PECB
LEAD-AUDITOR · Question #126
LEAD-AUDITOR Question #126: Real Exam Question with Answer & Explanation
Sign in or unlock LEAD-AUDITOR to reveal the answer and full explanation for question #126. The question stem and answer options stay visible for context.
Question
You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services. The next step in your audit plan is to verify the information security of ABC's healthcare mobile app development, support, and lifecycle process. During the audit, you learned the organisation outsourced the mobile app development to a professional software development organisation with CMMI Level 5, ITSM (ISO/IEC 20000-1), BCMS (ISO 22301) and ISMS (ISO/IEC 27001) certified. The IT Manager presents the software security management procedure and summarises the process as follows: The mobile app development shall adopt "security-by-design" and "security-by-default" principles, as a minimum. The following security functions for personal data protection shall be available: Access control. Personal data encryption, i.e., Advanced Encryption Standard (AES) algorithm, key lengths: 256 bits; and Personal data pseudonymization. Vulnerability checked and no security backdoor You sample the latest Mobile App Test report - Reference ID: 0098, details as follows: You would like to investigate other areas further to collect more audit evidence. Select three options that will not be in your audit trail.
Exhibit
Options
- ACollect more evidence on how much residents' family members pay to install ABC's healthcare
- BCollect more evidence by downloading and testing the mobile app on your phone. (Relevant to
- CCollect more evidence to determine the number of users of ABC's healthcare mobile app. (relevant
- DCollect more evidence on how the organisation performs testing of personal data handling.
- ECollect more evidence on the organisation's business continuity policy. (Relevant to control A.5.30)
- FCollect more evidence on how the organisation manages information security in the selection of an
- GCollect more evidence on how the developer trains its product support personnel. (Relevant to
- HCollect more evidence to verify the developer's CMMI Level 5, ITSM (ISO/IEC 20000-1), BCMS
Unlock LEAD-AUDITOR to see the answer
You've previewed enough free LEAD-AUDITOR questions. Unlock LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.