Regarding documented information, ISO 27001:2022 indicates it may include:

Documented information of external origin, determined by the organization as necessary for the planning and operation of the information security management system.

Documented information required by the information security management system and by this international regulation.

Documented information that the organization has determined is necessary for the effectiveness of the information security management system.

The audit plan refers to:

Description of the activities and arrangements for an audit.

A set of one or more audits planned for a specific period of time and directed toward a specific purpose.

This is the best time to disclose the conditions under which the audit may be terminated.

At the beginning of an individual audit.

During the definition of the audit scope.

ISO 19011:2018 states that auditors should have knowledge and skills such as: a) Understand the types of risks and opportunities associated with the audit. b) Plan and organize work effectively. c) Perform the audit within the agreed schedule. d) Taking too much time to write their notes correctly. e) Prioritize and focus on important issues. f) Empower in the audit to try to obtain as much evidence as possible. g) Communicate effectively, orally and in writing (either in person or through the use of interpreters). h) Gather information through effective interviewing, listening, observing and reviewing documented information, including records and data.

All of the above except C and F

All of the above are skills that an auditor should develop.

They are responsible for designating the members of the audit team, including the team leader and any technical experts required for the specific audit.

The individual(s) managing the audit program.

The person in charge of the management.

These are types of audits:

Audits are only classified as internal or external.

A) Is data that supports the existence or truth of something.

B) Can be obtained through observation, measurement, testing or by other means.

C) It is an audit method to reach reliable conclusions.

The results of the audit:

Are the evaluation results of the audit evidence gathered against the audit criteria.

They are considered findings and can be classified as conformity or nonconformity.

It is an audit method to reach reliable conclusions.

If the audit criteria are selected from legal requirements or regulatory requirements, the audit finding is referred to as compliance or noncompliance.

According to ISO 19011:2018, the scope of the audit:

Includes a description of physical and virtual locations, functions, organizational units, activities, and processes, as well as the period covered.

Includes a description of the numerals of the ISO 27001 requirements.

Includes a description of the numerals of Annex A and the requirements of the ISO 27001 standard.

Includes a description of the numerals in Annex A.

The ISMS Contributes to the Organization in:

Risk management to determine the appropriate controls to achieve acceptable levels of risk.

Information security as an essential component of the processes.

Active prevention and detection of information security incidents.

According to ISO 19011:2018, objective evidence:

Consists of records, statements of fact, or other information that are relevant to the audit criteria and verifiable.

Can only be obtained through audit observation.

It is not possible to obtain it, but only through information provided by the auditee.

Only taken when there are nonconformities.

According to ISO 19011:2018, the audit findings are:

The results of the evaluation of the collected audit evidence against audit criteria

The result of an audit after considering the audit objectives and all audit findings.

The result of an audit after considering the views of the auditee and the auditor.

The result of an audit after considering the controls in Exhibit A and all audit findings.

The results of previous internal or external audits should be considered to establish:

A. The objectives of the audit program.

B. The scope of the audit program.

D. The documents that the audited process must have.

Record review, interview, and observation are:

Minimum requirements for an audit.

Methods for evaluating auditors.

Verifying the relevance and accuracy of the information collected is a mandatory activity of:

The lead auditor as a skill and ability to ensure that audits are performed in a consistent and systematic manner.

The internal auditor to carry out the audit plan.

The auditee to provide accurate information to the auditor.

The person(s) managing the audit program to carry out the audit program.

During an audit the auditee provides little information and constantly rephrases the auditor's questions:

Considered difficult situations that the auditor must be able to handle.

Issues that the lead auditor must resolve.

Conditions for termination of the audit.

The “Statement of Applicability” must contain:

Controls necessary to reduce the level of risk.

The justification for the inclusion of the controls considered necessary.

Trial CertiProf Lead Auditor#1

Authored by sudiyuwono wowo

Professional Development

1st Grade

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

40 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In which of its clauses ISO 27001:2022 asks to consider?

Stakeholders that are relevant to the information security management

system

The requirements of these stakeholders that are relevant to information

security.

Which of these requirements will be addressed through the Information

Security Management System.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

ISO 27001:2022 states that when the organization determines the need for changes to the ISMS, the changes shall be carried out in a planned manner in its clause :

Clause 6.3

Clause 10.2

Clause 4.2

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The Lead Auditor evidences that risk acceptance criteria are not yet established, which clause of ISO 27001:2022 is being breached?

A. 5.1

B. 9.1.

C. 8.3.

D. 6.1.2

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Once the audit has been carried out, the auditor in charge of the audit must
prepare the Audit Report. This report establishes:
a. Audit objectives
b. Scope of the audit.
c. Auditees and the audit period.
d. Documentation of the contact person.
e. Documentation of the lead auditor and other auditors.
f. Dates and locations where the audit activities took place.
g. Audit criteria.
h. Audit statements.
i. Audit Conclusions.

All are correct.

All except d and e.

Only i.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The audit objectives define what is to be achieved with the individual audit.

True

False

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The Statement of Applicability (SoA) must contain:
a. The controls necessary to implement the chosen information security risk treatment option(s).
b. Justification of inclusions.
c. Whether or not the necessary controls are implemented.
d. Justification for exclusions from any of the controls in annex A.

All are correct.

All except b and c.

Only a.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

During the closing meeting the lead auditor should explain, for example, any related post-audit activities (e.g., implementation and review of corrective actions, handling of audit complaints, appeals process).

True.

False.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

35 questions

Prelim Applied Business Tools

Quiz

•

KG - Professional Dev...

40 questions

Microsoft Azure Fundamentals (AZ-900) - Practice Exam - 2

Quiz

•

1st Grade

38 questions

FA Full Course

Quiz

•

1st Grade

37 questions

Baby Photo Game

Quiz

•

1st - 11th Grade

40 questions

Teachers Quiz

Quiz

•

KG - Professional Dev...

40 questions

Certiprof ISO 27001 Foundation - Simulation

Quiz

•

1st Grade

40 questions

Test z EE.09 cz.1

Quiz

•

1st Grade - Professio...

40 questions

UTS SISTER 4-5-6

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

13 questions

SMS Cafeteria Expectations Quiz

Quiz

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

12 questions

SMS Restroom Expectations Quiz

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

10 questions

Pi Day Trivia!

Quiz

•

6th - 9th Grade

Discover more resources for Professional Development

15 questions

Guess the Food with Emojis

Quiz

•

1st Grade

Trial CertiProf Lead Auditor#1

In which of its clauses ISO 27001:2022 asks to consider?

ISO 27001:2022 states that when the organization determines the need for changes to the ISMS, the changes shall be carried out in a planned manner in its clause :

The Lead Auditor evidences that risk acceptance criteria are not yet established, which clause of ISO 27001:2022 is being breached?

The audit objectives define what is to be achieved with the individual audit.

During the closing meeting the lead auditor should explain, for example, any related post-audit activities (e.g., implementation and review of corrective actions, handling of audit complaints, appeals process).

Regarding documented information, ISO 27001:2022 indicates it may include:

The audit plan refers to:

ISO 19011:2018 determines nonconformities and improvement opportunities as noncompliance to requirements of the audited regulation.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development