Question 1

You are an experienced ISMS audit team leader who is currently conducting a third party initial certification

audit of a new client, using ISO/IEC 27001:2022 as your criteria.

It is the afternoon of the second day of a 2-day audit, and you are just about to start writing your audit report.

So far no nonconformities have been identified and you and your team have been impressed with both the site

and the organisation's ISMS.

At this point, a member of your team approaches you and tells you that she has been unable to complete her

assessment of leadership and commitment as she has spent too long reviewing the planning of changes.

Which one of the following actions will you take in response to this information?

Options :

A : Apologise to the client and tell them you will return at a later date to review leadership and commitment.

B :

Suggest to the client that if they are prepared to upgrade your return flight to first class you will audit leadership and commitment in your own time tomorrow.

C :

Advise the auditee and audit client that it is not possible to make a positive recommendation at this point.

D : Advise the auditee that the certification audit will need to be terminated and rescheduled.

E :

Contact the individual managing the audit programme and seek their permission to record a positive recommendation in the audit report

F : Contact your head office and await their further instructions of how to proceed.

G :

Given there have been no nonconformities identified and the overall impression of the organisation has been a good one, record a positive recommendation for certification in the audit report.

H :

Review the audit plan and client availabilities to determine whether there is any opportunity for another member of your team to pick up this task before the closing meeting.

Answer: C

Question 2

Which one of the following options is the definition of an interested party?

Options :

A :

A third party can appeal to an organisation when it perceives itself to be affected by a decision or activity

B :

A person or organisation that can affect, be affected by or perceive itself to be affected by a decision or activity

C :

A group or organisation that can interfere in or perceive itself to be interfered with by a management decision

D :

An individual or organisation that can control, be controlled by, or perceive itself to be controlled by a decision or activity

Answer: B

Question 3

PayBell, a finance corporation, is using an accounting software to track financial transactions. The software can be accessed from anywhere with an internet connection. It also enables PayBell's employees to easily collaborate with each other to ensure accurate financial reporting. What type of services is PayBell using?

Options :

A : Machine learning

B : Cloud computing

C : Artificial intelligence

Answer: B

Question 4

You are an experienced audit team leader conducting a third-party surveillance audit of an organisation that

designs websites for its clients. You are currently reviewing the organisation's Statement of Applicability.

Based on the requirements of ISO/IEC 27001, which two of the following observations about the Statement of

Applicability are true?

Options :

A :

Justification for both the inclusion and exclusion of Annex A controls in the Statement of Applicability is required

B : The Statement of Applicability is owned and amended by the organisation-s top management

C : The Statement of Applicability must be reviewed at least annually

D : A Statement of Applicability must be produced by organisations seeking ISO/IEC 27001 conformity

E : Justification is only required for any controls that the organisations choses to exclude

F : The Statement of Applicability must be reviewed at Management Review

Answer: A,D

Question 5

Information or data that are classified as ______ do not require labeling.

Options :

A : Public

B : Internal

C : Confidential

D : Highly Confidential

Answer: A

Higher Test Marks with Free Online ISO-IEC-27001-Lead-Auditor Exam Practice

Buying Options: