PECB
LEAD-AUDITOR · Question #157
LEAD-AUDITOR Question #157: Real Exam Question with Answer & Explanation
Sign in or unlock LEAD-AUDITOR to reveal the answer and full explanation for question #157. The question stem and answer options stay visible for context.
Question
As the Information Security Management System audit team leader, you are conducting a second- party audit of an international logistics company on behalf of an online retailer. During the audit, one of your team members reports a nonconformity relating to control 5.18 (Access rights) of Appendix A of ISO/IEC 27001:2022. She found evidence that removing the server access protocols of 20 people who left in the last 3 months took up to 1 week whereas the policy required removing access within 24 hours of their departure. When the auditee was asked why there was a delay in removing access they replied, 'no one was available in the IT department during that period as a result of COVID-19. As soon as an IT officer became available the rights were removed. You note that she intends to raise a minor non-conformity against Access rights control (5.18). How should you respond to this?
Options
- AAgree with the raising of a minor non-conformity but against control 5.15, not 5.18.
- BAgree with the raising of the minor non-conformity against 5.18.
- CDisagree with the raising of a minor conformity as appropriate action was taken at the earliest
- DDisagree with the raising of the minor nonconformity as appropriate action was taken at the
- EDisagree with the raising of the minor nonconformity, there is sufficient evidence to justify an
- FRequire additional audit evidence to be obtained before determining whether a non-conformity is
Unlock LEAD-AUDITOR to see the answer
You've previewed enough free LEAD-AUDITOR questions. Unlock LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.