Search Header Logo

3. ISO 27001:2022 Lead Auditor

Authored by Yohana Gracia Naomi

others

Professional Development

Used 12+ times

3. ISO 27001:2022 Lead Auditor
AI

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

    Content View

    Student View

41 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

1. In which of its clauses ISO 27001:2022 asks to consider:

a. Stakeholders that are relevant to the information security management system

b. The requirements of these stakeholders that are relevant to information security.

c. Which of these requirements will be addressed through the Information Security Management System.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

2. ISO 27001:2022 states that when the organization determines the need for changes to the ISMS, the changes shall be carried out in a planned manner in its clause:

a) Clause 6.3

b) Clause 10.2

c) Clause 4.2

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

3. Annex A of ISO 27001:2022 defines 4 categories (organizational, people, physical and technological) to group the 93 information security controls.

True

False

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

4. Once the audit has been carried out, the auditor in charge of the audit must prepare the Audit Report.

This report establishes:

a. Audit objectives

b. Scope of the audit.

c. Auditees and the audit period.

d. Documentation of the contact person.

e. Documentation of the lead auditor and other auditors.

f. Dates and locations where the audit activities took place.

g. Audit criteria.

h. Audit statements.

i. Audit Conclusions

a) All are correct.

b) All except d and e.

c) Only i.

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

  1. 5. The audit objectives define what is to be achieved with the individual audit.

a) True.

b) False.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

  1. 6. The Statement of Applicability (SoA) must contain:

a. The controls necessary to implement the chosen information security risk treatment option(s).

b. Justification of inclusions.

c. Whether or not the necessary controls are implemented.

d. Justification for exclusions from any of the controls in annex A.

a) All are correct.

b) All except b and c.

c) Only a.

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

7. During the closing meeting the lead auditor should explain, for example, any related post-audit activities (e.g., implementation and review of corrective actions, handling of audit complaints, appeals process).

a) True.

b) False.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Google

Continue with Google

Email

Continue with Email

Classlink

Continue with Classlink

Clever

Continue with Clever

or continue with

Microsoft

Microsoft

Apple

Apple

Others

Others

Already have an account?