Which three options describe a disadvantage of using a checklist?

Not varying from the checklist when necessary

Restricting interviews to nominated parties

Using the same checklist for every audit without review

Ensuring the audit plan is implemented

During an opening meeting of a Stage 2 audit, the Managing Director of the client organisation invites the audit team to view a new company video lasting 45 minutes. Which three of the following responses should the audit team leader not make?

Advise the Managing Director that the audit team agrees to his request

State that the audit team leader will stay behind after the opening meeting to view the video on behalf of the team

State that the audit team will make a decision on the viewing at a later time

Suggest that the first five minutes of the video could be viewed to provide a flavour of its content

Invite the Managing Director to the auditors’ hotel for a viewing that evening

Use of the plan for consecutive audits without review

Overrules the auditor’s instincts

Implements the audit plan efficiently

Provides an accurate understanding of the ISMS

Review the following statements and determine which three are true :

The selection of onsite, virtual or combination audits should take into consideration historical performance and previous audit results

Conducting a technology check in advance of a virtual audit can improve the effectiveness and efficiency of the audit

During a virtual audit, auditees participating in interviews are strongly recommended to keep their webcam enabled

Due to confidentiality and security concerns, screen sharing during a virtual audit is the only method by which the audit team can review the auditee’s documentation

Auditors approved for conducting onsite audits do not require additional training for virtual audits, as there are no significant differences in the skillset required

Your organisation is currently seeking ISO/IEC 27001:2022 certification. You have just qualified as an Internal ISMS auditor and the ICT Manager wants to use your newly acquired knowledge to assist him with the production of documented information to support the operation of the ISMS and to evidence its effective implementation. He makes the following statements about documented information Which four options are correct?

The term ‘record’ could be used to describe documented information retained by the organisation to evidence conformity

An example of documented information being ‘maintained’ would be the periodic review and update of the organisation’s risk assessment process

The Information Security Policy, Information Security objectives, and the results of the Management Review must be available as documented information

An organisation must have disposition processes in place to deal with redundant documented information

To be acceptable as audit evidence, documented information must be written down on paper

Your organisation is currently seeking ISO/IEC 27001:2022 certification. You have just qualified as an Internal ISMS auditor. The ICT Manager wants to use your newly acquired knowledge to assist him with his understanding of the Context of the Organization. He has completed some preliminary work on determining the organisation’s context based on his interpretation of the Standard’s requirements in clause 4 but wants the view of an auditor as to whether his interpretations are correct. Which three of the following observations he has made are correct ?

‘Relevant’ issues are those which are applicable to the organisation’s purpose, and which are capable of affecting the intended outcomes of the organisation’s information security management system

The scope of the information security management system identifies its boundaries and applicability i.e. what forms part of the system and what does not

The organisation is required to continually improve the information security management system

The organisation is required to monitor the needs and expectations of interested parties over time

Relevant issues are events which could occur in the future, the impact of which can be mitigated by the application of controls

You are an audit team leader carrying out a third-party surveillance audit of an internet services provider. An auditor in training has approached you and asked you to confirm which four of the following are relevant ISMS ISSUES for their ISO 27001:2022 management system.

The organisation currently has no personnel assigned to an information security role since the Chief Information Officer recently left for a higher paid position elsewhere

Service Level Agreement response times are regularly being missed

The CCTV system used to monitor access to and from the site is not operational at present

External providers have not been paid due to a failure with the payment system software

A key competitor is rumoured to be building a state-of-the-art data centre on the other side of town

You are an experienced ISMS audit team leader guiding an auditor in training. They have asked you why it is important to carry out changes to the information security management system in a ‘planned manner’. Which four of the following options would be valid responses from you?

It ensures appropriate resources are available to make the required changes

It identifies potential problems and allows strategies for dealing with these to be developed

It offers a chance to identify opportunities for improvement as well as risks arising from the change

It makes it less likely that the provision of products or services to clients will be adversely impacted

It ensures everything will go to plan and there will be no mistakes with the changes

You are an experienced ISMS audit team leader. An auditor in training is assisting you to conduct a third-party surveillance audit using ISO/IEC 27001:2022 as audit criteria. You have asked him to assess the organisation’s approach to continual improvement. He has carried out his investigation and now wishes to discuss his findings with you. Which four of his following recommendations would you support as nonconformities?

I believe we should raise a nonconformity against clause 9.3.2 Management Review Inputs as continual improvement has not been discussed at any management review meeting

I believe we should raise a nonconformity against clause 5.1 Leadership and commitment as there is no evidence that top management have promoted continual improvement

I believe we should raise a nonconformity against 9.3 Management Review for failing to take customer feedback into account

I believe we should raise a nonconformity against clause 6.1.1 as the organization is not using its understanding of issues and relevant requirements in the determination of risks and opportunities relating to continual improvement

I believe we should raise a nonconformity against clause 10.1 Continual Improvement as the organization has demonstrated no changes to its products and services over the last 12 months

You are an experienced ISMS auditor carrying out a third-party surveillance audit of an internet services provider. You are reviewing documented information relating to three information security incidents which took place earlier in the year. In each case, the organisation was the subject of a denial of service attack which resulted in clients being unable to access the internet for most of the day. A failure to keep virus detection software up to date was identified in each instance. Based on the above, which three of the following controls would become the focus of your audit?

