ISO-IEC-27001-LEAD-AUDITOR Exam Questions

Which one of the following should be reviewed against the audit criteria to determine audit findings?

You are an experienced ISMS Audit Team Leader, talking to an Auditor in training who has been assigned to your audit team. You want to ensure that they understand the importance of...

You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services. The next step in your audit plan is to verify the information security...

You are performing an ISMS initial certification audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to conduct the closing m...

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident ma...

You are performing an ISMS initial certification audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to conduct the closing m...

Scenario: Northstorm is an online retail shop offering unique vintage and modern accessories. It initially entered a small market but gradually grew thanks to the development of th...

Scenario: Northstorm is an online retail shop offering unique vintage and modern accessories. It initially entered a small market but gradually grew thanks to the development of th...

Scenario: Northstorm is an online retail shop offering unique vintage and modern accessories. It initially entered a small market but gradually grew thanks to the development of th...

Scenario: Northstorm is an online retail shop offering unique vintage and modern accessories. It initially entered a small market but gradually grew thanks to the development of th...

Scenario: After an information security incident, an organization created a comprehensive backup procedure involving regular, automated backups of all critical data to offsite stor...

Scenario: A data processing tool crashed when a user added more data to the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound-check...

Which of the following best defines managerial controls?

What is the objective of penetration testing in the risk assessment process?

Which controls are related to the Annex A controls of ISO/IEC 27001 and are often selected from other guides and standards or defined by the organization to meet its specific needs...

Which of the following statements regarding threats and vulnerabilities in information security is NOT correct?

Which situation presented below represents a threat?

A cybersecurity company implemented an access control software that allows only authorized personnel to access sensitive files. Which type of control has the company implemented in...

Scenario 2: Clinic, founded in the 1990s, is a medical device company that specializes in treatments for heart- related conditions and complex surgical interventions. Based in Euro...

Scenario 2: Clinic, founded in the 1990s, is a medical device company that specializes in treatments for heart- related conditions and complex surgical interventions. Based in Euro...

Scenario 2: Clinic, founded in the 1990s, is a medical device company that specializes in treatments for heart- related conditions and complex surgical interventions. Based in Euro...

Scenario 2: Clinic, founded in the 1990s, is a medical device company that specializes in treatments for heart- related conditions and complex surgical interventions. Based in Euro...

Scenario 2: Clinic, founded in the 1990s, is a medical device company that specializes in treatments for heart- related conditions and complex surgical interventions. Based in Euro...

According to ISO/IEC 27001, Clause 5.1 (Leadership and Commitment), which of the following is NOT a responsibility of top management?

A marketing agency has developed its risk assessment approach as part of the ISMS implementation. Is this acceptable?

Which of the following statements regarding documented information in an organization's ISMS is incorrect?

Scenario 5: Cobt. an insurance company in London, offers various commercial, industrial, and life insurance solutions. In recent years, the number of Cobt's clients has increased e...

Scenario 5: Cobt. an insurance company in London, offers various commercial, industrial, and life insurance solutions. In recent years, the number of Cobt's clients has increased e...

Scenario 5: Cobt. an insurance company in London, offers various commercial, industrial, and life insurance solutions. In recent years, the number of Cobt's clients has increased e...

Scenario 5: Cobt. an insurance company in London, offers various commercial, industrial, and life insurance solutions. In recent years, the number of Cobt's clients has increased e...

Scenario 5: Cobt. an insurance company in London, offers various commercial, industrial, and life insurance solutions. In recent years, the number of Cobt's clients has increased e...

Three auditors were assigned to conduct a certification audit in Company X. Before the audit commenced, the certification body provided the auditors' names and background informati...

What is the main reason for sending an engagement letter before the initial contact with the auditee?

In a joint audit involving multiple audit teams, how many audit team leaders are typically designated per audit?

Why should materiality be considered during the initial contact?

During which stage of the audit do auditors identify key processes to be audited and prioritize based on materiality?

When multiple offices of a certification body are involved, what must be ensured?

An organization is evaluating the materiality of different processes within its ISMS. It is assessing the direct expenses involved with personnel, third-party services, and general...

Scenario 3: Rebuildy is a construction company located in Bangkok.. Thailand, that specializes in designing, building, and maintaining residential buildings. To ensure the security...

Scenario 3: Rebuildy is a construction company located in Bangkok.. Thailand, that specializes in designing, building, and maintaining residential buildings. To ensure the security...

Scenario 3: Rebuildy is a construction company located in Bangkok.. Thailand, that specializes in designing, building, and maintaining residential buildings. To ensure the security...

Scenario 3: Rebuildy is a construction company located in Bangkok.. Thailand, that specializes in designing, building, and maintaining residential buildings. To ensure the security...

Scenario 3: Rebuildy is a construction company located in Bangkok.. Thailand, that specializes in designing, building, and maintaining residential buildings. To ensure the security...

Scenario 4: Branding is a marketing company that works with some of the most famous companies in the US. To reduce internal costs. Branding has outsourced the software development...

Scenario 4: Branding is a marketing company that works with some of the most famous companies in the US. To reduce internal costs. Branding has outsourced the software development...

Scenario 4: Branding is a marketing company that works with some of the most famous companies in the US. To reduce internal costs. Branding has outsourced the software development...

Scenario 4: Branding is a marketing company that works with some of the most famous companies in the US. To reduce internal costs. Branding has outsourced the software development...

Scenario 4: Branding is a marketing company that works with some of the most famous companies in the US. To reduce internal costs. Branding has outsourced the software development...

Prior to initiating the audit activities, the auditors considered the auditee's context, critical processes, and expectations. Which auditing principle has been applied?

What is the main difference between qualitative and quantitative evidence?