Free PECB ISO-IEC-27001-Lead-Auditor Exam Questions

Become PECB Certified with updated ISO-IEC-27001-Lead-Auditor exam questions and correct answers

Page: 1 / 71

Total 353 Questions | Updated On: Feb 19, 2025

Add To Cart

Question 1

Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this?

A : cial engineering threat

B : ganisational threat

C : chnical threat

D : lware threat

Answer: A

Question 2

Which one option best describes the purpose of retaining documented information related to the Information Security Management System (ISMS) of an organisation?

A : To ensure that all workers will follow the established procedure.

B : To show compliance with legal requirements.

C : To show objective evidence to third-party auditors.

D : To the extent necessary, to have confidence that the processes have been carried out as planned.

Answer: D

Question 3

The auditor should consider (1)-------when determining the (2)--------

A : (1) Standard requirements. (2) audit criteria

B : (1) Audit risks, (2) audit objectives

C : (1) Penalties related to legal noncompliance, (2) materiality

Answer: B

Question 4

An external auditor received an offer to conduct an ISMS audit at a research development company. Before accepting it, they discussed with the internal auditor of the auditee, who was their friend, about previous audit reports. Is this acceptable?

A : No, the external auditor should discuss about the auditee's previous audit reports only with the certification body

B : Yes, the auditor can review and discuss the previous audit reports before accepting an audit mandate

C : No, the auditor should uphold objectivity even when deciding whether to accept the audit mandate or not

Answer: C

Question 5

You are an experienced ISMS audit team leader who is currently conducting a third party initial certification

audit of a new client, using ISO/IEC 27001:2022 as your criteria.

It is the afternoon of the second day of a 2-day audit, and you are just about to start writing your audit report.

So far no nonconformities have been identified and you and your team have been impressed with both the site

and the organisation's ISMS.

At this point, a member of your team approaches you and tells you that she has been unable to complete her

assessment of leadership and commitment as she has spent too long reviewing the planning of changes.

Which one of the following actions will you take in response to this information?

A : Apologise to the client and tell them you will return at a later date to review leadership and commitment.

B : Suggest to the client that if they are prepared to upgrade your return flight to first class you will audit leadership and commitment in your own time tomorrow.

C : Advise the auditee and audit client that it is not possible to make a positive recommendation at this point.

D : Advise the auditee that the certification audit will need to be terminated and rescheduled.

E : Contact the individual managing the audit programme and seek their permission to record a positive recommendation in the audit report

F : Contact your head office and await their further instructions of how to proceed.

G : Given there have been no nonconformities identified and the overall impression of the organisation has been a good one, record a positive recommendation for certification in the audit report.

H : Review the audit plan and client availabilities to determine whether there is any opportunity for another member of your team to pick up this task before the closing meeting.

Answer: C

Page: 1 / 71

Total 353 Questions | Updated On: Feb 19, 2025

Add To Cart