PECB
LEAD-AUDITOR · Question #245
LEAD-AUDITOR Question #245: Real Exam Question with Answer & Explanation
Sign in or unlock LEAD-AUDITOR to reveal the answer and full explanation for question #245. The question stem and answer options stay visible for context.
Question
You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident management process. The IT Security Manager presents the information security incident management procedure and explains that the process is based on ISO/IEC 27035-1:2016. You review the document and notice a statement "any information security weakness, event, and incident should be reported to the Point of Contact (PoC) within 1 hour after identification". When interviewing staff, you found that there were differences in the understanding of the meaning of "weakness, event, and incident". You sample incident report records from the event tracking system for the last 6 months with summarized results in the following table. You would like to further investigate other areas to collect more audit evidence. Select two options that will not be in your audit trail.
Exhibit
Options
- ACollect more evidence by interviewing more staff about their understanding of the reporting
- BCollect more evidence on how and when the company pays the ransom fee to unlock the
- CCollect more evidence on how and when the Human Resources manager pays the ransom fee to
- DCollect more evidence on how the organisation determined the incident recovery time. (Relevant to
- ECollect more evidence on how the organization determined no further action was needed after the
- FCollect more evidence on the incident recovery procedures. (Relevant to control A.5.26)
Unlock LEAD-AUDITOR to see the answer
You've previewed enough free LEAD-AUDITOR questions. Unlock LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.