LEAD-AUDITOR Exam Questions

The purpose of a management system audit is to? Select 1

When preparing for an audit, which of the following statements is false?

You are an ISMS auditor conducting a third-party surveillance audit of a telecom's provider. You are in the equipment staging room where network switches are pre-programmed before...

You are carrying out your first third-party ISMS surveillance audit as an audit team leader. You are presently in the auditee's data centre with another member of your audit team a...

You are an experienced ISMS auditor conducting a third-party surveillance audit at an organisation which offers ICT reclamation services. ICT equipment which companies no longer re...

You are an experienced ISMS audit team leader. You are currently conducting a third-party surveillance audit of an international haulage organisation. You have sampled four interna...

As the Information Security Management System audit team leader, you are conducting a second- party audit of an international logistics company on behalf of an online retailer. Dur...

Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in 1999 by Thomas Fin in San Jose, California, Fintive offers service...

Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in 1999 by Thomas Fin in San Jose, California, Fintive offers service...

Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in 1999 by Thomas Fin in San Jose, California, Fintive offers service...

Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in 1999 by Thomas Fin in San Jose, California, Fintive offers service...

Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in 1999 by Thomas Fin in San Jose, California, Fintive offers service...

Which situation presented below represents a threat?

An organization does not check the source code of the updated version of an application when it is updated automatically. Thus, the application may be open to unauthorized modifica...

A telecommunications company uses the AES method for ensuring that confidential information is protected. This means that they use a single key to encrypt and decrypt the informati...

You received an email requiring you to send information such as name, email, and password in order to continue using your email account. If you do not send such information, your e...

Which statement below best describes the relationship between information security aspects?

Which of the options below is a control related to the management of personnel that aims to avoid the occurrence of incidents?

A data processing tool crashed when a user added more data in the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound check arrays. Wh...

PayBell, a finance corporation, is using an accounting software to track financial transactions. The software can be accessed from anywhere with an internet connection. It also ena...

Scenario 2: Knight is an electronics company from Northern California, US that develops video game consoles. Knight has more than 300 employees worldwide. On the fifth anniversary...

Scenario 2: Knight is an electronics company from Northern California, US that develops video game consoles. Knight has more than 300 employees worldwide. On the fifth anniversary...

Scenario 2: Knight is an electronics company from Northern California, US that develops video game consoles. Knight has more than 300 employees worldwide. On the fifth anniversary...

Scenario 2: Knight is an electronics company from Northern California, US that develops video game consoles. Knight has more than 300 employees worldwide. On the fifth anniversary...

Scenario 2: Knight is an electronics company from Northern California, US that develops video game consoles. Knight has more than 300 employees worldwide. On the fifth anniversary...

A marketing agency has developed its own risk assessment approach as part of the ISMS implementation. Is this acceptable?

ISMS (1)---------------helps determine (2)--------------,

Which option below about the ISMS scope is correct?

Scenario 3: NightCore is a multinational technology company based in the United States that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence....

Scenario 3: NightCore is a multinational technology company based in the United States that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence....

Scenario 3: NightCore is a multinational technology company based in the United States that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence....

Scenario 3: NightCore is a multinational technology company based in the United States that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence....

Scenario 3: NightCore is a multinational technology company based in the United States that focuses on e-commerce, cloud computing, digital streaming, and artificial intelligence....

Scenario 4: SendPay is a financial company that provides its services through a network of agents and financial institutions. One of their main services is transferring money world...

Scenario 4: SendPay is a financial company that provides its services through a network of agents and financial institutions. One of their main services is transferring money world...

Scenario 4: SendPay is a financial company that provides its services through a network of agents and financial institutions. One of their main services is transferring money world...

Scenario 4: SendPay is a financial company that provides its services through a network of agents and financial institutions. One of their main services is transferring money world...

Scenario 4: SendPay is a financial company that provides its services through a network of agents and financial institutions. One of their main services is transferring money world...

Which is an example of a qualitative evidence?

Finnco, a subsidiary of a certification body, provided ISMS consultancy services to an organization. Considering this scenario, when can the certification body certify the organiza...

Which option below is NOT a role of the audit team leader?

How does the use of new technologies such as big data impact auditing?

Scenario 5: Data Grid Inc. is a well-known company that delivers security services across the entire information technology infrastructure. It provides cybersecurity software, incl...

Scenario 5: Data Grid Inc. is a well-known company that delivers security services across the entire information technology infrastructure. It provides cybersecurity software, incl...

Scenario 5: Data Grid Inc. is a well-known company that delivers security services across the entire information technology infrastructure. It provides cybersecurity software, incl...

Scenario 5: Data Grid Inc. is a well-known company that delivers security services across the entire information technology infrastructure. It provides cybersecurity software, incl...

Scenario 5: Data Grid Inc. is a well-known company that delivers security services across the entire information technology infrastructure. It provides cybersecurity software, incl...

The auditor was unable to identify that Company A hid their insecure network architecture. What type of audit risk is this?

Costs related to nonconformities and failures to comply with legal and contractual requirements are assessed when defining:

AppFolk, a software development company, is seeking certification against ISO/IEC 27001. In the initial phases of the external audit, the certification body in discussion with the...