ISO-IEC-27001 Lead Auditor exam

DRAG DROP You are an experienced ISMS audit team leader, talking to an Auditor in training who has been assigned to your audit team. You want to ensure that they understand the importance of the Check stage of the Plan-Do-Check-Act cycle in respect of the operation of the information security...

CMM stands for?A . Capability Maturity MatrixB . Capacity Maturity MatrixC . Capability Maturity ModelD . Capable Mature ModelView AnswerAnswer: C Explanation: Capability Maturity Model (CMM) is a framework that describes the key elements of an effective software process. It defines five levels of maturity for software development organizations, from...

During a third-party certification audit you are presented with a list of issues by an auditee. Which four of the following constitute 'external' issues in the context of a management system to ISO/IEC 27001:2022?A . A rise in interest rates in response to high inflationB . A reduction in grants...

What is the standard definition of ISMS?A . Is an information security systematic approach to achieve business objectives for implementation, establishing, reviewing,operating and maintaining organization's reputation.B . A company wide business objectives to achieve information security awareness for establishing, implementing, operating, monitoring, reviewing, maintaining and improvingC . A project-based approach...

The following are definitions of Information, except:A . accurate and timely dataB . specific and organized data for a purposeC . mature and measurable dataD . can lead to understanding and decrease in uncertaintyView AnswerAnswer: C Explanation: The definition of information that is not correct is C: mature and measurable...

Information or data that are classified as ______ do not require labeling.A . PublicB . InternalC . ConfidentialD . Highly ConfidentialView AnswerAnswer: A Explanation: Information or data that are classified as public do not require labeling. Public information or data are those that are intended for general disclosure and have...

Which two of the following actions are the individual(s) managing the audit programme responsible for?A . Determining the resources necessary for the audit programmeB . Communicating with the auditee during the auditC . Determining the legal requirements applicable to each auditD . Keping informed the accreditation body on the progress...

You are an experienced ISMS auditor, currently providing support to an ISMS auditor in training who is carrying out her first initial certification audit. She asks you what she should be verifying when auditing an organisation's Information Security objectives. You ask her what she has included in her audit checklist...

Which is not a requirement of HR prior to hiring?A . Undergo background verificationB . Applicant must complete pre-employment documentation requirementsC . Must undergo Awareness training on information security.D . Must successfully pass Background InvestigationView AnswerAnswer: C Explanation: According to ISO/IEC 27001:2022, clause 7.2.2, the organization shall ensure that all...

Select two options that describe an advantage of using a checklist.A . Using the same checklist for every audit without reviewB . Restricting interviews to nominated partiesC . Ensuring relevant audit trails are followedD . Ensuring the audit plan is implementedE . Reducing audit durationF . Not varying from the...