure its internal and customer assets and gain competitive advantage.

Data Grid Inc. appointed the audit team, who agreed on the terms of the audit mandate. In addition, Data Grid Inc. defined the audit scope, specified the audit criteria, and proposed to close the audit within five days. The audit team rejected Data Grid Inc.'s proposal to conduct the audit within five days, since the company has a large number of employees and complex processes. Data Grid Inc. insisted that they have planned to complete the audit within five days, so both parties agreed upon conducting the audit within the defined duration. The audit team followed a risk-based auditing approach.

To gain an overview of the main business processes and controls, the audit team accessed process descriptions and organizational charts. They were unable to perform a deeper analysis of the IT risks and controls because their access to the IT infrastructure and applications was restricted. However, the audit team stated that the risk that a significant defect could occur to Data Grid Inc.'s ISMS was low since most of the company's processes were automated. They therefore evaluated that the ISMS, as a whole, conforms to the standard requirements by asking the representatives of Data Grid Inc. the following questions:

•How are responsibilities for IT and IT controls defined and assigned?

•How does Data Grid Inc. assess whether the controls have achieved the desired results?

•What controls does Data Grid Inc. have in place to protect the operating environment and data from malicious software?

•Are firewall-related controls implemented?

Data Grid Inc.'s representatives provided sufficient and appropriate evidence to address all these questions.

The audit team leader drafted the audit conclusions and reported them to Data Grid Inc.'s top management. Though Data Grid Inc. was recommended for certification by the auditors, misunderstandings were raised between Data Grid Inc. and the certification body in regards to audit objectives. Data Grid Inc. stated that even though the audit objectives included the identification of areas for potential improvement, the audit team did not provide such information.

Based on this scenario, answer the following question:

Based on scenario 5, the audit team assessed the ISMS as a whole, rather than assessing the effectiveness and conformity of each process. Is this acceptable?

Options:

Yes, due to time constraints for the audit completion, the audit team must obtain absolute assurance by assessing the ISMS as a whole

No, the audit team should obtain assurance that the ISMS conforms to the standard requirements by assessing each process

Yes, if the audit team has obtained a reasonable assurance that helps them evaluate the ISMS conformity

Discussion

Question 27

You are carrying out a third-party surveillance audit of a client's ISMS. You are currently in the secure storage area of the data centre where the organisation's customers are able to temporarily locate equipment coming into or going out of the site. The equipment is contained within locked cabinets and each cabinet is allocated to a single, specific client.

Out of the corner of your eye you spot movement near the external door of the storage area. This is followed by a loud noise. You ask the guide what is going on. They tell you that recent high rainfall has raised local river levels and caused an infestation of rats. The noise was a specialist pest control stunning device being triggered. You check the device in the corner and find there is a large immobile rat contained within it.

What three actions would be appropriate to take next?

Options:

Take no further action. This is an ISMS audit, not an environmental management system audit

Investigate whether pest infestation is an identified risk and if so, what risk treatment is to be applied

Determine whether the high levels of rainfall have had other impacts on data centre operations e.g. damage to infrastructure, access issues for clients, invocation of business continuity arrangements

Raise a nonconformity against control 7.4 Physical Security monitoring

Raise a nonconformity against control 7.2 Physical Entry

Check with the guide that they intend to initiate the organisation's information security incident process

Inspect the client cabinets for signs of rodent ingress and record your findings as audit evidence