- All Exams Instant Download
Based on the scenario above which one of the following actions would you now take?
You are carrying out your first third-party ISMS surveillance audit as an Audit Team Leader. You are presently in the auditee's data centre with another member of your audit team. You are currently in a large room that is subdivided into several smaller rooms, each of which has a numeric...
Who are allowed to access highly confidential files?
Who are allowed to access highly confidential files? A. Employees with a business need-to-know B. Contractors with a business need-to-know C. Employees with signed NDA have a business need-to-know D. Non-employees designated with approved access and have signed NDAView AnswerAnswer: A Explanation: According to ISO/IEC 27001:2022, clause 8.2.1, the organization...
You are an experienced ISMS audit team leader. An auditor in training has approached you to ask you to clarify the different types of audits she may be required to undertake. Match the following audit types to the descriptions
DRAG DROP You are an experienced ISMS audit team leader. An auditor in training has approached you to ask you to clarify the different types of audits she may be required to undertake. Match the following audit types to the descriptions. To complete the table click on the blank section...
What is we do in ACT - From PDCA cycle
What is we do in ACT - From PDCA cycleA . Take actions to continually monitor process performanceB . Take actions to continually improve process performanceC . Take actions to continually monitor process performanceD . Take actions to continually improve people performanceView AnswerAnswer: B Explanation: In the Act phase of...
Phishing is what type of Information Security Incident?
Phishing is what type of Information Security Incident? A. Private Incidents B. Cracker/Hacker Attacks C. Technical Vulnerabilities D. Legal IncidentsView AnswerAnswer: B Explanation: Phishing is a type of information security incident that falls under the category of cracker/hacker attacks. Phishing is a form of fraud that uses deceptive emails or...
Implement plan on a test basis - this comes under which section of PDCA
Implement plan on a test basis - this comes under which section of PDCAA . PlanB . DoC . ActD . CheckView AnswerAnswer: B Explanation: The PDCA cycle is a four-step method for managing and improving processes. The steps are Plan, Do, Check, and Act. In the Plan phase, the...
Which three of the following options represent valid audit trails?
You are conducting a third-party surveillance audit when another member of the audit team approaches you seeking clarification. They have been asked to assess the organisation's application of control 5.7 - Threat Intelligence. They are aware that this is one of the new controls introduced in the 2022 edition of...
Which one of the following options best describes the main purpose of a Stage 1 third-party audit?
Which one of the following options best describes the main purpose of a Stage 1 third-party audit?A . To introduce the audit team to the clientB . To learn about the organisation's procurementC . To determine redness for a stage 2 auditD . To check for legal compliance by the...
The following are the guidelines to protect your password, except:
The following are the guidelines to protect your password, except:A . Don't use the same password for various company system security accessB . Do not share passwords with anyoneC . For easy recall, use the same password for company and personal accountsD . Change a temporary password on first log-onView...
Which six of the following would cause you concern in respect of conformity to ISO/IEC 27001:2022 requirements?
The data center at which you work is currently seeking ISO/IEC27001:2022 certification. In preparation for your initial certification visit a number of internal audits have been carried out by a colleague working at another data centre within your Group. They secured their ISO/IEC 27001:2022 certificate earlier in the year. You...
