Free PECB ISO-IEC-27001-Lead-Auditor Exam Dumps Questions & Answers

Scenario 9: UpNet, a networking company, has been certified against ISO/IEC 27001. It provides network security, virtualization, cloud computing, network hardware, network management software, and networking technologies.
The company's recognition has increased drastically since gaining ISO/IEC 27001 certification. The certification confirmed the maturity of UpNefs operations and its compliance with a widely recognized and accepted standard.
But not everything ended after the certification. UpNet continually reviewed and enhanced its security controls and the overall effectiveness and efficiency of the ISMS by conducting internal audits. The top management was not willing to employ a full-time team of internal auditors, so they decided to outsource the internal audit function. This form of internal audits ensured independence, objectivity, and that they had an advisory role about the continual improvement of the ISMS.
Not long after the initial certification audit, the company created a new department specialized in data and storage products. They offered routers and switches optimized for data centers and software-based networking devices, such as network virtualization and network security appliances. This caused changes to the operations of the other departments already covered in the ISMS certification scope.
Therefore. UpNet initiated a risk assessment process and an internal audit. Following the internal audit result, the company confirmed the effectiveness and efficiency of the existing and new processes and controls.
The top management decided to include the new department in the certification scope since it complies with ISO/IEC 27001 requirements. UpNet announced that it is ISO/IEC 27001 certified and the certification scope encompasses the whole company.
One year after the initial certification audit, the certification body conducted another audit of UpNefs ISMS.
This audit aimed to determine the UpNefs ISMS fulfillment of specified ISO/IEC 27001 requirements and ensure that the ISMS is being continually improved. The audit team confirmed that the certified ISMS continues to fulfill the requirements of the standard. Nonetheless, the new department caused a significant impact on governing the management system. Moreover, the certification body was not informed about any changes. Thus, the UpNefs certification was suspended.
Based on the scenario above, answer the following question:
UpNet ensured independence, objectivity, and advisory activities from the internal audit. Is this action acceptable?

• A.  No, because the internal audit function was outsourced
• B.  Yes, because internal audits have an advisory role
• C.  No, because internal audits should be independent of the audited activities

Scenario 3: Rebuildy is a construction company located in Bangkok.. Thailand, that specializes in designing, building, and maintaining residential buildings. To ensure the security of sensitive project data and client information, Rebuildy decided to implement an ISMS based on ISO/IEC 27001. This included a comprehensive understanding of information security risks, a defined continual improvement approach, and robust business solutions.
The ISMS implementation outcomes are presented below
*Information security is achieved by applying a set of security controls and establishing policies, processes, and procedures.
*Security controls are implemented based on risk assessment and aim to eliminate or reduce risks to an acceptable level.
*All processes ensure the continual improvement of the ISMS based on the plan-do-check-act (PDCA) model.
*The information security policy is part of a security manual drafted based on best security practices Therefore, it is not a stand-alone document.
*Information security roles and responsibilities have been clearly stated in every employees job description
*Management reviews of the ISMS are conducted at planned intervals.
Rebuildy applied for certification after two midterm management reviews and one annual internal audit Before the certification audit one of Rebuildy's former employees approached one of the audit team members to tell them that Rebuildy has several security problems that the company is trying to conceal. The former employee presented the documented evidence to the audit team member Electra, a key client of Rebuildy, also submitted evidence on the same issues, and the auditor determined to retain this evidence instead of the former employee's. The audit team member remained in contact with Electra until the audit was completed, discussing the nonconformities found during the audit. Electra provided additional evidence to support these findings.
At the beginning of the audit, the audit team interviewed the company's top management They discussed, among other things, the top management's commitment to the ISMS implementation. The evidence obtained from these discussions was documented in written confirmation, which was used to determine Rebuildy's conformity to several clauses of ISO/IEC 27001 The documented evidence obtained from Electra was attached to the audit report, along with the nonconformities report. Among others, the following nonconformities were detected:
*An instance of improper user access control settings was detected within the company's financial reporting system.
*A stand-alone information security policy has not been established. Instead, the company uses a security manual drafted based on best security practices.
After receiving these documents from the audit team, the team leader met Rebuildy's top management to present the audit findings. The audit team reported the findings related to the financial reporting system and the lack of a stand-alone information security policy. The top management expressed dissatisfaction with the findings and suggested that the audit team leader's conduct was unprofessional, implying they might request a replacement. Under pressure, the audit team leader decided to cooperate with top management to downplay the significance of the detected nonconformities. Consequently, the audit team leader adjusted the report to present a more favorable view, thus misrepresenting the true extent of Rebuildy's compliance issues.
Based on the scenario above, answer the following question:
Question:
Which action described in Scenario 3 indicates that the audit team leader violated the independence principle?

• A.  The audit team leader sent a favorable report after discussing the audit conclusions with the top management
• B.  The audit team included the former employee's evidence in the audit report without revealing the source
• C.  The audit team leader revealed confidential information about Rebuildy to the former employee

Which one of the following options is the definition of the context of an organisation?

• A.  A combination of internal and external issues that can have an effect on an organisation's approach to developing and achieving its objectives
• B.  The control of internal and external issues that can have an effect on an organisation's desire to achieve its objectives
• C.  The coordination of internal and external issues that can have a positive or negative effect on an organisation's success
• D.  Complexity of internal and external issues that can have an effect on an organisation's approach to developing and achieving its purpose

Question
Who establishes the audit scope and audit criteria?

• A.  The audit team leader
• B.  The certification body
• C.  The audit team after discussing with the auditee

Question:
In a joint audit involving multiple audit teams, how many audit team leaders are typically designated per audit?

• A.  There are no designated audit team leaders in joint audits
• B.  Each audit team appoints its own audit team leader
• C.  One audit team leader per audit, regardless of the number of audit teams involved