Control 8.8 - Management of technical vulnerabilities

Control 5.27 - Learning from information security incidents

Control 8.7 - Protection against malware

Control 7.5 - Protecting against physical and environmental threats

Control 8.9 - Configuration management

As the ISMS audit team leader, you are conducting a second-party audit of an international logistics organisation on behalf of an online retailer. During the audit, one of your team members reports a nonconformity relating to control 5.18 (Access rights) of Annex A of ISO/IEC 27001:2022. The control was justified in the Statement of Applicability. She found evidence that removing the server access protocols of 20 people who left in the last 3 months took up to 1 week whereas the policy required removing access within 24 hours of their departure. Select the three most appropriate actions taken by the auditee to deal with this situation.

Revisit the security risk assessment process to re-evaluate the timescale for the removal of leaver access rights

Investigate whether the delays in removing access protocols caused any security breaches

Monitor the ongoing process of removing leaver access protocols to determine whether it meets requirements

Reprimand the IT team for failing to remove the access protocols in the required timescale

Ensure that removing the server access protocols of leavers from senior management positions is prioritised

As the ISMS audit team leader, you are conducting a second-party audit of an international logistics organisation on behalf of an online retailer. During the audit, one of your team members reports a nonconformity relating to control 5.18 (Access rights) of Annex A of ISO/IEC 27001:2022. The control was justified in the Statement of Applicability. She found evidence that removing the server access protocols of 20 people who left in the last 3 months took up to 1 week whereas the policy required removing access within 24 hours of their departure. Select the three most appropriate actions taken by the auditee to deal with this situation.

Investigate whether the delays in removing access protocols caused any security breaches

Revisit the security risk assessment process to re-evaluate the timescale for the removal of leaver access rights

Monitor the ongoing process of removing leaver access protocols to determine whether it meets requirements

Reprimand the IT team for failing to remove the access protocols in the required timescale

Ensure that removing the server access protocols of leavers from senior management positions is prioritised

As the ISMS audit team leader, you are conducting a second-party audit of an international logistics company on behalf of an online retailer. During the audit, one of your team members reports a nonconformity relating to control 5.18 (Access rights) of Annex A of ISO/IEC 27001:2022. The control was justified in the Statement of Applicability. She found evidence that removing the server access protocols of 20 people who left in the last 3 months took up to 1 week whereas the policy required removing access within 24 hours of their departure.

8.3 “The organisation has failed to implement the risk treatment for the identified risk associated with control reference 5.18.”

7.5.1.b “The organisation has not monitored documentary evidence of the implementation of risk treatment for control 5.18.”

6.2 “The organisation has not met information security objectives associated with control 5.18 of Appendix A of ISO 27001:2022.”

6.1.2.c “The organisation has not conducted a thorough enough risk assessment process to correctly identify the information security risk associated with control 5.18.”

6.1.3.a “The organisation has failed to select the appropriate risk treatment for the information security control 5.18 from Annex A of ISO 27001:2022.”

You are the person responsible for managing the audit programme and deciding the size and composition of the audit team for spesific audit, select the four factors that should be consider

Number of employees of the auditee

the overall competence of the audit team needed to achieve audit objectives

Number of employees of the auditee

which one of the following option describes the main purposeof a stage 1 audit?

to determine readiness for stage 2

to get to know the organisation

to learn about the organisation procurement procesess

to introduce the audit team to the client

Auditors should have certain knowledge and skills, while audit team leaders should have some additional knowledge and skills. from the following list, select five that only apply to audit team leader

prepared and complete the final audit report

manage the uncertainty of achieving audit objectives

apply approtiate sampling techniques

be aware of cultural and social aspects of the auditee

an audit finding is the result of the evaluation of the collected audit evidence againts audit criteria. Evaluate the following potential formats of a audit evidence and select the four that are acceptable...

Observation of a previously recorded video demonstrating the performance of a hazardous activity

statement of facts by the IT Manager

an audio recording of a dialog between the IT Manager and system engineer

observation of the performance of a software update

documented information on results of IT audits

ISO 27001 ; 2022

Authored by ojan zan

English

Used 8+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

28 questions

Show all answers

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which three of the following phrases would apply to “do” in relation to the Plan-Do-Check-Act cycle for a business process?

Training staff

Providing ICT assets

Identifying risks

Retaining documentation

Organising changes

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which two of the following statements are true?

