- Home
- PECB
- PECB Certified ISO/IEC 27001 Lead Auditor exam
- PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94
- Question 39
Valid ISO-IEC-27001-Lead-Auditor Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Auditor Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Auditor exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Auditor exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Auditor dumps with Test Engine here:
Access ISO-IEC-27001-Lead-Auditor Dumps Premium Version
(368 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 39/94
You are an experienced audit team leader guiding an auditor in training.
Your team is currently conducting a third-party surveillance audit of an organisation that stores data on behalf of external clients. The auditor in training has been tasked with reviewing the PEOPLE controls listed in the Statement of Applicability (SoA) and mplemented at the site.
Select four controls from the following that would you expect the auditor in training to review.
Your team is currently conducting a third-party surveillance audit of an organisation that stores data on behalf of external clients. The auditor in training has been tasked with reviewing the PEOPLE controls listed in the Statement of Applicability (SoA) and mplemented at the site.
Select four controls from the following that would you expect the auditor in training to review.
Correct Answer: A,C,D,E
Explanation
The PEOPLE controls are related to the human aspects of information security, such as roles and responsibilities, awareness and training, screening and contracts, and remote working. The auditor in training should review the following controls:
* Confidentiality and nondisclosure agreements (A): These are contractual obligations that bind the employees and contractors of the organisation to protect the confidentiality of the information they handle, especially the data of external clients. The auditor should check if these agreements are signed, updated, and enforced by the organisation. This control is related to clause A.7.2.1 of ISO/IEC
27001:2022.
* Information security awareness, education and training : These are activities that aim to enhance the knowledge, skills, and behaviour of the employees and contractors regarding information security. The auditor should check if these activities are planned, implemented, evaluated, and improved by the organisation. This control is related to clause A.7.2.2 of ISO/IEC 27001:2022.
* Remote working arrangements (D): These are policies and procedures that govern the information security aspects of working from locations other than the organisation's premises, such as home or public places. The auditor should check if these arrangements are defined, approved, and monitored by the organisation. This control is related to clause A.6.2.1 of ISO/IEC 27001:2022.
* The conducting of verification checks on personnel (E): These are background checks that verify the identity, qualifications, and suitability of the employees and contractors who have access to sensitive
* information or systems. The auditor should check if these checks are conducted, documented, and reviewed by the organisation. This control is related to clause A.7.1.1 of ISO/IEC 27001:2022.
References:
* ISO/IEC 27001:2022, Information technology - Security techniques - Information security management systems - Requirements
* PECB Candidate Handbook ISO/IEC 27001 Lead Auditor, 1
* ISO 27001:2022 Lead Auditor - IECB, 2
* ISO 27001:2022 certified ISMS lead auditor - Jisc, 3
* ISO/IEC 27001:2022 Lead Auditor Transition Training Course, 4
* ISO 27001 - Information Security Lead Auditor Course - PwC Training Academy, 5
The PEOPLE controls are related to the human aspects of information security, such as roles and responsibilities, awareness and training, screening and contracts, and remote working. The auditor in training should review the following controls:
* Confidentiality and nondisclosure agreements (A): These are contractual obligations that bind the employees and contractors of the organisation to protect the confidentiality of the information they handle, especially the data of external clients. The auditor should check if these agreements are signed, updated, and enforced by the organisation. This control is related to clause A.7.2.1 of ISO/IEC
27001:2022.
* Information security awareness, education and training : These are activities that aim to enhance the knowledge, skills, and behaviour of the employees and contractors regarding information security. The auditor should check if these activities are planned, implemented, evaluated, and improved by the organisation. This control is related to clause A.7.2.2 of ISO/IEC 27001:2022.
* Remote working arrangements (D): These are policies and procedures that govern the information security aspects of working from locations other than the organisation's premises, such as home or public places. The auditor should check if these arrangements are defined, approved, and monitored by the organisation. This control is related to clause A.6.2.1 of ISO/IEC 27001:2022.
* The conducting of verification checks on personnel (E): These are background checks that verify the identity, qualifications, and suitability of the employees and contractors who have access to sensitive
* information or systems. The auditor should check if these checks are conducted, documented, and reviewed by the organisation. This control is related to clause A.7.1.1 of ISO/IEC 27001:2022.
References:
* ISO/IEC 27001:2022, Information technology - Security techniques - Information security management systems - Requirements
* PECB Candidate Handbook ISO/IEC 27001 Lead Auditor, 1
* ISO 27001:2022 Lead Auditor - IECB, 2
* ISO 27001:2022 certified ISMS lead auditor - Jisc, 3
* ISO/IEC 27001:2022 Lead Auditor Transition Training Course, 4
* ISO 27001 - Information Security Lead Auditor Course - PwC Training Academy, 5
- Question List (94q)
- Question 1: You are performing an ISMS audit at a nursing home where res...
- Question 2: Which two of the following phrases are 'objectives' in relat...
- Question 3: During discussions with the individual(s) managing the audit...
- Question 4: What controls can you do to protect sensitive data in your c...
- Question 5: You are an experienced ISMS audit team leader, assisting an ...
- Question 6: CMM stands for?
- Question 7: You are an experienced ISMS audit team leader. During the co...
- Question 8: You are an experienced ISMS auditor conducting a third-party...
