- Home
- PECB
- PECB Certified ISO/IEC 27001 Lead Auditor exam
- PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94
- Question 27
Valid ISO-IEC-27001-Lead-Auditor Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Auditor Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Auditor exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Auditor exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Auditor dumps with Test Engine here:
Access ISO-IEC-27001-Lead-Auditor Dumps Premium Version
(368 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 27/94
You are an experienced ISMS audit team leader conducting a third-party surveillance visit.
You notice that although the auditee is claiming conformity with ISO/IEC 27001:2022 they are still referring to Improvement as clause 10.2 (as it was in the 2013 edition) when this is now clause 10.1 in the 2022 edition. You have confirmed they are meeting all of the 2022 requirements set out in the standard.
Select one option of the action you should take.
You notice that although the auditee is claiming conformity with ISO/IEC 27001:2022 they are still referring to Improvement as clause 10.2 (as it was in the 2013 edition) when this is now clause 10.1 in the 2022 edition. You have confirmed they are meeting all of the 2022 requirements set out in the standard.
Select one option of the action you should take.
Correct Answer: C
Explanation
The correct action to take in this situation is to raise it as an opportunity for improvement. This is because the auditee is not violating any requirement of the standard, but rather using outdated terminology that does not reflect the current version of the standard. An opportunity for improvement is a suggestion for enhancing the performance or effectiveness of the ISMS1. It is not a nonconformity, which is a failure to fulfil a requirement2. Therefore, option B is incorrect. Option A is also incorrect, because noting the issue in the audit report without raising it as an opportunity for improvement would not provide any value or feedback to the auditee. Option D is also incorrect, because bringing the matter up at the closing meeting without documenting it as an opportunity for improvement would not ensure that the auditee takes any action to address it.
References: 1: ISMS Auditing Guideline - ISO27000, page 11; 2: ISO/IEC 27000:2022, 3.28; : ISMS Auditing Guideline - ISO27000; : ISO/IEC 27000:2022
The correct action to take in this situation is to raise it as an opportunity for improvement. This is because the auditee is not violating any requirement of the standard, but rather using outdated terminology that does not reflect the current version of the standard. An opportunity for improvement is a suggestion for enhancing the performance or effectiveness of the ISMS1. It is not a nonconformity, which is a failure to fulfil a requirement2. Therefore, option B is incorrect. Option A is also incorrect, because noting the issue in the audit report without raising it as an opportunity for improvement would not provide any value or feedback to the auditee. Option D is also incorrect, because bringing the matter up at the closing meeting without documenting it as an opportunity for improvement would not ensure that the auditee takes any action to address it.
References: 1: ISMS Auditing Guideline - ISO27000, page 11; 2: ISO/IEC 27000:2022, 3.28; : ISMS Auditing Guideline - ISO27000; : ISO/IEC 27000:2022
- Question List (94q)
- Question 1: You are performing an ISMS audit at a nursing home where res...
- Question 2: Which two of the following phrases are 'objectives' in relat...
- Question 3: During discussions with the individual(s) managing the audit...
- Question 4: What controls can you do to protect sensitive data in your c...
- Question 5: You are an experienced ISMS audit team leader, assisting an ...
- Question 6: CMM stands for?
- Question 7: You are an experienced ISMS audit team leader. During the co...
- Question 8: You are an experienced ISMS auditor conducting a third-party...
- Question 9: In the context of a management system audit, please identify...
- Question 10: Often, people do not pick up their prints from a shared prin...
- Question 11: There is a scheduled fire drill in your facility. What shoul...
- Question 12: Which of the following does a lack of adequate security cont...
- Question 13: You are carrying out a third-party surveillance audit of a c...
- Question 14: Stages of Information
- Question 15: How is the purpose of information security policy best descr...
- 1 commentQuestion 16: What is the difference between a restricted and confidential...
- Question 17: A planning process that introduced the concept of planning a...
- Question 18: What type of measure involves the stopping of possible conse...
- Question 19: You are performing an ISMS audit at a residential nursing ho...
- Question 20: Select the words that best complete the sentence: (Exhibit)...
- Question 21: Does the security have the right to ask you to display your ...
- Question 22: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 23: You are conducting an ISMS audit in the despatch department ...
- Question 24: Select the words that best complete the sentence: To complet...
- Question 25: Which two of the following are valid audit conclusions?...
