PECB ISO-IEC-27001-Lead-Auditor Exam Dumps

You are performing an ISMS audit at a nursing home where residents always wear an electronic wristband for monitoring their location, heartbeat, and blood pressure. The wristband automatically uploads this data to a cloud server for healthcare monitoring and analysis by staff.

You now wish to verify that the information security policy and objectives have been established by top management. You are sampling the mobile device policy and identify a security objective of this policy is "to ensure the security of teleworking and use of mobile devices" The policy states the following controls will be applied in order to achieve this.

Personal mobile devices are prohibited from connecting to the nursing home network, processing, and storing residents'

data.

The company's mobile devices within the ISMS scope shall be registered in the asset register.

The company's mobile devices shall implement or enable physical protection, i.e., pin-code protected screen lock/unlock,

facial or fingerprint to unlock the device.

The company's mobile devices shall have a regular backup.

To verify that the mobile device policy and objectives are implemented and effective, select three options for your audit trail.

AInterview the reception personnel to make sure all visitor and employee bags are checked before entering the nursing home

BReview visitors' register book to make sure no visitor can have their personal mobile phone in the nursing home

CReview the internal audit report to make sure the IT department has been audited

DReview the asset register to make sure all personal mobile devices are registered

ESampling some mobile devices from on-duty medical staff and validate the mobile device information with the asset register

FReview the asset register to make sure all company's mobile devices are registered

GInterview the supplier of the devices to make sure they are aware of the ISMS policy

HInterview top management to verify their involvement in establishing the information security policy and the information security objectives

Question 2

You are carrying out your first third-party ISMS surveillance audit as an Audit Team Leader. You are presently in the auditee's data centre with another member of your audit team.

Your colleague seems unsure as to the difference between an information security event and an information security incident. You attempt to explain the difference by providing examples.

Which three of the following scenarios can be defined as information security incidents?

AThe organisation's malware protection software prevents a virus

BA hard drive is used after its recommended replacement date

CThe organisation receives a phishing email

DAn employee fails to clear their desk at the end of their shift

EA contractor who has not been paid deletes top management ICT accounts

FAn unhappy employee changes payroll records without permission

GThe organisation fails a third-party penetration test

HThe organisation's marketing data is copied by hackers and sold to a competitor

Question 3

You are an experienced ISMS auditor, currently providing support to an ISMS auditor in training who is carrying out her first initial certification audit. She asks you what she should be verifying when auditing an organisation's Information Security objectives. You ask her what she has included in her audit checklist and she provides the following replies.

Which three of these responses would you cause you concern in relation to conformity with ISO/IEC 27001:2022?

AI am going to check how each Information Security objective has been communicated to those who need to be aware of it in order for the objective to be achieved

BI am going to check that top management have determined the Information Security objectives for the current year. If not, I will check that this task has been programmed to be completed

CI am going to check that the Information Security objectives are written down on paper so that everyone is clear on what needs to be achieved, how it will be achieved, and by when it will be achieved

DI am going to check that there is a process in place to periodically revisit Information Security objectives, with a view to amending or cancelling them if circumstances necessitate this

EI am going to check that a completion date has been set for each objective and that there are no objectives with missing 'achieve by' dates

FI am going to check that the necessary budget, manpower and materials to achieve each objective has been determined

GI am going to check that all the Information Security objectives are measurable. If they are not measurable the organisation will not be able to track progress against them

Question 4

You are preparing the audit findings. Select two options that are correct.

AThere is an opportunity for improvement (OFI). The iLiirmation security incident training effectiveness can be improved. This is relevant to clause 7.2 and control A.6.3.

BThere is no nonconformance. The information security weaknesses, events, and incidents are reported. This conforms with clause 9.1 and control A.5.24.

CThere is no nonconformance. The information security handling training has performed, and its effectiveness was evaluated. This conforms with clause 7.2 and control A.6.3.

DThere is a nonconformity (NC). Based on sampling interview results, none of the interviewees were able to describe the incident management procedure reporting process including the role and responsibilities of personnel. This is not conforming with clause 9.1 and control A.5.24.

EThere is a nonconformity (NC). The information security incident training has failed. This is not conforming with clause 7.2 and control A.6.3.

FThere is an opportunity for improvement (OFI). The information security weaknesses, events, and madents are reported. This is relevant to clause 9.1 and control A.5.24.

Unlock All Features of PECB ISO-IEC-27001-Lead-Auditor Dumps Software

Just have a look at the best and updated features of our ISO-IEC-27001-Lead-Auditor dumps which are described in detail in the following tabs. We are very confident that you will get the best deal on this platform.

Select Question
Types you want

Set your desired
pass percentage

Allocate Time
(Hours: Minutes)

Create Multiple
Practice test with
limited questions

Customer
Support

Latest Success Metrics For actual ISO-IEC-27001-Lead-Auditor Exam

This is the best time to verify your skills and accelerate your career. Check out last week's results, more than 90% of students passed their exam with good scores. You may be the Next successful Candidate.

95%

Average Passing Scores in final Exam

91%

Exactly Same Questions from these dumps

90%

Customers Passed PECB ISO-IEC-27001-Lead-Auditor exam

Get PECB ISO-IEC-27001-Lead-Auditor Exam Dumps