nerdexam
PECB

LEAD-AUDITOR · Question #305

LEAD-AUDITOR Question #305: Real Exam Question with Answer & Explanation

The correct answer is C. The information security policy lacks reference to continual ISMS improvement. A missing reference to continual improvement is a documentation issue, not an immediate security risk, making it a minor nonconformity.

Question

Which of the following can be considered a minor nonconformity?

Options

  • AEmployees lack training to recognize phishing attempts, increasing malware risks
  • BLack of multi-factor authentication leaves accounts vulnerable to unauthorized access
  • CThe information security policy lacks reference to continual ISMS improvement

Explanation

A missing reference to continual improvement is a documentation issue, not an immediate security risk, making it a minor nonconformity.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full LEAD-AUDITOR Practice