8. Regarding documented information, ISO 27001:2022 indicates it may include:

a) Documented information of external origin, determined by the organization as necessary for the planning and operation of the information security management system

b) Documented information required by the information security management system and by this international regulation

c) Documented information that the organization has determined is necessary for the effectiveness of the information security management system.

9. The audit plan refers to:

b) Description of the activities and arrangements for an audit.

a) A set of one or more audits planned for a specific period of time and directed toward a specific purpose

11. This is the best time to disclose the conditions under which the audit may be terminated

a) At the beginning of an individual audit.

c) During the definition of the audit scope.

12. ISO 17011:2018 states that auditors should have knowledge and skills such as:

a) Understand the types of risks and opportunities associated with the audit.

d) Taking too much time to write their notes correctly.

f) Empower in the audit to try to obtain as much evidence as possible.

e) Prioritize and focus on important issues.

15.Checklists used by auditors:

a) Ensure that nothing important is overlooked.

d) Help provide information on possible consequences of not adequately addressing audit finding

c) Help to provide continuity to the audit.

16. They are responsible for designating the members of the audit team, including the team leader and any technical experts required for the specific audit

b) The individual(s) managing the audit program.

d) The person in charge of the management.

20. Objective evidence:

a) Is data that supports the existence or truth of something.

b) Can be obtained through observation, measurement, testing or by other means.

c) It is an audit method to reach reliable conclusions.

21. The results of the audit:

a) Are the evaluation results of the audit evidence gathered against the audit criteria.

b) They are considered findings and can be classified as conformity or nonconformity

c) It is an audit method to reach reliable conclusions.

d) If the audit criteria are selected from legal requirements or regulatory requirements, the audit finding is referred to as compliance or noncompliance.

26. The “Statement of Applicability” must contain:

a) Controls necessary to reduce the level of risk.

b) The justification for the inclusion of the controls considered necessary.

30. Defining objectives, scope and criteria for each individual audit, Selecting audit methods, and Defining and implementing the necessary operational controls for the supervision of the audit program are part of the activities for:

a) Define the scope of the ISMS.

b) Correctly create the ISMS policy.

31. They are responsible for assigning responsibilities to the audit team:

b) The person responsible for the management system.

d) The person(s) managing the audit program.

32. They should ensure that the following activities are carried out as part of the management of the results of the audit program: 1. Evaluation of the achievement of the objectives for each audit within the audit program. 2. Review and approval of audit reports on compliance with the scope and objectives of the audit. 3. Reviewing the effectiveness of actions taken to address audit findings. 4. Distribution of audit reports to relevant stakeholders. 5. Determination of the need for any follow-up audits.

c) The person(s) managing the audit program.

b) Everyone in the organization.

33. The audit plan describes:

a) The activities and arrangements for each planned audit.

b) A planning over a given period of time of one or more audits.

c) Both are valid since there is a relation between the program and the audit plan.

34. The audit program describes:

b) A planning over a given period of time of one or more audits.

a) The activities and arrangements for each planned audit

c) Both are valid since there is a relation between the program and the audit plan.

36.During an audit the auditee provides little information and constantly rephrases the auditor's questions:

a) Considered difficult situations that the auditor must be able to handle.

b) Issues that the lead auditor must resolve.

c) Conditions for termination of the audit.

37. A finding indicates:

a) Conformity or nonconformity.

b) Compliance or noncompliance.

39. They select and determine the methods for conducting the audit depending on the defined audit objectives, scope and criteria.

d) The person(s) managing the audit program.

3. ISO 27001:2022 Lead Auditor

Authored by Yohana Gracia Naomi

others

Professional Development

Used 12+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

41 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

1. In which of its clauses ISO 27001:2022 asks to consider:

a. Stakeholders that are relevant to the information security management system

b. The requirements of these stakeholders that are relevant to information security.

c. Which of these requirements will be addressed through the Information Security Management System.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

2. ISO 27001:2022 states that when the organization determines the need for changes to the ISMS, the changes shall be carried out in a planned manner in its clause:

a) Clause 6.3

b) Clause 10.2

c) Clause 4.2

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

3. Annex A of ISO 27001:2022 defines 4 categories (organizational, people, physical and technological) to group the 93 information security controls.

True

False

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

4. Once the audit has been carried out, the auditor in charge of the audit must prepare the Audit Report.
This report establishes:
a. Audit objectives
b. Scope of the audit.
c. Auditees and the audit period.
d. Documentation of the contact person.
e. Documentation of the lead auditor and other auditors.
f. Dates and locations where the audit activities took place.
g. Audit criteria.
h. Audit statements.
i. Audit Conclusions

a) All are correct.

b) All except d and e.

c) Only i.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

5. The audit objectives define what is to be achieved with the individual audit.

a) True.

b) False.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

6. The Statement of Applicability (SoA) must contain:
a. The controls necessary to implement the chosen information security risk treatment option(s).
b. Justification of inclusions.
c. Whether or not the necessary controls are implemented.
d. Justification for exclusions from any of the controls in annex A.

a) All are correct.

b) All except b and c.

c) Only a.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

7. During the closing meeting the lead auditor should explain, for example, any related post-audit activities (e.g., implementation and review of corrective actions, handling of audit complaints, appeals process).

a) True.

b) False.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

43 questions

6035 Drainage Outcome 1 part 2

Quiz

•

Professional Development

44 questions

AZ-900 - Simulado de Exame 02

Quiz

•

Professional Development

40 questions

Câu Hỏi Trắc Nghiệm Quản Trị Chuỗi Cung Ứng

Quiz

•

Professional Development

43 questions

Transformadores de Potencia

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for others

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L3_22-23

Lesson

•

KG - Professional Dev...

20 questions

Employability Skills

Quiz

•

Professional Development

3. ISO 27001:2022 Lead Auditor

1. In which of its clauses ISO 27001:2022 asks to consider:

2. ISO 27001:2022 states that when the organization determines the need for changes to the ISMS, the changes shall be carried out in a planned manner in its clause:

3. Annex A of ISO 27001:2022 defines 4 categories (organizational, people, physical and technological) to group the 93 information security controls.

5. The audit objectives define what is to be achieved with the individual audit.

7. During the closing meeting the lead auditor should explain, for example, any related post-audit activities (e.g., implementation and review of corrective actions, handling of audit complaints, appeals process).

8. Regarding documented information, ISO 27001:2022 indicates it may include:

9. The audit plan refers to:

10. ISO 19011:2018 determines nonconformities and improvement opportunities as noncompliance to requirements of the audited regulation.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for others