Excluding any requirements specified in clauses 4 to 10 is not acceptable when an organisation claims conformity to ISO/IEC 27001

Excluding any controls specified in Annex A with justification is not acceptable when an organisation claims conformity to ISO/IEC 27001

Excluding any controls specified in Annex A with justification is acceptable when an organisation claims conformity to ISO/IEC 27001

Excluding any requirements specified in clauses 4 to 10 is acceptable when an organisation claims conformity to ISO/IEC 27001

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Audit methods can be either with or without interaction with individuals representing the auditee.

Which six of the following methods are without interaction?

Sampling (e.g. products).
Observing work performed via live video streaming

Analysing findings
Preparing checklists

Reviewing documents provided in advance of the audit
Checking legal compliance with local authorities

Conducting interviews
Conducting a visit on site

Completing checklists with auditee participation

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which three of the following phrases are ‘criteria’ in relation to an audit?

Complete the audit on time

Management policy

International Standard

Regulatory requirements

Confirm the scope of the management system

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which three of the following phrases would apply to ‘audit scope’ in relation to an audit?

Audit boundaries

Achievable results

Audit boundaries

Ability to meet regulatory requirements

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which three of the following phrases are ‘criteria’ in relation to an audit?

Management policy

Confirm the scope of the management system

Identify opportunities for improvement

International Standard

Regulatory requirements

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which three of the following phrases would apply to ‘audit scope’ in relation to an audit?

Processes audited
Audit boundaries

Ability to meet regulatory requirements
Regulatory requirements

Achievable results
Assessing conformity

Assessing conformity
Documented outcomes

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

23 questions

How much do you know about the EU?

Quiz

•

6th - 8th Grade

25 questions

UNIT 1 FRIENDSHIP VOCABULARY QUIZ

Quiz

•

8th Grade

25 questions

INFINITIVE AND GERUND

Quiz

•

5th - 12th Grade

24 questions

Fokozás - Type 1

Quiz

•

9th Grade

24 questions

2022.6 听力24题

Quiz

•

University

25 questions

Test 2- E4 smart

Quiz

•

4th Grade - University

25 questions

WORD GUESSING GAME

Quiz

•

7th - 8th Grade

24 questions

Week 2 - LGS İngilizce Ünite 1-1

Quiz

•

5th - 8th Grade

Popular Resources on Wayground

15 questions

Grade 3 Simulation Assessment 1

Quiz

•

3rd Grade

22 questions

HCS Grade 4 Simulation Assessment_1 2526sy

Quiz

•

4th Grade

16 questions

Grade 3 Simulation Assessment 2

Quiz

•

3rd Grade

19 questions

HCS Grade 5 Simulation Assessment_1 2526sy

Quiz

•

5th Grade

17 questions

HCS Grade 4 Simulation Assessment_2 2526sy

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

24 questions

HCS Grade 5 Simulation Assessment_2 2526sy

Quiz

•

5th Grade

20 questions

Math Review

Quiz

•

3rd Grade

Discover more resources for English

20 questions

Capitalization in sentences

Quiz

•

KG - 4th Grade

10 questions

Word Knowledge and Skills #6

Quiz

•

KG - 8th Grade

14 questions

2nd Grade Reading Comprehension Review (January)

Quiz

•

KG - 3rd Grade

18 questions

Because of Winn Dixie Chapters 1-5

Quiz

•

KG - 8th Grade

20 questions

Earth Day

Quiz

•

KG - 1st Grade

20 questions

Phonics

Quiz

•

12 questions

HOMOPHONES

Presentation

•

KG - 4th Grade

10 questions

Word Knowledge and Skills #2

Quiz

•

KG - 8th Grade

ISO 27001 ; 2022

Which three of the following phrases would apply to “do” in relation to the Plan-Do-Check-Act cycle for a business process?

Which two of the following statements are true?

Audit methods can be either with or without interaction with individuals representing the auditee.Which six of the following methods are without interaction?

Which three of the following phrases are ‘criteria’ in relation to an audit?

Which three of the following phrases would apply to ‘audit scope’ in relation to an audit?

Which three of the following phrases are ‘criteria’ in relation to an audit?

Which three of the following phrases would apply to ‘audit scope’ in relation to an audit?

Which three options describe a disadvantage of using a checklist?

During an opening meeting of a Stage 2 audit, the Managing Director of the client organisation invites the audit team to view a new company video lasting 45 minutes.Whichthreeof the following responses should the audit team leadernotmake?

Invite the Managing Director to the auditors’ hotel for a viewing that evening

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for English

Audit methods can be either with or without interaction with individuals representing the auditee.

Which six of the following methods are without interaction?

During an opening meeting of a Stage 2 audit, the Managing Director of the client organisation invites the audit team to view a new company video lasting 45 minutes.

Whichthreeof the following responses should the audit team leadernotmake?