- Question 9: In the context of a management system audit, please identify...
- Question 10: Often, people do not pick up their prints from a shared prin...
- Question 11: There is a scheduled fire drill in your facility. What shoul...
- Question 12: Which of the following does a lack of adequate security cont...
- Question 13: You are carrying out a third-party surveillance audit of a c...
- Question 14: Stages of Information
- Question 15: How is the purpose of information security policy best descr...
- 1 commentQuestion 16: What is the difference between a restricted and confidential...
- Question 17: A planning process that introduced the concept of planning a...
- Question 18: What type of measure involves the stopping of possible conse...
- Question 19: You are performing an ISMS audit at a residential nursing ho...
- Question 20: Select the words that best complete the sentence: (Exhibit)...
- Question 21: Does the security have the right to ask you to display your ...
- Question 22: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 23: You are conducting an ISMS audit in the despatch department ...
- Question 24: Select the words that best complete the sentence: To complet...
- Question 25: Which two of the following are valid audit conclusions?...
- Question 26: Which three of the following options are an advantage of usi...
- Question 27: You are an experienced ISMS audit team leader conducting a t...
- Question 28: Which is the glue that ties the triad together...
- Question 29: In what part of the process to grant access to a system does...
- Question 30: Which of the following factors does NOT contribute to the va...
- Question 31: Select the correct sequence for the information security ris...
- Question 32: Match the correct responsibility with each participant of a ...
- Question 33: Which two of the following options for information are not r...
- Question 34: You are an ISMS audit team leader assigned by your certifica...
- Question 35: You are preparing the audit findings. Select two options tha...
- Question 36: You receive an E-mail from some unknown person claiming to b...
- Question 37: What would be the reference for you to know who should have ...
- Question 38: The following are purposes of Information Security, except:...
- Question 39: You are an experienced audit team leader guiding an auditor ...
- Question 40: An employee caught with offense of abusing the internet, suc...
- Question 41: Which of the following is a preventive security measure?...
- Question 42: Which one of the following options is the definition of the ...
- Question 43: Phishing is what type of Information Security Incident?...
- Question 44: You are an experienced ISMS audit team leader guiding an aud...
- Question 45: You are an experienced ISMS audit team leader who is current...
- Question 46: What is the worst possible action that an employee may recei...
- Question 47: You receive the following mail from the IT support team: Dea...
- Question 48: You are an experienced ISMS audit team leader guiding an aud...
- Question 49: You are conducting an ISMS audit in the despatch department ...
- Question 50: You are an audit team leader conducting a third-party survei...
- Question 51: You are an experienced audit team leader guiding an auditor ...
- Question 52: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 53: In acceptable use of Information Assets, which is the best p...
- Question 54: Please match the following situations to the type of audit r...
- Question 55: You are a certification body auditor, conducting a surveilla...
- Question 56: Changes on project-managed applications or database should u...
- Question 57: What is a repressive measure in case of a fire?...
- Question 58: Which of the following is not a type of Information Security...
- Question 59: Which of the following does an Asset Register contain? (Choo...
- Question 60: Which is not a requirement of HR prior to hiring?...
- Question 61: You are the person responsible for managing the audit progra...
- Question 62: Which two of the following statements are true?...
- Question 63: During a third-party certification audit, you are presented ...
- Question 64: You are conducting an ISMS audit in the despatch department ...
- Question 65: Who is responsible for Initial asset allocation to the user/...
- Question 66: You are performing an ISMS audit at a residential nursing ho...
- Question 67: Which two of the following actions are the individual(s) man...
- Question 68: Auditor competence is a combination of knowledge and skills....
- Question 69: Review the following statements and determine which two are ...
- Question 70: You are performing an ISMS audit at a European-based residen...
- Question 71: Which two of the following phrases would apply to "act" in r...
- Question 72: Your organisation is currently seeking ISO/IEC27001:2022 cer...
- Question 73: You are performing an ISMS audit at a residential nursing ho...
- Question 74: You are an experienced ISMS audit team leader. You are provi...
- Question 75: The following options are key actions involved in a first-pa...
- Question 76: Who is authorized to change the classification of a document...
- Question 77: Select the words that best complete the sentence below to de...
- Question 78: There was a fire in a branch of the company Midwest Insuranc...
- Question 79: Which two of the following options are an advantage of using...
- Question 80: What is social engineering?
- Question 81: What is the security management term for establishing whethe...
- Question 82: Four types of Data Classification (Choose two)...
- Question 83: Audit methods can be either with or without interaction with...
- Question 84: Which two of the following phrases are 'objectives' in relat...
- Question 85: In the context of a third-party certification audit, confide...
- Question 86: After a devastating office fire, all staff are moved to othe...
- Question 87: Select the words that best complete the sentence: (Exhibit)...
- Question 88: You are an ISMS audit team leader who has been assigned by y...
- Question 89: As a new member of the IT department you have noticed that c...
- Question 90: Auditors need to communicate effectively with auditees. Ther...
- Question 91: You are an experienced ISMS audit team leader guiding an aud...
- Question 92: You are the audit team leader conducting a third-party audit...
- Question 93: Which one of the following statements best describes the pur...
- Question 94: Which department maintain's contacts with law enforcement au...
[×]
Download PDF File
Enter your email address to download PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94.pdf