- Home
- PECB
- PECB Certified ISO/IEC 27001 Lead Auditor exam
- PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94
- Question 50
Valid ISO-IEC-27001-Lead-Auditor Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Auditor Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Auditor exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Auditor exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Auditor dumps with Test Engine here:
Access ISO-IEC-27001-Lead-Auditor Dumps Premium Version
(368 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 50/94
You are an audit team leader conducting a third-party surveillance audit of a telecom services provider. You have assigned responsibility for auditing the organisation's information security objectives to a junior member of your audit team. Before they begin their assessment, you ask them the following question to check their understanding of the requirements of ISO/IEC 27001:2022.
Which four of the following criteria must Information security objectives fulfil?
Which four of the following criteria must Information security objectives fulfil?
Correct Answer: A,B,G,H
Explanation
According to ISO/IEC 27001:2022, clause 6.2, information security objectives are the specific results that an organisation intends to achieve with its information security management system (ISMS). The standard specifies that information security objectives must fulfil the following criteria:
* They must be communicated appropriately (A): The organisation must ensure that the relevant internal and external parties are informed about the information security objectives and their roles and responsibilities in achieving them. This can help to create awareness, commitment, and accountability for information security. This criterion is related to clause 6.2.2 of ISO/IEC 27001:2022.
* They must be available as documented information (B): The organisation must maintain and retain documented information on the information security objectives, including their scope, level, indicators, and time frame. This can help to provide evidence, traceability, and consistency for information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
* They must be consistent with the IS Policy (G): The organisation must ensure that the information security objectives are aligned with the information security policy, which is the top-level statement of the organisation's intentions and direction for information security. This can help to support the strategic objectives and the context of the organisation. This criterion is related to clause 5.2 of ISO/IEC
27001:2022.
* They must be achievable (H): The organisation must ensure that the information security objectives are realistic and attainable, considering the available resources, capabilities, and constraints. This can help to avoid setting unrealistic or unfeasible expectations and to monitor and measure the progress and performance of information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
References:
* ISO/IEC 27001:2022, Information technology - Security techniques - Information security management systems - Requirements1
* PECB Candidate Handbook ISO/IEC 27001 Lead Auditor2
* ISO 27001:2022 Lead Auditor - PECB3
* ISO 27001:2022 certified ISMS lead auditor - Jisc4
* ISO/IEC 27001:2022 Lead Auditor Transition Training Course5
* ISO 27001 - Information Security Lead Auditor Course - PwC Training Academy6
According to ISO/IEC 27001:2022, clause 6.2, information security objectives are the specific results that an organisation intends to achieve with its information security management system (ISMS). The standard specifies that information security objectives must fulfil the following criteria:
* They must be communicated appropriately (A): The organisation must ensure that the relevant internal and external parties are informed about the information security objectives and their roles and responsibilities in achieving them. This can help to create awareness, commitment, and accountability for information security. This criterion is related to clause 6.2.2 of ISO/IEC 27001:2022.
* They must be available as documented information (B): The organisation must maintain and retain documented information on the information security objectives, including their scope, level, indicators, and time frame. This can help to provide evidence, traceability, and consistency for information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
* They must be consistent with the IS Policy (G): The organisation must ensure that the information security objectives are aligned with the information security policy, which is the top-level statement of the organisation's intentions and direction for information security. This can help to support the strategic objectives and the context of the organisation. This criterion is related to clause 5.2 of ISO/IEC
27001:2022.
* They must be achievable (H): The organisation must ensure that the information security objectives are realistic and attainable, considering the available resources, capabilities, and constraints. This can help to avoid setting unrealistic or unfeasible expectations and to monitor and measure the progress and performance of information security. This criterion is related to clause 6.2.1 of ISO/IEC 27001:2022.
References:
* ISO/IEC 27001:2022, Information technology - Security techniques - Information security management systems - Requirements1
* PECB Candidate Handbook ISO/IEC 27001 Lead Auditor2
* ISO 27001:2022 Lead Auditor - PECB3
* ISO 27001:2022 certified ISMS lead auditor - Jisc4
* ISO/IEC 27001:2022 Lead Auditor Transition Training Course5
* ISO 27001 - Information Security Lead Auditor Course - PwC Training Academy6
- Question List (94q)
- Question 1: You are performing an ISMS audit at a nursing home where res...
- Question 2: Which two of the following phrases are 'objectives' in relat...
- Question 3: During discussions with the individual(s) managing the audit...
- Question 4: What controls can you do to protect sensitive data in your c...
- Question 5: You are an experienced ISMS audit team leader, assisting an ...
- Question 6: CMM stands for?
- Question 7: You are an experienced ISMS audit team leader. During the co...
- Question 8: You are an experienced ISMS auditor conducting a third-party...
- Question 9: In the context of a management system audit, please identify...
- Question 10: Often, people do not pick up their prints from a shared prin...
- Question 11: There is a scheduled fire drill in your facility. What shoul...
- Question 12: Which of the following does a lack of adequate security cont...
- Question 13: You are carrying out a third-party surveillance audit of a c...
- Question 14: Stages of Information
- Question 15: How is the purpose of information security policy best descr...
- 1 commentQuestion 16: What is the difference between a restricted and confidential...
- Question 17: A planning process that introduced the concept of planning a...
- Question 18: What type of measure involves the stopping of possible conse...
- Question 19: You are performing an ISMS audit at a residential nursing ho...
- Question 20: Select the words that best complete the sentence: (Exhibit)...
- Question 21: Does the security have the right to ask you to display your ...
- Question 22: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 23: You are conducting an ISMS audit in the despatch department ...
- Question 24: Select the words that best complete the sentence: To complet...
- Question 25: Which two of the following are valid audit conclusions?...
- Question 26: Which three of the following options are an advantage of usi...
- Question 27: You are an experienced ISMS audit team leader conducting a t...
- Question 28: Which is the glue that ties the triad together...
- Question 29: In what part of the process to grant access to a system does...
- Question 30: Which of the following factors does NOT contribute to the va...
- Question 31: Select the correct sequence for the information security ris...
- Question 32: Match the correct responsibility with each participant of a ...
- Question 33: Which two of the following options for information are not r...
- Question 34: You are an ISMS audit team leader assigned by your certifica...
- Question 35: You are preparing the audit findings. Select two options tha...
- Question 36: You receive an E-mail from some unknown person claiming to b...
- Question 37: What would be the reference for you to know who should have ...
- Question 38: The following are purposes of Information Security, except:...
- Question 39: You are an experienced audit team leader guiding an auditor ...
- Question 40: An employee caught with offense of abusing the internet, suc...
- Question 41: Which of the following is a preventive security measure?...
- Question 42: Which one of the following options is the definition of the ...
- Question 43: Phishing is what type of Information Security Incident?...
- Question 44: You are an experienced ISMS audit team leader guiding an aud...
- Question 45: You are an experienced ISMS audit team leader who is current...
- Question 46: What is the worst possible action that an employee may recei...
- Question 47: You receive the following mail from the IT support team: Dea...
- Question 48: You are an experienced ISMS audit team leader guiding an aud...
- Question 49: You are conducting an ISMS audit in the despatch department ...
- Question 50: You are an audit team leader conducting a third-party survei...
- Question 51: You are an experienced audit team leader guiding an auditor ...
- Question 52: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 53: In acceptable use of Information Assets, which is the best p...
- Question 54: Please match the following situations to the type of audit r...
- Question 55: You are a certification body auditor, conducting a surveilla...
- Question 56: Changes on project-managed applications or database should u...
- Question 57: What is a repressive measure in case of a fire?...
- Question 58: Which of the following is not a type of Information Security...
- Question 59: Which of the following does an Asset Register contain? (Choo...
- Question 60: Which is not a requirement of HR prior to hiring?...
- Question 61: You are the person responsible for managing the audit progra...
- Question 62: Which two of the following statements are true?...
- Question 63: During a third-party certification audit, you are presented ...
- Question 64: You are conducting an ISMS audit in the despatch department ...
- Question 65: Who is responsible for Initial asset allocation to the user/...
- Question 66: You are performing an ISMS audit at a residential nursing ho...
- Question 67: Which two of the following actions are the individual(s) man...
- Question 68: Auditor competence is a combination of knowledge and skills....
- Question 69: Review the following statements and determine which two are ...
- Question 70: You are performing an ISMS audit at a European-based residen...
- Question 71: Which two of the following phrases would apply to "act" in r...
- Question 72: Your organisation is currently seeking ISO/IEC27001:2022 cer...
- Question 73: You are performing an ISMS audit at a residential nursing ho...
- Question 74: You are an experienced ISMS audit team leader. You are provi...
- Question 75: The following options are key actions involved in a first-pa...
- Question 76: Who is authorized to change the classification of a document...
- Question 77: Select the words that best complete the sentence below to de...
- Question 78: There was a fire in a branch of the company Midwest Insuranc...
- Question 79: Which two of the following options are an advantage of using...
- Question 80: What is social engineering?
- Question 81: What is the security management term for establishing whethe...
- Question 82: Four types of Data Classification (Choose two)...
- Question 83: Audit methods can be either with or without interaction with...
- Question 84: Which two of the following phrases are 'objectives' in relat...
- Question 85: In the context of a third-party certification audit, confide...
- Question 86: After a devastating office fire, all staff are moved to othe...
- Question 87: Select the words that best complete the sentence: (Exhibit)...
- Question 88: You are an ISMS audit team leader who has been assigned by y...
- Question 89: As a new member of the IT department you have noticed that c...
- Question 90: Auditors need to communicate effectively with auditees. Ther...
- Question 91: You are an experienced ISMS audit team leader guiding an aud...
- Question 92: You are the audit team leader conducting a third-party audit...
- Question 93: Which one of the following statements best describes the pur...
- Question 94: Which department maintain's contacts with law enforcement au...
[×]
Download PDF File
Enter your email address to download PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94.pdf