nerdexam
PECB

LEAD-AUDITOR · Question #14

LEAD-AUDITOR Question #14: Real Exam Question with Answer & Explanation

The correct answer is A. Employees with a business need-to-know. According to ISO/IEC 27001:2022, clause 8.2.1, the organization shall ensure that access to information and information processing facilities is limited to authorized users based on the access control policy and in accordance with the business requirements of access control2. The

Question

Who are allowed to access highly confidential files?

Options

  • AEmployees with a business need-to-know
  • BContractors with a business need-to-know
  • CEmployees with signed NDA have a business need-to-know
  • DNon-employees designated with approved access and have signed NDA

Explanation

According to ISO/IEC 27001:2022, clause 8.2.1, the organization shall ensure that access to information and information processing facilities is limited to authorized users based on the access control policy and in accordance with the business requirements of access control2. Therefore, only employees with a business need-to-know are allowed to access highly confidential files, and not contractors, non- employees or employees with signed NDA.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full LEAD-AUDITOR Practice