Three auditors were assigned to conduct a certification audit in Company X. Before the commencement of the audit, the certification body provided the names and background information about the auditors to Company X. Company X requested the replacement of Bill, one of the auditors, claiming that Bill was a former employee of Company X. Is this acceptable?

Yes, a situation of conflict of interest is a valid reason to request the replacement of the Auditor

No, the auditee can request the replacement of the auditor only if a valid reason is presented such as unprofessional conduct or situations with real conflict of interest

No, the auditee cannot request the replacement of auditors

Which option below is NOT a role of the audit team leader?

Preventing and solving conflict during the audit

Preparing and explaining the audit conclusions

What is the main purpose of the opening meeting in an audit?

To ensure that planned audit activities can be performed

To obtain detailed information about management system-related processes

To verify audit evidence and obtain a reasonable level of assurance

What should an auditor do to evaluate the top management’s commitment to the information security management system?

Interview the auditee’s top management

Demonstrate commitment to audit procedures

Ask all of the auditee’s employees for their opinion

All options below verify conformity to ISO/IEC 27001, control 6.6 Confidentiality or non- qualitative evidence, EXCEPT:

Select a sample of employees' documents who have access to sensitive information to verify that confidentiality or non-disclosure agreement is signed

Interview the personnel responsible for the content of a confidentiality or non-disclosure agreement

Ask to be present during the analysis of a confidentiality or non-disclosure agreement by a third party

Which of the following is one of the objectives of the privacy protection policy?

To increase awareness regarding the legal requirements for protecting personal information

To increase awareness regarding cybercrimes that target an organization’s computer network

To increase awareness regarding the validity of digital signatures in electronic documents

What is the main objective of stage 2 audit?

To evaluate the implementation of the ISMS

To review the internal audit activities

To verify the information security objectives of the ISMS

Why should an auditor consider cultural aspects at every stage of the audit?

To avoid possible conflicts or misunderstandings

To solve conflicts between employees of the auditee

To document conflictual situations

Exercise - ISO27001 LEAD AUDITOR

Authored by sudiyuwono wowo

Social Studies

1st Grade

Used 4+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which statement below best describes the relationship between information security aspects?

Threats exploit vulnerabilities to damage or destroy assets

Controls protect assets by reducing threats

Risk is a function of vulnerabilities that harm assets

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A data processing tool crashed when a user added more data in the buffer than its storage capacity allows.
The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?

Integrity and availability

Confidentiality and integrity

Confidentiality and availability

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which option below about the ISMS scope is correct?

ISMS scope should be available as documented information

ISMS scope should ensure continual improvement

ISMS scope should be compatible with the strategic orientation of the organization

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What factors should an auditor consider when evaluating the conformity of documented information?

Content and format

Dates and signatures

Alignment with policies

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A marketing agency has developed its own risk assessment approach as part of theISMS implementation. Is this acceptable?

Yes, any risk assessment methodology that provides accurate and reliable results is acceptable

Yes, only if the risk assessment methodology is aligned with recognized risk assessment methodologies

No, when implementing an ISMS, the risk assessment methodology provided by
ISO/IEC 27001 should be used

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of options below is a control to the management of personnel that aims to avoid the occurrence of incidents?

The organization regularly provides security awareness and training sessions for its employees

The organization always reviews the security policy after the integration of a new division to the organization

The organization conducts regular user access reviews to verify that only authorized employees have access to confidential information

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The auditor issued an unfavourable report for Company 1 by strictly examining the audit evidence. He was not intimidated when Company 1, the main client of his audit firm, threatened to terminate the contract if the audit report does not suit them. Which principle of auditing has the auditor followed?

Independence

Confidentiality

Fair presentation

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

17 questions

Needs and Wants

Quiz

•

1st - 2nd Grade

17 questions

Election 2020

Quiz

•

KG - 12th Grade

15 questions

Caribbean Flags

Quiz

•

1st - 11th Grade

20 questions

Surprise

Quiz

•

1st Grade

15 questions

Communities

Quiz

•

KG - 2nd Grade

16 questions

World cup cricket

Quiz

•

1st - 7th Grade

15 questions

Our Families

Quiz

•

KG - 5th Grade

20 questions

Earn, Spend, Save, and Donate

Quiz

•

KG - 5th Grade

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Social Studies

11 questions

Ruby Bridges Test

Quiz

•

1st Grade

10 questions

Harriet Tubman

Quiz

•

1st Grade

11 questions

BARTERING

Quiz

•

KG - 2nd Grade

Exercise - ISO27001 LEAD AUDITOR

Which statement below best describes the relationship between information security aspects?

A data processing tool crashed when a user added more data in the buffer than its storage capacity allows.
The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?

Which option below about the ISMS scope is correct?

What factors should an auditor consider when evaluating the conformity of documented information?

A marketing agency has developed its own risk assessment approach as part of theISMS implementation. Is this acceptable?

Which of options below is a control to the management of personnel that aims to avoid the occurrence of incidents?

The Responsibilities of a ____ include facilitating audit activities, maintaining logistics, ensuring that health and safety policies are observed,
and witnessing the audit process on behalf of the auditee.

What service model should organizations use to improve their business continuity capabilities and security?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Social Studies

Exercise - ISO27001 LEAD AUDITOR

Which statement below best describes the relationship between information security aspects?

A data processing tool crashed when a user added more data in the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?

Which option below about the ISMS scope is correct?

What factors should an auditor consider when evaluating the conformity of documented information?

A marketing agency has developed its own risk assessment approach as part of theISMS implementation. Is this acceptable?

Which of options below is a control to the management of personnel that aims to avoid the occurrence of incidents?

The Responsibilities of a ____ include facilitating audit activities, maintaining logistics, ensuring that health and safety policies are observed, and witnessing the audit process on behalf of the auditee.

What service model should organizations use to improve their business continuity capabilities and security?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Social Studies

A data processing tool crashed when a user added more data in the buffer than its storage capacity allows.
The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?

The Responsibilities of a ____ include facilitating audit activities, maintaining logistics, ensuring that health and safety policies are observed,
and witnessing the audit process on behalf of the auditee.