- Home
- PECB
- PECB Certified ISO/IEC 27001 Lead Auditor exam
- PECB.ISO-IEC-27001-Lead-Auditor.v2024-06-06.q91
- Question 41
Valid ISO-IEC-27001-Lead-Auditor Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Auditor Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Auditor exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Auditor exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Auditor dumps with Test Engine here:
Access ISO-IEC-27001-Lead-Auditor Dumps Premium Version
(368 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 41/91
You are carrying out your first third-party ISMS surveillance audit as an Audit Team Leader. You are presently in the auditee's data centre with another member of your audit team.
You are currently in a large room that is subdivided into several smaller rooms, each of which has a numeric combination lock and swipe card reader on the door. You notice two external contractors using a swipe card and combination number provided by the centre's reception desk to gain access to a client's suite to carry out authorised electrical repairs.
You go to reception and ask to see the door access record for the client's suite. This indicates only one card was swiped. You ask the receptionist and they reply, "yes it's a common problem. We ask everyone to swipe their cards but with contractors especially, one tends to swipe and the rest simply 'tailgate' their way in" but we know who they are from the reception sign-in.
Based on the scenario above which one of the following actions would you now take?
You are currently in a large room that is subdivided into several smaller rooms, each of which has a numeric combination lock and swipe card reader on the door. You notice two external contractors using a swipe card and combination number provided by the centre's reception desk to gain access to a client's suite to carry out authorised electrical repairs.
You go to reception and ask to see the door access record for the client's suite. This indicates only one card was swiped. You ask the receptionist and they reply, "yes it's a common problem. We ask everyone to swipe their cards but with contractors especially, one tends to swipe and the rest simply 'tailgate' their way in" but we know who they are from the reception sign-in.
Based on the scenario above which one of the following actions would you now take?
Correct Answer: B
The best action to take in this scenario is to determine whether any additional effective arrangements are in place to verify individual access to secure areas, such as CCTV. This action is consistent with the audit principle of evidence-based approach, which requires the auditor to obtain sufficient and appropriate audit evidence to support the audit findings and conclusions1. By verifying the existence and effectiveness of other security controls, the auditor can assess the extent and impact of the nonconformity observed, and determine the appropriate audit finding and recommendation.
The other options are not the best actions to take in this scenario, because they are either premature or inappropriate. For example:
*Option A is inappropriate, because it is not the auditor's role to suggest specific solutions or improvements to the auditee, but rather to report the audit findings and recommendations based on the audit criteria and objectives2. A large sign in reception may not be an effective or feasible solution to address the issue of tailgating, and it may not reflect the root cause of the problem.
*Option C is premature, because it assumes that the control A.7.1 'security perimeters' is not adequately implemented, without verifying the existence and effectiveness of other security controls that may compensate for the observed nonconformity. The auditor should not jump to conclusions based on a single observation, but rather gather sufficient and appropriate audit evidence to support the audit finding3.
*Option D is premature, because it assumes that the control A.7.6 'working in secure areas' is not adequately implemented, without verifying the existence and effectiveness of other security controls that may compensate for the observed nonconformity. The auditor should not jump to conclusions based on a single observation, but rather gather sufficient and appropriate audit evidence to support the audit finding3.
*Option E is inappropriate, because it is not related to the observed nonconformity, which is about the access control to secure areas, not the information security requirements agreed upon with the supplier. The auditor should not raise a nonconformity based on irrelevant or incorrect audit criteria4.
*Option F is inappropriate, because it is not the auditor's role to suggest specific solutions or improvements to the auditee, but rather to report the audit findings and recommendations based on the audit criteria and objectives2. Requiring contractors to be accompanied at all times when accessing secure facilities may not be an effective or feasible solution to address the issue of tailgating, and it may not reflect the root cause of the problem.
References: 1: ISO 19011:2018, 5.2; 2: ISO 19011:2018, 6.6; 3: ISO 19011:2018, 6.2; 4: ISO 19011:2018,
6.3; : ISO 19011:2018; : ISO 19011:2018; : ISO 19011:2018; : ISO 19011:2018
The other options are not the best actions to take in this scenario, because they are either premature or inappropriate. For example:
*Option A is inappropriate, because it is not the auditor's role to suggest specific solutions or improvements to the auditee, but rather to report the audit findings and recommendations based on the audit criteria and objectives2. A large sign in reception may not be an effective or feasible solution to address the issue of tailgating, and it may not reflect the root cause of the problem.
*Option C is premature, because it assumes that the control A.7.1 'security perimeters' is not adequately implemented, without verifying the existence and effectiveness of other security controls that may compensate for the observed nonconformity. The auditor should not jump to conclusions based on a single observation, but rather gather sufficient and appropriate audit evidence to support the audit finding3.
*Option D is premature, because it assumes that the control A.7.6 'working in secure areas' is not adequately implemented, without verifying the existence and effectiveness of other security controls that may compensate for the observed nonconformity. The auditor should not jump to conclusions based on a single observation, but rather gather sufficient and appropriate audit evidence to support the audit finding3.
*Option E is inappropriate, because it is not related to the observed nonconformity, which is about the access control to secure areas, not the information security requirements agreed upon with the supplier. The auditor should not raise a nonconformity based on irrelevant or incorrect audit criteria4.
*Option F is inappropriate, because it is not the auditor's role to suggest specific solutions or improvements to the auditee, but rather to report the audit findings and recommendations based on the audit criteria and objectives2. Requiring contractors to be accompanied at all times when accessing secure facilities may not be an effective or feasible solution to address the issue of tailgating, and it may not reflect the root cause of the problem.
References: 1: ISO 19011:2018, 5.2; 2: ISO 19011:2018, 6.6; 3: ISO 19011:2018, 6.2; 4: ISO 19011:2018,
6.3; : ISO 19011:2018; : ISO 19011:2018; : ISO 19011:2018; : ISO 19011:2018
- Question List (91q)
- Question 1: You are conducting an ISMS audit. The next step in your audi...
- Question 2: The following are the guidelines to protect your password, e...
- Question 3: Which one of the following options describes the main purpos...
- Question 4: Which two of the following phrases are 'objectives' in relat...
- Question 5: You are conducting an ISMS audit in the despatch department ...
- Question 6: You are an experienced ISMS audit team leader, assisting an ...
- Question 7: You are an experienced audit team leader guiding an auditor ...
- Question 8: Select the words that best complete the sentence: (Exhibit)...
- Question 9: CEO sends a mail giving his views on the status of the compa...
- Question 10: You are performing an ISMS audit at a residential nursing ho...
- Question 11: The following options are key actions involved in a first-pa...
- Question 12: You are an ISMS audit team leader assigned by your certifica...
- Question 13: You are an experienced audit team leader guiding an auditor ...
- Question 14: Which two of the following standards are used as ISMS third-...
- Question 15: You are an ISMS audit team leader tasked with conducting a f...
- Question 16: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 17: You are conducting a third-party surveillance audit when ano...
- Question 18: Which two of the following options are an advantage of using...
- Question 19: During an opening meeting of a Stage 2 audit, the Managing D...
- Question 20: You are performing an ISMS audit at a residential nursing ho...
- Question 21: You are an experienced audit team leader guiding an auditor ...
- Question 22: You are the person responsible for managing the audit progra...
- Question 23: During discussions with the individual(s) managing the audit...
- Question 24: Which two of the following options do not participate in a f...
- Question 25: You are an ISMS audit team leader tasked with conducting a f...
- Question 26: Which two options are benefits of third-party accredited cer...
- Question 27: Select the words that best complete the sentence: (Exhibit)...
- Question 28: Which is the glue that ties the triad together...
- Question 29: You are an experienced ISMS audit team leader who is current...
- Question 30: You have a hard copy of a customer design document that you ...
- Question 31: Which two of the following are examples of audit methods tha...
- Question 32: Below is Purpose of "Integrity", which is one of the Basic C...
- Question 33: -------------------------is an asset like other important bu...
- Question 34: The audit team leader prepares the audit plan for an initial...
- Question 35: You are an ISMS auditor conducting a third-party surveillanc...
- Question 36: You receive the following mail from the IT support team: Dea...
- Question 37: You are an experienced ISMS audit team leader conducting a t...
- Question 38: The audit lifecycle describes the ISO 19011 process for cond...
- Question 39: An organisation has ISO/IEC 27001 Information Security Manag...
- Question 40: You are performing an ISMS audit at a residential nursing ho...
- Question 41: You are carrying out your first third-party ISMS surveillanc...
- Question 42: Which one of the following options is the definition of an i...
- Question 43: What is meant by the term 'Corrective Action'? Select one...
- Question 44: You are performing an ISMS audit at a residential nursing ho...
- Question 45: After completing Stage 1 and in preparation for a Stage 2 in...
- Question 46: An audit finding is the result of the evaluation of the coll...
- Question 47: You are performing an ISMS audit at a residential nursing ho...
- Question 48: You are an experienced ISMS audit team leader guiding an aud...
- Question 49: Which two activities align with the "Check'' stage of the Pl...
- Question 50: Which is not a requirement of HR prior to hiring?...
- Question 51: You are an experienced ISMS auditor conducting a third-party...
- Question 52: You are the audit team leader conducting a third-party audit...
- Question 53: Which two of the following are examples of audit methods tha...
- Question 54: In acceptable use of Information Assets, which is the best p...
- Question 55: You are performing an ISMS audit at a European-based residen...
- Question 56: Stages of Information
- Question 57: You are performing an ISMS audit at a residential nursing ho...
- Question 58: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 59: You are an experienced ISMS auditor, currently providing sup...
- Question 60: Select the word that best completes the sentence: (Exhibit)...
- Question 61: Select the words that best complete the sentence: To complet...
- Question 62: During a third-party certification audit, you are presented ...
- Question 63: In the event of an Information security incident, system use...
- Question 64: Which one of the following options is the definition of the ...
- Question 65: A key audit process is the way auditors gather information a...
- Question 66: As the ISMS audit team leader, you are conducting a second-p...
- Question 67: You are an experienced ISMS audit team leader providing inst...
- Question 68: Review the following statements and determine which two are ...
- Question 69: Auditor competence is a combination of knowledge and skills....
- Question 70: You are an experienced ISMS audit team leader. An auditor in...
- Question 71: You are an experienced ISMS audit team leader providing guid...
- Question 72: You are performing an ISMS audit at a residential nursing ho...
- Question 73: Which two of the following phrases would apply to "audit obj...
- Question 74: Which one option best describes the purpose of retaining doc...
- Question 75: Which two of the following are valid audit conclusions?...
- Question 76: Which one of the following conclusions in the audit report i...
- Question 77: The following are definitions of Information, except:...
- Question 78: Implement plan on a test basis - this comes under which sect...
- Question 79: Select the words that best complete the sentence below to de...
- Question 80: Which two of the following statements are true?...
- Question 81: You are an experienced ISMS audit team leader conducting a t...
- Question 82: Which one of the following options best describes the main p...
- Question 83: Review the following statements and determine which two are ...
- Question 84: You are an experienced audit team leader conducting a third-...
- Question 85: You are an experienced audit team leader guiding an auditor ...
- Question 86: Select the correct sequence for the information security ris...
- Question 87: During a Stage 1 audit opening meeting, the Management Syste...
- Question 88: You ask the IT Manager why the organisation still uses the m...
- Question 89: You are a certification body auditor, conducting a surveilla...
- Question 90: You are performing an ISMS audit at a residential nursing ho...
- Question 91: Select the words that best complete the sentence below to de...
[×]
Download PDF File
Enter your email address to download PECB.ISO-IEC-27001-Lead-Auditor.v2024-06-06.q91.pdf