Curious about Actual PECB ISO/IEC 27001 Lead Auditor Exam Questions?

You are an experienced ISMS auditor conducting a third-party surveillance audit at an organisation which offers ICT reclamation services. ICT equipment which companies no longer require is processed by the organisation. It is either recommissioned and reused or is securely destroyed.

You notice two servers on a bench in the corner of the room. Both have stickers on them with the server's name, IP address and admin password. You ask the ICT Manager about them, and he tells you they were part of a shipment received yesterday from a regular customer.

Which one action should you take?

You are an experienced ISMS audit team leader. You are currently conducting a third-party surveillance audit of an

international haulage organisation. You have sampled four internal audit reports which state:

Report 1 - Auditor: Mr James.

Over the year the organisation has failed to meet its promised delivery dates on 23 occasions out of 100. This is against a target of '95% of deliveries on time'.

Grading - Minor

Corrective Action due: Within 9 months.

Report 2 - Auditor: Mr James.

Between January and March, it was noted 125 complaints were received about the Service Desk Team. Clients

accused them of being rude and unresponsive.

Grading - Minor

Corrective Action due: Within 12 months.

Report 3 - Auditor: Mr James.

Of the 40 customer orders received last month, 38 were correctly processed. Of the remaining 2, one was missing a

signature and one was missing a date.

Grading -

Corrections due: Within 3 weeks

Report 4 - Auditor: Mr Rogers.

Of the 30 personnel records examined, 26 were found to be fully completed whilst the remaining 4 were all missing

the individual's start date.

Grading -- Major

Corrections due: Within 1 week

Which four of the options demonstrate the concerns you would have about these reports?

As the Information Security Management System audit team leader, you are conducting a second-party audit of an international logistics company on behalf of an online retailer. During the audit, one of your team members reports a nonconformity relating to control 5.18 (Access rights) of Appendix A of ISO/IEC 27001:2022. She found evidence that removing the server access protocols of 20 people who left in the last 3 months took up to 1 week whereas the policy required removing access within 24 hours of their departure.

When the auditee was asked why there was a delay in removing access they replied, 'no one was available in the IT department during that period as a result of COVID-19. As soon as an IT officer became available the rights were removed.

You note that she intends to raise a minor non-conformity against Access rights control (5.18). How should you respond to this?

The purpose of a management system audit is to? Select 1

When preparing for an audit, which of the following statements is false?