Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: big60

Page: 1 / 20

ISO 27001 PECB Certified ISO/IEC 27001 2022 Lead Auditor exam

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam

Last Update Jul 24, 2024
Total Questions : 275

To help you prepare for the ISO-IEC-27001-Lead-Auditor PECB exam, we are offering free ISO-IEC-27001-Lead-Auditor PECB exam questions. All you need to do is sign up, provide your details, and prepare with the free ISO-IEC-27001-Lead-Auditor practice questions. Once you have done that, you will have access to the entire pool of PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor test questions which will help you better prepare for the exam. Additionally, you can also find a range of PECB Certified ISO/IEC 27001 2022 Lead Auditor exam resources online to help you better understand the topics covered on the exam, such as PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor video tutorials, blogs, study guides, and more. Additionally, you can also practice with realistic PECB ISO-IEC-27001-Lead-Auditor exam simulations and get feedback on your progress. Finally, you can also share your progress with friends and family and get encouragement and support from them.

Questions 4

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify that the Statement of Applicability (SoA) contains the necessary controls. You review the latest SoA (version 5) document, sampling the access control to the source code (A.8.4), and want to know how the organisation secures ABC's healthcare mobile app source code received from an outsourced software developer.

The IT Security Manager explains the received source code will be checked into the SCM system to make sure of its integrity and security. Only authorised users will be able to check out the software to update it. Both check-in and check-out activities will be logged by the system automatically. The version control is managed by the system automatically.

You found a total of 10 user accounts on the SCM. All of them are from the IT department. You further check with the Human Resource manager and confirm that one of the users, Scott, resigned 9 months ago. The SCM System Administrator confirmed Scott's last check-out of the source code was found 1 month ago. He was using one of the authorised desktops from the local network in a secure area.

You check the user de-registration procedure which states "Managers have to make sure of deregistration of the user account and authorisation immediately from the relevant ICT system and/or equipment after resignation approval." There was no deregistration record for user Scott.

The IT Security Manager explains that Scott is a very good software engineer, an ex-colleague, and a friend. He still comes back to the office every month after he resigned to provide support on source code maintenance. That's why his account on SCM still exists. "We know Scott well and he passed all our background checks when he joined us. As such we didn't feel it necessary to agree any further information security requirements with him just because he is now an external provider".

You prepare the audit findings. Select the three correct options.

Options:

A.  

There is a nonconformity (NC). Scott should have been advised of applicable information security requirements relevant to his new relationship (external provider) with the nursing home. The IT security manager has however confirmed that this did not take place. This does not conform with control

A.  

5.20.

B.  

There is a nonconformity (NC). The organisation's access control arrangements are not operating effectively as an individual who is no longer employed by the organisation is being permitted to access the nursing home's ICT systems. This does not conform with control A.5.15.

C.  

There is a nonconformity (NC). The IT Security manager did not make sure the user account for Scott was removed from the SCM and did not complete the user deregistration process after the resignation. This does not conform with clause 9.1 and control A.5.15.

D.  

There is a nonconformity (NC). The operating procedures are not well documented. This prevented the SCM System Administrator from being able to remove a user account immediately. This does not conform with clause 9.1 and control A.5.37.

E.  

There is a nonconformity (NC). The organisation does not have a documented procedure setting out the use of systematic tools to provide access and version control of the source code. This does not conform with clause 9.1 and control A.8.4.

F.  

There is a nonconformity (NC). The organisation has failed to identify the security risks associated with leaving Scott's account open when he was only re-engaged for a short period monthly. This does not conform with clause 8.2.

G.  

There is a nonconformity (NC). The SCM is open-source system software. It is not secured and cannot be used for access and version control of the source code. This does not conform with clause 9.1 and control A.8.4.

Discussion 0
Lennox
Something Special that they provide a comprehensive overview of the exam content. They cover all the important topics and concepts, so you can be confident that you are well-prepared for the test.
Aiza (not set)
That makes sense. What makes Cramkey Dumps different from other study materials?
Stefan
Thank you so much Cramkey I passed my exam today due to your highly up to date dumps.
Ocean (not set)
Agree….Cramkey Dumps are constantly updated based on changes in the exams. They also have a team of experts who regularly review the materials to ensure their accuracy and relevance. This way, you can be sure you're studying the most up-to-date information available.
Addison
Want to tell everybody through this platform that I passed my exam with excellent score. All credit goes to Cramkey Exam Dumps.
Libby (not set)
That's good to know. I might check it out for my next IT certification exam. Thanks for the info.
Madeleine
Passed my exam with my dream score…. Guys do give these dumps a try. They are authentic.
Ziggy (not set)
That's really impressive. I think I might give Cramkey Dumps a try for my next certification exam.
Questions 5

You are an experienced ISMS audit team leader, assisting an auditor in training to write their first audit report.

You want to check the auditor in training's understanding of terminology relating to the contents of an audit report and chose to do this by presenting the following examples.

For each example, you ask the auditor in training what the correct term is that describes the activity

Match the activity to the description.

Questions 5

Options:

Discussion 0
Questions 6

Questions 6

Options:

Discussion 0
Questions 7

-------------------------is an asset like other important business assets has value to an organization and consequently needs to be protected.

Options:

A.  

Infrastructure

B.  

Data

C.  

Information

D.  

Security

Discussion 0
Title
Questions
Posted

ISO-IEC-27001-Lead-Auditor
PDF

$40  $99.99

ISO-IEC-27001-Lead-Auditor Testing Engine

$48  $119.99

ISO-IEC-27001-Lead-Auditor PDF + Testing Engine

$64  $159.99