ISO-IEC-27001-Lead-Implementer Exam Dumps - PECB Certified ISO/IEC 27001 : 2022 Lead Implementer exam

Go to page:

<< First
Prev
1
2
3
4
5
6
7
Next
Last >>

Question # 4

Scenario 10: NetworkFuse develops, manufactures, and sells network hardware. The company has had an operational information security management system (ISMS) based on ISO/IEC 27001 requirements and a quality management system (QMS) based on ISO 9001 for approximately two years. Recently, it has applied for a j^ombined certification audit in order to obtain certification against ISO/IEC 27001 and ISO 9001.

After selecting the certification body, NetworkFuse prepared the employees for the audit The company decided to not conduct a self-evaluation before the audit since, according to the top management, it was not necessary. In addition, it ensured the availability of documented information, including internal audit reports and management reviews, technologies in place, and the general operations of the ISMS and the QMS. However, the company requested from the certification body that the documentation could not be carried off-site

However, the audit was not performed within the scheduled days because NetworkFuse rejected the audit team leader assigned and requested their replacement The company asserted that the same audit team leader issued a recommendation for certification to its main competitor, which, for the company's top management, was a potential conflict of interest. The request was not accepted by the certification body

According to scenario 10, NetworkFuse requested from the certification body to review all the documentation only on-site. Is this acceptable?

Yes, the auditee may request that the review of the documentation takes place on-site

Yes, only if a confidentiality agreement is formerly signed by the audit team

No, the certification body decides whether the documentation review takes place on-site or off-site

Full Access

Question # 5

According to ISO/IEC 270G1. why shall organizations document nonconformities?

To provide evidence of the requirements set by internal audit after reviewing their audit reports

To provide evidence of the results of the corrective actions and the nature of the nonconformities

To provide evidence of regulations set by external sources that need to be followed by the organization

Full Access

Question # 6

Who should be involved, among others, in the draft, review, and validation of information security procedures?

An external expert

The information security committee

The employees in charge of ISMS operation

Full Access

Question # 7

Which of the following processes may involve increasing risk in order to pursue an opportunity?

Risk analysis

Risk treatment

Risk identification

Full Access

Question # 8

Invalid Electric, a manufacturer of electrical components, is preparing for its upcoming ISO 27001 certification audit. This is the first time the company has undergone such an audit, and many of its employees are not familiar with the process. The management team is concerned that employees may not be adequately prepared for interviews and the scrutiny of documentation during the audit.

To ensure that employees are ready for the audit, the management team is considering several options to help them understand what to expect and how to handle the auditor's questions confidently.

How can Invalid Electric's ensure that Us employees are prepared for the audit?

By conducting practice Interviews with the employees

By allowing the employees to observe the technologies used

By showing the employees the internal audit reports so they can anticipate the questions asked by the auditor

Full Access

Go to page: