Free Practice PECB ISO-IEC-27001-Lead-Auditor Exam Questions 2025

Stay ahead with 100% Free PECB Certified ISO/IEC 27001 Lead Auditor ISO-IEC-27001-Lead-Auditor Dumps Practice Questions

Page: 1 / 71

Total 353 Questions | Updated On: Apr 21, 2025

Add To Cart

Question 1

Which one of the following options is the definition of an interested party?

A : A third party can appeal to an organisation when it perceives itself to be affected by a decision or activity

B : A person or organisation that can affect, be affected by or perceive itself to be affected by a decision or activity

C : A group or organisation that can interfere in or perceive itself to be interfered with by a management decision

D : An individual or organisation that can control, be controlled by, or perceive itself to be controlled by a decision or activity

Answer: B

Question 2

Which two of the following phrases would apply to "act" in relation to the Plan-Do-Check-Act cycle for a business process?

A : Auditing processes

B : Planning changes

C : Measuring objectives

D : Resetting objectives

E : Achieving improvements

F : Verifying training

Answer: D,E

Question 3

You are carrying out your first third-party ISMS surveillance audit as an Audit Team Leader. You are

presently in

the auditee's data centre with another member of your audit team.

You are currently in a large room that is subdivided into several smaller rooms, each of which has a numeric

combination lock and swipe card reader on the door. You notice two external contractors using a swipe card

and

combination number provided by the centre's reception desk to gain access to a client's suite to carry out

authorised electrical repairs.

You go to reception and ask to see the door access record for the client's suite. This indicates only one card

was

swiped. You ask the receptionist and they reply, "yes it's a common problem. We ask everyone to swipe their

cards but with contractors especially, one tends to swipe and the rest simply 'tailgate' their way in" but we know who they are from the reception sign-in.

Based on the scenario above which one of the following actions would you now take?

A : Raise an opportunity for improvement to have a large sign in reception reminding everyone requiring access must use their swipe card at all times

B : Determine whether any additional effective arrangements are in place to verify individual access to secure areas e.g. CCTV

C : Raise a nonconformity against control A.7.1 'security perimiters' as a secure area is not adequately protected

D : Raise a nonconformity against control A.7.6 'working in secure areas' as security measures for working in secure areas have not been defined

E : Raise a nonconformity against control A.5.20 'addressing information security in supplier relationships' as information security requirements have not been agreed upon with the supplier

F : Raise an opportunity for improvement that contractors must be accompanied at all times when accessing secure facilities

Answer: B

Question 4

During a follow-up audit, you notice that a nonconformity identified for completion before the follow-up audit

is still outstanding.

Which four of the following actions should you take?

A : Report the failure to address the corrective action for the outstanding nonconformity to the organisation's top management

B : Immediately raise an nonconformity as the date for completion has been exceeded

C : If the delay is justified agree on a revised date for clearing the nonconformity with the auditee/audit client

D : Contact the individuals) managing the audit programme to seek their advice as to how to proceed

E : Decide whether the delay in addressing the nonconformity is justified

F : Cancel the follow-up audit and return when an assurance has been received that the nonconformity has been cleared

G : Note the nonconformity is still outstanding and follow audit trails to determine why

H : If the delay is unjustified advise the auditee /audit client and agree on remedial action

Answer: A,C,E,G

Question 5

You are an experienced audit team leader guiding an auditor in training.

Your team is currently conducting a third-party surveillance audit of an organisation that stores data on behalf

of external clients. The auditor in training has been tasked with reviewing the PEOPLE controls listed in the

Statement of Applicability (SoA) and mplemented at the site.

Select four controls from the following that would you expect the auditor in training to review.

A : Confidentiality and nondisclosure agreements

B : How protection against malware is implemented

C : Information security awareness, education and training

D : Remote working arrangements

E : The conducting of verification checks on personnel

F : The operation of the site CCTV and door control systems

G : The organisation's arrangements for information deletion

H : The organisation's business continuity arrangements

Answer: A,C,D,E

Page: 1 / 71

Total 353 Questions | Updated On: Apr 21, 2025

Add To Cart