Select the words that best complete the sentence:
To complete the sentence with the word(s) click on the blank section you want to complete so that it is highlighted in red, and then click on the application text from the options below. Alternatively, you may drag and drop the option to the appropriate blank section.

Correct Answer:

Explanation:
competence of the audit team and decision made by the certification body According to ISO/IEC 17021-1, which specifies the requirements for bodies providing audit and certification of management systems, an accredited certification means that the certification body has been evaluated by an accreditation body against recognized standards to demonstrate its competence, impartiality and performance capability1. Therefore, an accredited certification assures the competence of the audit team that conducts the audit in accordance with ISO 19011 and ISO/IEC 27001:2022, and the decision made by the certification body that grants or maintains the certification based on the audit evidence and findings2. References: ISO/IEC
17021-1:2015 - Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements, ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) | CQI | IRCA

Comment: *

Name: *

Email: *

Verification: *

Which two of the following statements are true?

• A.The role of a certification body auditor involves evaluating the organisation's processes for ensuring compliance with their legal requirements
• B.Curing a third-party audit, the auditor evaluates how the organisation ensures that 4 6 made aware of changes to the legal requirements
• C.As part of a certification body audit the auditor is resporable for verifying the organisation's legal compliance status

Comment: *

Name: *

Email: *

Verification: *

Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in 1999 by Thomas Fin in San Jose, California, Fintive offers services to companies that operate online and want to improve their information security, prevent fraud, and protect user information such as PII. Fintive centers its decision-making and operating process based on previous cases. They gather customer data, classify them depending on the case, and analyze them. The company needed a large number of employees to be able to conduct such complex analyses. After some years, however, the technology that assists in conducting such analyses advanced as well. Now, Fintive is planning on using a modern tool, a chatbot, to achieve pattern analyses toward preventing fraud in real-time. This tool would also be used to assist in improving customer service.
This initial idea was communicated to the software development team, who supported it and were assigned to work on this project. They began integrating the chatbot on their existing system. In addition, the team set an objective regarding the chatbot which was to answer 85% of all chat queries.
After the successful integration of the chatbot, the company immediately released it to their customers for use. The chatbot, however, appeared to have some issues.
Due to insufficient testing and lack of samples provided to the chatbot during the training phase, in which it was supposed "to learn" the queries pattern, the chatbot failed to address user queries and provide the right answers. Furthermore, the chatbot sent random files to users when it received invalid inputs such as odd patterns of dots and special characters. Therefore, the chatbot was unable to properly answer customer queries and the traditional customer support was overwhelmed with chat queries and thus was unable to help customers with their requests.
Consequently, Fintive established a software development policy. This policy specified that whether the software is developed in-house or outsourced, it will undergo a black box testing prior to its implementation on operational systems.
Based on this scenario, answer the following question:
Insufficient testing and lack of samples provided to Fintive's chatbot during the training phase are considered as 1.
Refer to scenario

• A.Threats
• B.Risks
• C.Vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

During a third-party certification audit, you are presented with a list of issues by an auditee. Which four of the following constitute 'internal' issues in the context of a management system to ISO 27001:2022?

• A.Higher labour costs as a result of an aging population
• B.A rise in interest rates in response to high inflation
• C.Poor levels of staff competence as a result of cuts in training expenditure
• D.Poor morale as a result of staff holidays being reduced
• E.Increased absenteeism as a result of poor management
• F.A reduction in grants as a result of a change in government policy
• G.A fall in productivity linked to outdated production equipment
• H.Inability to source raw materials due to government sanctions

Comment: *

Name: *

Email: *

Verification: *

What type of system ensures a coherent Information Security organisation?

• A.Federal Information Security Management Act (FISMA)
• B.Information Technology Service Management System (ITSM)
• C.Information Security Management System (ISMS)
• D.Information Exchange Data System (IEDS)

Comment: *

Name: *

Email: *

Verification: *