PECB Certified ISO/IEC 27001 Lead Auditor exam
Last Update Apr 23, 2024
Total Questions : 275
To help you prepare for the ISO-IEC-27001-Lead-Auditor PECB exam, we are offering free ISO-IEC-27001-Lead-Auditor PECB exam questions. All you need to do is sign up, provide your details, and prepare with the free ISO-IEC-27001-Lead-Auditor practice questions. Once you have done that, you will have access to the entire pool of PECB Certified ISO/IEC 27001 Lead Auditor exam ISO-IEC-27001-Lead-Auditor test questions which will help you better prepare for the exam. Additionally, you can also find a range of PECB Certified ISO/IEC 27001 Lead Auditor exam resources online to help you better understand the topics covered on the exam, such as PECB Certified ISO/IEC 27001 Lead Auditor exam ISO-IEC-27001-Lead-Auditor video tutorials, blogs, study guides, and more. Additionally, you can also practice with realistic PECB ISO-IEC-27001-Lead-Auditor exam simulations and get feedback on your progress. Finally, you can also share your progress with friends and family and get encouragement and support from them.
You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify that the Statement of Applicability (SoA) contains the necessary controls. You review the latest SoA (version 5) document, sampling the access control to the source code (A.8.4), and want to know how the organisation secures ABC's healthcare mobile app source code received from an outsourced software developer.
The IT Security Manager explains the received source code will be checked into the SCM system to make sure of its integrity and security. Only authorised users will be able to check out the software to update it. Both check-in and check-out activities will be logged by the system automatically. The version control is managed by the system automatically.
You found a total of 10 user accounts on the SCM. All of them are from the IT department. You further check with the Human Resource manager and confirm that one of the users, Scott, resigned 9 months ago. The SCM System Administrator confirmed Scott's last check-out of the source code was found 1 month ago. He was using one of the authorised desktops from the local network in a secure area.
You check the user de-registration procedure which states "Managers have to make sure of deregistration of the user account and authorisation immediately from the relevant ICT system and/or equipment after resignation approval." There was no deregistration record for user Scott.
The IT Security Manager explains that Scott is a very good software engineer, an ex-colleague, and a friend. He still comes back to the office every month after he resigned to provide support on source code maintenance. That's why his account on SCM still exists. "We know Scott well and he passed all our background checks when he joined us. As such we didn't feel it necessary to agree any further information security requirements with him just because he is now an external provider".
You prepare the audit findings. Select the three correct options.
You are an experienced ISMS audit team leader, assisting an auditor in training to write their first audit report.
You want to check the auditor in training's understanding of terminology relating to the contents of an audit report and chose to do this by presenting the following examples.
For each example, you ask the auditor in training what the correct term is that describes the activity
Match the activity to the description.
-------------------------is an asset like other important business assets has value to an organization and consequently needs to be protected.