PECB
LEAD-AUDITOR · Question #101
LEAD-AUDITOR Question #101: Real Exam Question with Answer & Explanation
Sign in or unlock LEAD-AUDITOR to reveal the answer and full explanation for question #101. The question stem and answer options stay visible for context.
Question
You are an experienced ISMS audit team leader conducting a third-party surveillance audit of an internet services provider. You are reviewing the organization's risk assessment processes for conformity with ISO/IEC 27001:2022. Which three of the following audit findings would prompt you to raise a nonconformity report?
Options
- ABoth systems contain additional information security risks which are not associated with preserving
- BThe organisation is treating information security risks in the order in which they are identified
- CThe organisation's information security risk assessment process suggests each risk is allocated a
- DThe organisation has not used RAG (Red, Amber, Green) to classify its' information security risks.
- EThe organisation's risk assessment criteria have not been reviewed and approved by top
- FThe organisation's information security risk assessment process is based solely on an assessment
- GThe organisation has assessed the probability of all of its information security risks as either 0%,
- HThere is a different system in place for assessing operational information security risks and for
Unlock LEAD-AUDITOR to see the answer
You've previewed enough free LEAD-AUDITOR questions. Unlock LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.