PECB
LEAD-AUDITOR · Question #63
LEAD-AUDITOR Question #63: Real Exam Question with Answer & Explanation
Sign in or unlock LEAD-AUDITOR to reveal the answer and full explanation for question #63. The question stem and answer options stay visible for context.
Question
You are an experienced ISMS audit team leader. During the conducting of a third-party surveillance audit, you decide to test your auditee's knowledge of ISO/IEC 27001's risk management requirements. You ask her a series of questions to which the answer is either 'that is true' or 'that is false'. Which four of the following should she answer 'that is true'?
Options
- AThe results of risk assessments must be maintained
- BRisk identification is used to determine the severity of an information security risk
- CISO/IEC 27001 provides an outline approach for the management of risk
- DThe organisation must produce a risk treatment plan for every business risk identified
- EThe organisation must operate a risk treatment process to eliminate it's information security risks
- FThe initial phase in an organisation's risk management process should be information security risk
- GRisks assessments should be undertaken at monthly intervals
- HRisk assessments should be undertaken following significant changes
Unlock LEAD-AUDITOR to see the answer
You've previewed enough free LEAD-AUDITOR questions. Unlock LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.