Question 1

CEO sends a mail giving his views on the status of the company and the company’s future strategy and the CEO's vision and the employee's part in it. The mail should be classified as

Options :

A : Internal Mail

B : Public Mail

C : Confidential Mail

D : Restricted Mail

Answer: A

Question 2

Select two of the following options that are the responsibility of a legal technical expert on the audit team during a certification audit.

Options :

A : Evaluating the auditee-s legal knowledge

B : Criticising the organisation-s legal compliance issues

C : Debating complex legal points with the auditee

D : Advising on legal checkpoints for the audit team

E : Verifying the legal status of the organisation

F : Meeting the organisation-s legal representative

Answer: D,E

Question 3

Which two of the following are valid audit conclusions?

Options :

A : ISMS induction training does not provide guidance on malware prevention

B : The risk register had not been updated since June 202X

C : Corrective action was outstanding for two internal audits

D : The ISMS policy has been effectively communicated to the organisation

E : The organisation-s ISMS objectives meet the requirements of ISO/IEC 27001:2022

F : The schedule of applicability was based on the 2013 edition of ISO/IEC 27001, not the 2022 edition

Answer: D,E

Question 4

What is the goal of classification of information?

Options :

A : To create a manual about how to handle mobile devices

B : Applying labels making the information easier to recognize

C : Structuring information according to its sensitivity

Answer: C

Question 5

You are performing an ISMS audit at a residential nursing home that provides healthcare services and are

reviewing the Software Code Management (SCM) system. You found a total of 10 user accounts on the SCM.

You confirm that one of the users, Scott, resigned 9-months

ago. The SCM System Administrator confirmed Scott's last check-out of the source code was found 1 month

ago. He was using one of the uthorized desktops from the local network in a secure area.

You check with the user de-registration procedure which states "Managers have to make sure of deregistration

of the user account and authorisation immediately from the relevant ICT system and/or equipment after

resignation approval." There was no deregistration record for user Scott.

The IT Security Manager explains that Scott still comes back to the office every month after he resigned to

provide support on source code maintenance. That's why his account on SCM still exists.

You would like to investigate other areas further to collect more audit evidence. Select three options that

would not be valid audit trails.

Options :

A :

Collect more evidence on how access controls are periodically reviewed to maintain security (Relevant to control A.5.35)

B :

Collect more evidence on how the transition of Scott from full-time to part-time employment was managed (relevant to control A.6.5)

C :

Collect more evidence from Scott-s background verification checks performed by the human resource department under the new employment relationship. (Relevant to control A.6.1)

D :

Collect more evidence of why Scott resigned and whether his re-engagement represents a conflict of interest. (relevant to control A.5.3)

E :

Collect more evidence on how Scott can access the employee-s desktop and local network. (Relevant to control A.5.15)

F : Collect more evidence on how Scott can access the secure area. (Relevant to control A.8.4)

G :

Collect more evidence on how the organization pays for Scott-s source code maintenance support service. (Relevant to control A.6.2)

H :

Collect more evidence on where Scott kept the source code that he checked out and how it was secured. (Relevant to control A.8.4)

Answer: B,D,G

Free ISO-IEC-27001-Lead-Auditor Mock Exam – Practice Online Confidently

Buying Options: