LEAD-AUDITOR Exam Questions

You are an experienced ISMS audit team leader conducting a third-party surveillance audit of an internet services provider. You are reviewing the organization's risk assessment pro...

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident ma...

You are carrying out your first third-party ISMS surveillance audit as an Audit Team Leader. You are presently in the auditee's data centre with another member of your audit team....

You are an ISMS audit team leader assigned by your certification body to carry out a follow-up audit of a Data Centre client. According to ISO 19011:2018, the purpose of a follow-u...

You are an experienced ISMS audit team leader guiding an auditor in training. She asks you about the grading of nonconformities in audit reports. You decide to test her knowledge b...

Which two of the following are valid audit conclusions?

You are the audit team leader conducting a third-party audit of an online insurance organisation. During Stage 1, you found that the organisation took a very cautious risk approach...

Which one of the following options is the definition of the context of an organisation?

Which two of the following phrases would apply to "audit objectives"?

Auditor competence is a combination of knowledge and skills. Which two of the following activities are predominately related to "knowledge"?

Review the following statements and determine which two are false:

You are an experienced audit team leader conducting a third-party surveillance audit of an organisation that designs websites for its clients. You are currently reviewing the organ...

You are an experienced ISMS audit team leader providing guidance to an auditor in training. The auditor in training appears to be confused about the interpretation of competence in...

You are an experienced ISMS audit team leader. You are providing an introduction to ISO/IEC 27001:2022 to a class of Quality Management System Auditors who are seeking to retrain t...

You are conducting a third-party surveillance audit when another member of the audit team approaches you seeking clarification. They have been asked to assess the organisation's ap...

You are an ISMS audit team leader preparing to chair a closing meeting following a third-party surveillance audit. You are drafting a closing meeting agenda setting out the topics...

Which four of the following statements about audit reports are true?

Auditors should have certain knowledge and skills; while audit team leaders should have some additional knowledge and skills. From the following list, select two that only apply to...

An auditor of organisation A performs an audit of supplier B. Which two of the following actions is likely to represent a breach of confidentiality by the auditor after having iden...

Which two of the following options for information are not required for audit planning of a certification audit?

You are carrying out a third-party surveillance audit of a client's ISMS. You are currently in the secure storage area of the data centre where the organisation's customers are abl...

Which one of the following options best describes the main purpose of a Stage 2 third-party audit?

Which two of the following statements are true?

An audit finding is the result of the evaluation of the collected audit evidence against audit criteria. Evaluate the following potential formats of audit evidence and select the t...

Which two of the following standards are used as ISMS third-party certification audit criteria?

You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services. The next step in your audit plan is to verify the information security...

You are conducting a third-party surveillance audit when another member of the audit team approaches you seeking clarification. They have been asked to assess the organisation's ap...

You are carrying out your first third-party ISMS surveillance audit as an audit team leader. You are presently in the auditee's data centre with another member of your audit team a...

You are an ISMS audit team leader tasked with conducting a follow-up audit at a client's data centre. Following two days on-site you conclude that of the original 12 minor and 1 ma...

After completing Stage 1 and in preparation for a Stage 2 initial certification audit, the auditee informs the audit team leader that they wish to extend the audit scope to include...

Review the following statements and determine which two are false:

You are performing an ISMS audit at a residential nursing home (ABC) that provides healthcare services. The next step in your audit plan is to verify the information security of AB...

You are an experienced audit team leader guiding an auditor in training. Your team is currently conducting a third-party surveillance audit of an organisation that stores data on b...

An audit team leader is planning a follow-up audit after the completion of a third-party surveillance audit earlier in the year. They have decided they will verify the nonconformit...

Which two options are benefits of third-party accredited certification of information security management systems to ISO/IEC 27001:2022 for organisations and interested parties?

An organisation has ISO/IEC 27001 Information Security Management System (ISMS) certification from a third-party certification body. Which one of the following represents an advant...

Which one option best describes the purpose of retaining documented information related to the Information Security Management System (ISMS) of an organisation?

In the context of a third-party certification audit, it is very important to have effective communication. Select an option that contains the correct answer about communication in...

Which one of the following options best describes the purpose of a Stage 2 audit?

In the context of a third-party certification audit, which two options state the management responsibilities of the audit team leader in managing the audit and the audit team?

Which one of the following conclusions in the audit report is not required by the certification body when deciding to grant certification?

You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services. You find all nursing home residents wear an electronic wristband for mo...

You are an experienced audit team leader guiding an auditor in training. Your team is currently conducting a third-party surveillance audit of an organisation that stores data on b...

You are an experienced audit team leader guiding an auditor in training. Your team is currently conducting a third-party surveillance audit of an organisation that stores data on b...

The data centre at which you work is currently seeking ISO/IEC27001:2022 certification. In preparation for your initial certification visit, several internal audits have been carri...

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident ma...

You are an experience ISMS audit team leader carrying out a third-party certification audit of an organization specialising in the secure disposal of confidential documents and rem...

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security of the busi...

You are conducting an Information Security Management System audit in the despatch department of an international logistics organisation that provides shipping services to large or...

Select the option which best describes how Information Security Management System audits should be conducted: