- Home
- PECB
- PECB Certified ISO/IEC 27001 Lead Auditor exam
- PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94
- Question 55
Valid ISO-IEC-27001-Lead-Auditor Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Auditor Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Auditor exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Auditor exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Auditor dumps with Test Engine here:
Access ISO-IEC-27001-Lead-Auditor Dumps Premium Version
(368 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 55/94
You are a certification body auditor, conducting a surveillance audit to ISO/IEC 27001:2022 of a data centre operated by a client who provides hosting services for ICT facilities.
You and your guide are currently in one of the private suites that the client rents out to customers. Access to each suite is controlled using a combination lock. CCTV is also installed in every suite.
Within each suite are three data cabinets in which the client can locate mission-critical servers and other items of networking equipment such as switches and routers.
You notice that whilst two of the cabinets in your suite are locked, the third is unlocked. You ask the guide why. They reply "This is because the client is currently swapping out a hard drive unit. Their technician is currently on a lunch break".
What three actions should you undertake next?
You and your guide are currently in one of the private suites that the client rents out to customers. Access to each suite is controlled using a combination lock. CCTV is also installed in every suite.
Within each suite are three data cabinets in which the client can locate mission-critical servers and other items of networking equipment such as switches and routers.
You notice that whilst two of the cabinets in your suite are locked, the third is unlocked. You ask the guide why. They reply "This is because the client is currently swapping out a hard drive unit. Their technician is currently on a lunch break".
What three actions should you undertake next?
Correct Answer: E,F,H
Explanation
Leaving the cabinet unlocked while the technician is on a lunch break exposes the client's equipment and data to potential physical security risks, such as theft, damage, or tampering. This is a violation of the ISO/IEC
27001:2022 requirements for physical entry (control 7.2) and physical security monitoring (control 7.4), which aim to prevent unauthorized access to information processing facilities and assets. Therefore, the appropriate actions for the auditor are:
* Raise an opportunity for improvement (OFI) suggesting that the cabinet doors are locked whenever clients leave their suites, even if they intend to return within a short time. This would enhance the security of the client's equipment and data, and reduce the likelihood of security incidents.
* Review the CCTV records to ensure that only the client has accessed the cabinet since it was last confirmed as locked. This would verify the integrity and availability of the client's equipment and data, and identify any possible unauthorized access or interference.
* With the permission of the guide, speak to the customer to confirm that they are in the process of swapping out a drive. This would validate the reason for leaving the cabinet unlocked, and assess the impact and risk of the activity on the client's information security.
References: =
* ISO/IEC 27001:2022, clause 7.2, Physical entry
* ISO/IEC 27001:2022, clause 7.4, Physical security monitoring
* PECB Candidate Handbook ISO 27001 Lead Auditor, page 19, Audit Process
* PECB Candidate Handbook ISO 27001 Lead Auditor, page 21, Audit Findings
Leaving the cabinet unlocked while the technician is on a lunch break exposes the client's equipment and data to potential physical security risks, such as theft, damage, or tampering. This is a violation of the ISO/IEC
27001:2022 requirements for physical entry (control 7.2) and physical security monitoring (control 7.4), which aim to prevent unauthorized access to information processing facilities and assets. Therefore, the appropriate actions for the auditor are:
* Raise an opportunity for improvement (OFI) suggesting that the cabinet doors are locked whenever clients leave their suites, even if they intend to return within a short time. This would enhance the security of the client's equipment and data, and reduce the likelihood of security incidents.
* Review the CCTV records to ensure that only the client has accessed the cabinet since it was last confirmed as locked. This would verify the integrity and availability of the client's equipment and data, and identify any possible unauthorized access or interference.
* With the permission of the guide, speak to the customer to confirm that they are in the process of swapping out a drive. This would validate the reason for leaving the cabinet unlocked, and assess the impact and risk of the activity on the client's information security.
References: =
* ISO/IEC 27001:2022, clause 7.2, Physical entry
* ISO/IEC 27001:2022, clause 7.4, Physical security monitoring
* PECB Candidate Handbook ISO 27001 Lead Auditor, page 19, Audit Process
* PECB Candidate Handbook ISO 27001 Lead Auditor, page 21, Audit Findings
- Question List (94q)
- Question 1: You are performing an ISMS audit at a nursing home where res...
- Question 2: Which two of the following phrases are 'objectives' in relat...
- Question 3: During discussions with the individual(s) managing the audit...
- Question 4: What controls can you do to protect sensitive data in your c...
- Question 5: You are an experienced ISMS audit team leader, assisting an ...
- Question 6: CMM stands for?
- Question 7: You are an experienced ISMS audit team leader. During the co...
- Question 8: You are an experienced ISMS auditor conducting a third-party...
- Question 9: In the context of a management system audit, please identify...
- Question 10: Often, people do not pick up their prints from a shared prin...
- Question 11: There is a scheduled fire drill in your facility. What shoul...
- Question 12: Which of the following does a lack of adequate security cont...
- Question 13: You are carrying out a third-party surveillance audit of a c...
- Question 14: Stages of Information
- Question 15: How is the purpose of information security policy best descr...
- 1 commentQuestion 16: What is the difference between a restricted and confidential...
- Question 17: A planning process that introduced the concept of planning a...
- Question 18: What type of measure involves the stopping of possible conse...
- Question 19: You are performing an ISMS audit at a residential nursing ho...
- Question 20: Select the words that best complete the sentence: (Exhibit)...
- Question 21: Does the security have the right to ask you to display your ...
- Question 22: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 23: You are conducting an ISMS audit in the despatch department ...
- Question 24: Select the words that best complete the sentence: To complet...
- Question 25: Which two of the following are valid audit conclusions?...
- Question 26: Which three of the following options are an advantage of usi...
- Question 27: You are an experienced ISMS audit team leader conducting a t...
- Question 28: Which is the glue that ties the triad together...
- Question 29: In what part of the process to grant access to a system does...
- Question 30: Which of the following factors does NOT contribute to the va...
- Question 31: Select the correct sequence for the information security ris...
- Question 32: Match the correct responsibility with each participant of a ...
- Question 33: Which two of the following options for information are not r...
- Question 34: You are an ISMS audit team leader assigned by your certifica...
- Question 35: You are preparing the audit findings. Select two options tha...
- Question 36: You receive an E-mail from some unknown person claiming to b...
- Question 37: What would be the reference for you to know who should have ...
- Question 38: The following are purposes of Information Security, except:...
- Question 39: You are an experienced audit team leader guiding an auditor ...
- Question 40: An employee caught with offense of abusing the internet, suc...
- Question 41: Which of the following is a preventive security measure?...
- Question 42: Which one of the following options is the definition of the ...
- Question 43: Phishing is what type of Information Security Incident?...
- Question 44: You are an experienced ISMS audit team leader guiding an aud...
- Question 45: You are an experienced ISMS audit team leader who is current...
- Question 46: What is the worst possible action that an employee may recei...
- Question 47: You receive the following mail from the IT support team: Dea...
- Question 48: You are an experienced ISMS audit team leader guiding an aud...
- Question 49: You are conducting an ISMS audit in the despatch department ...
- Question 50: You are an audit team leader conducting a third-party survei...
- Question 51: You are an experienced audit team leader guiding an auditor ...
- Question 52: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 53: In acceptable use of Information Assets, which is the best p...
- Question 54: Please match the following situations to the type of audit r...
- Question 55: You are a certification body auditor, conducting a surveilla...
- Question 56: Changes on project-managed applications or database should u...
- Question 57: What is a repressive measure in case of a fire?...
- Question 58: Which of the following is not a type of Information Security...
- Question 59: Which of the following does an Asset Register contain? (Choo...
- Question 60: Which is not a requirement of HR prior to hiring?...
- Question 61: You are the person responsible for managing the audit progra...
- Question 62: Which two of the following statements are true?...
- Question 63: During a third-party certification audit, you are presented ...
- Question 64: You are conducting an ISMS audit in the despatch department ...
- Question 65: Who is responsible for Initial asset allocation to the user/...
- Question 66: You are performing an ISMS audit at a residential nursing ho...
- Question 67: Which two of the following actions are the individual(s) man...
- Question 68: Auditor competence is a combination of knowledge and skills....
- Question 69: Review the following statements and determine which two are ...
- Question 70: You are performing an ISMS audit at a European-based residen...
- Question 71: Which two of the following phrases would apply to "act" in r...
- Question 72: Your organisation is currently seeking ISO/IEC27001:2022 cer...
- Question 73: You are performing an ISMS audit at a residential nursing ho...
- Question 74: You are an experienced ISMS audit team leader. You are provi...
- Question 75: The following options are key actions involved in a first-pa...
- Question 76: Who is authorized to change the classification of a document...
- Question 77: Select the words that best complete the sentence below to de...
- Question 78: There was a fire in a branch of the company Midwest Insuranc...
- Question 79: Which two of the following options are an advantage of using...
- Question 80: What is social engineering?
- Question 81: What is the security management term for establishing whethe...
- Question 82: Four types of Data Classification (Choose two)...
- Question 83: Audit methods can be either with or without interaction with...
- Question 84: Which two of the following phrases are 'objectives' in relat...
- Question 85: In the context of a third-party certification audit, confide...
- Question 86: After a devastating office fire, all staff are moved to othe...
- Question 87: Select the words that best complete the sentence: (Exhibit)...
- Question 88: You are an ISMS audit team leader who has been assigned by y...
- Question 89: As a new member of the IT department you have noticed that c...
- Question 90: Auditors need to communicate effectively with auditees. Ther...
- Question 91: You are an experienced ISMS audit team leader guiding an aud...
- Question 92: You are the audit team leader conducting a third-party audit...
- Question 93: Which one of the following statements best describes the pur...
- Question 94: Which department maintain's contacts with law enforcement au...
[×]
Download PDF File
Enter your email address to download PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94.pdf