ISO-IEC-27001-LEAD-AUDITOR Exam Questions

What is meant by the term 'Corrective Action'? Select one

Which two of the following options do not participate in a first-party audit?

Which two of the following phrases would apply to "act" in relation to the Plan-Do-Check-Act cycle for a business process?

During an audit, the audit team leader reached timely conclusions based on logical reasoning and analysis. What professional behaviour was displayed by the audit team leader?

Audit methods can be either with or without interaction with individuals representing the auditee. Which two of the following methods are with interaction?

Which two of the following options are an advantage of using a sampling plan for the audit?

You are an experienced ISMS audit team leader conducting a third-party surveillance visit. You notice that although the auditee is claiming conformity with ISO/IEC 27001:2022 they...

You are an experienced audit team leader guiding an auditor in training. Your team is currently conducting a third-party surveillance audit of an organisation that stores data on b...

You are an experienced audit team leader conducting a third-party surveillance audit of an organisation that designs websites for its clients. You are currently reviewing the organ...

You are an experienced ISMS audit team leader conducting a third-party surveillance audit of an internet services provider. You are reviewing the organization's risk assessment pro...

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident ma...

You are conducting an ISMS audit. The next step in your audit plan is to verify that the organisation's information security risk treatment plan has been established and implemente...

You are carrying out your first third-party ISMS surveillance audit as an Audit Team Leader. You are presently in the auditee's data centre with another member of your audit team....

You are an ISMS audit team leader assigned by your certification body to carry out a follow-up audit of a Data Centre client. According to ISO 19011:2018, the purpose of a follow-u...

You are an experienced ISMS audit team leader guiding an auditor in training. She asks you about the grading of nonconformities in audit reports. You decide to test her knowledge b...

Which two of the following are valid audit conclusions?

You are the audit team leader conducting a third-party audit of an online insurance organisation. During Stage 1, you found that the organisation took a very cautious risk approach...

Which one of the following options is the definition of the context of an organisation?

Which two of the following phrases would apply to "audit objectives"?

Auditor competence is a combination of knowledge and skills. Which two of the following activities are predominately related to "knowledge"?

Review the following statements and determine which two are false:

You are an experienced audit team leader conducting a third-party surveillance audit of an organisation that designs websites for its clients. You are currently reviewing the organ...

You are an experienced ISMS audit team leader providing guidance to an auditor in training. The auditor in training appears to be confused about the interpretation of competence in...

You are an experienced ISMS audit team leader. You are providing an introduction to ISO/IEC 27001:2022 to a class of Quality Management System Auditors who are seeking to retrain t...

You are conducting a third-party surveillance audit when another member of the audit team approaches you seeking clarification. They have been asked to assess the organisation's ap...

You are an ISMS audit team leader preparing to chair a closing meeting following a third-party surveillance audit. You are drafting a closing meeting agenda setting out the topics...

Which four of the following statements about audit reports are true?

Auditors should have certain knowledge and skills; while audit team leaders should have some additional knowledge and skills. From the following list, select two that only apply to...

An auditor of organisation A performs an audit of supplier B. Which two of the following actions is likely to represent a breach of confidentiality by the auditor after having iden...

Which two of the following options for information are not required for audit planning of a certification audit?

You are carrying out a third-party surveillance audit of a client's ISMS. You are currently in the secure storage area of the data centre where the organisation's customers are abl...

Which one of the following options best describes the main purpose of a Stage 2 third-party audit?

Which two of the following statements are true?

An audit finding is the result of the evaluation of the collected audit evidence against audit criteri

Which two of the following standards are used as ISMS third-party certification audit criteria?

You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services. The next step in your audit plan is to verify the information security...

You are conducting a third-party surveillance audit when another member of the audit team approaches you seeking clarification. They have been asked to assess the organisation's ap...

You are carrying out your first third-party ISMS surveillance audit as an audit team leader. You are presently in the auditee's data centre with another member of your audit team a...

You are an ISMS audit team leader tasked with conducting a follow-up audit at a client's data centre. Following two days on-site you conclude that of the original 12 minor and 1 ma...

After completing Stage 1 and in preparation for a Stage 2 initial certification audit, the auditee informs the audit team leader that they wish to extend the audit scope to include...

Review the following statements and determine which two are false:

You are performing an ISMS audit at a residential nursing home (ABC) that provides healthcare services. The next step in your audit plan is to verify the information security of AB...

You are an experienced audit team leader guiding an auditor in training. Your team is currently conducting a third-party surveillance audit of an organisation that stores data on b...

An audit team leader is planning a follow-up audit after the completion of a third-party surveillance audit earlier in the year. They have decided they will verify the nonconformit...

Which two options are benefits of third-party accredited certification of information security management systems to ISO/IEC 27001:2022 for organisations and interested parties?

An organisation has ISO/IEC 27001 Information Security Management System (ISMS) certification from a third-party certification body. Which one of the following represents an advant...

Which one option best describes the purpose of retaining documented information related to the Information Security Management System (ISMS) of an organisation?

In the context of a third-party certification audit, it is very important to have effective communication. Select an option that contains the correct answer about communication in...

Which one of the following options best describes the purpose of a Stage 2 audit?

In the context of a third-party certification audit, which two options state the management responsibilities of the audit team leader in managing the audit and the audit team?