ISO-IEC-27001 Lead Auditor V2

DRAG DROP You have just completed a scheduled information security audit of your organisation when the IT Manager approaches you and asks for your assistance in the revision of the company's risk management process. He is attempting to update the current documentation to make it easier for other managers to...

Which two of the following statements are true?A . The role of a certification body auditor involves evaluating the organisation's processes for ensuring compliance with their legal requirementsB . Curing a third-party audit, the auditor evaluates how the organisation ensures that 4 6 made aware of changes to the legal...

Which of the following is not a type of Information Security attack?A . Legal IncidentsB . Vehicular IncidentsC . Technical VulnerabilitiesD . Privacy IncidentsView AnswerAnswer: B Explanation: Vehicular incidents are not a type of information security attack. A vehicular incident is an event that involves a vehicle or its driver...

You are an experienced ISMS audit team leader. During the conducting of a third-party surveillance audit, you decide to test your auditee's knowledge of ISO/IEC 27001's risk management requirements. You ask her a series of questions to which the answer is either 'that is true' or 'that is false'. Which...

You are performing an ISMS initial certification audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to conduct the closing meeting. During the final audit team meeting, as an audit team leader, you agree to report 2 minor nonconformities and 1...

Objectives, criteria, and scope are critical features of a third-party ISMS audit. Which two issues are audit objectives?A . Evaluate customer processes and functionsB . Assess conformity with ISO/IEC 27001 requirementsC . Fulfil the audit planD . Confirm sites operating the ISMSE . Determine the scope of the ISMSF ....

You are an experienced ISMS audit team leader guiding an auditor in training. Your team has just completed a third-party surveillance audit of a mobile telecom provider. The auditor in training asks you how you intend to prepare for the Closing meeting. Which four of the following are appropriate responses?A...

Which two of the following statements are true?A . The benefits of implementing an ISMS primarily result from a reduction in information security risksB . The benefit of certifying an ISMS is to obtain contracts from governmental institutionsC . The purpose of an ISMS is to apply a risk management...

You are conducting an ISMS audit in the despatch department of an international logistics organisation that provides shipping services to large organisations including local hospitals and government offices. Parcels typically contain pharmaceutical products, biological samples, and documents such as passports and driving licences. You note that the company records show...

During a Stage 1 audit opening meeting, the Management System Representative (MSR) asks to extend the audit scope to include a new site overseas which they have expanded into since the certification application was made. Select two options for how the auditor should respond. A. Advise the MSR that an...