- Question 26: Which three of the following options are an advantage of usi...
- Question 27: You are an experienced ISMS audit team leader conducting a t...
- Question 28: Which is the glue that ties the triad together...
- Question 29: In what part of the process to grant access to a system does...
- Question 30: Which of the following factors does NOT contribute to the va...
- Question 31: Select the correct sequence for the information security ris...
- Question 32: Match the correct responsibility with each participant of a ...
- Question 33: Which two of the following options for information are not r...
- Question 34: You are an ISMS audit team leader assigned by your certifica...
- Question 35: You are preparing the audit findings. Select two options tha...
- Question 36: You receive an E-mail from some unknown person claiming to b...
- Question 37: What would be the reference for you to know who should have ...
- Question 38: The following are purposes of Information Security, except:...
- Question 39: You are an experienced audit team leader guiding an auditor ...
- Question 40: An employee caught with offense of abusing the internet, suc...
- Question 41: Which of the following is a preventive security measure?...
- Question 42: Which one of the following options is the definition of the ...
- Question 43: Phishing is what type of Information Security Incident?...
- Question 44: You are an experienced ISMS audit team leader guiding an aud...
- Question 45: You are an experienced ISMS audit team leader who is current...
- Question 46: What is the worst possible action that an employee may recei...
- Question 47: You receive the following mail from the IT support team: Dea...
- Question 48: You are an experienced ISMS audit team leader guiding an aud...
- Question 49: You are conducting an ISMS audit in the despatch department ...
- Question 50: You are an audit team leader conducting a third-party survei...
- Question 51: You are an experienced audit team leader guiding an auditor ...
- Question 52: You are performing an ISO 27001 ISMS surveillance audit at a...
- Question 53: In acceptable use of Information Assets, which is the best p...
- Question 54: Please match the following situations to the type of audit r...
- Question 55: You are a certification body auditor, conducting a surveilla...
- Question 56: Changes on project-managed applications or database should u...
- Question 57: What is a repressive measure in case of a fire?...
- Question 58: Which of the following is not a type of Information Security...
- Question 59: Which of the following does an Asset Register contain? (Choo...
- Question 60: Which is not a requirement of HR prior to hiring?...
- Question 61: You are the person responsible for managing the audit progra...
- Question 62: Which two of the following statements are true?...
- Question 63: During a third-party certification audit, you are presented ...
- Question 64: You are conducting an ISMS audit in the despatch department ...
- Question 65: Who is responsible for Initial asset allocation to the user/...
- Question 66: You are performing an ISMS audit at a residential nursing ho...
- Question 67: Which two of the following actions are the individual(s) man...
- Question 68: Auditor competence is a combination of knowledge and skills....
- Question 69: Review the following statements and determine which two are ...
- Question 70: You are performing an ISMS audit at a European-based residen...
- Question 71: Which two of the following phrases would apply to "act" in r...
- Question 72: Your organisation is currently seeking ISO/IEC27001:2022 cer...
- Question 73: You are performing an ISMS audit at a residential nursing ho...
- Question 74: You are an experienced ISMS audit team leader. You are provi...
- Question 75: The following options are key actions involved in a first-pa...
- Question 76: Who is authorized to change the classification of a document...
- Question 77: Select the words that best complete the sentence below to de...
- Question 78: There was a fire in a branch of the company Midwest Insuranc...
- Question 79: Which two of the following options are an advantage of using...
- Question 80: What is social engineering?
- Question 81: What is the security management term for establishing whethe...
- Question 82: Four types of Data Classification (Choose two)...
- Question 83: Audit methods can be either with or without interaction with...
- Question 84: Which two of the following phrases are 'objectives' in relat...
- Question 85: In the context of a third-party certification audit, confide...
- Question 86: After a devastating office fire, all staff are moved to othe...
- Question 87: Select the words that best complete the sentence: (Exhibit)...
- Question 88: You are an ISMS audit team leader who has been assigned by y...
- Question 89: As a new member of the IT department you have noticed that c...
- Question 90: Auditors need to communicate effectively with auditees. Ther...
- Question 91: You are an experienced ISMS audit team leader guiding an aud...
- Question 92: You are the audit team leader conducting a third-party audit...
- Question 93: Which one of the following statements best describes the pur...
- Question 94: Which department maintain's contacts with law enforcement au...
[×]
Download PDF File
Enter your email address to download PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-22.q94.pdf