ISO/IEC 27001 Lead Auditor UPDATED
ACTUAL Exam Questions and CORRECT
Answers
1. What does the ISO/IEC 27001 standard provide?
A. Requirements for organizations certifying an information security management system
B. Requirements for an information security management system
C. Guidance for auditing an information security management system - CORRECT
ANSWER - B. Requirements for an information security management system
1. Organizations can obtain certification against the ISO/IEC 27002 standard if they implement
all of its information security controls. - CORRECT ANSWER - A. False
1. The implementation of ISO/IEC 27001 is a legal requirement in most countries. - CORRECT
ANSWER - A. False
1. What is the aim of laws with regard to intellectual property rights?
A. Protecting certain intangible assets
B. Ensuring that certain assets are regularly reviewed
C. Providing asset management reports for legal purposes - CORRECT ANSWER - A.
Protecting certain intangible assets
1. Which of the following is one of the objectives of the privacy protection policy?
A. To increase awareness regarding the legal requirements for protecting personal information
B. To increase awareness regarding cybercrimes that target an organization's computer network
C. To increase awareness regarding the validity of digital signatures in electronic documents -
CORRECT ANSWER - A. To increase awareness regarding the legal requirements for
protecting personal information
1. When does the surveillance audit take place?
,A. After conducting stage 2 audit
B. After conducting the audit follow-up
C. After obtaining certification - CORRECT ANSWER - C. After obtaining certification
1. ISO performs accreditation and certification activities.
A. True
B. False - CORRECT ANSWER - False
1. Which of the statements holds true?
A. Certification bodies are accredited by accreditation bodies
B. Certification bodies are certified by accreditation bodies
C. Certification bodies are hired by accreditation bodies - CORRECT ANSWER - A.
Certification bodies are accredited by accreditation bodies
1. A third party that performs the assessment of conformity of management systems is:
A. An international standard
B. An accreditation body
C. A certification body - CORRECT ANSWER - C. A certification body
1. Your Market is a market research company which helps its customers determine which
products and services are on demand. The company is currently evaluating the effectiveness of
its information security controls through an ISMS audit. What is Your Market in this case?
A. An accreditation body
B. A certification body
C. An auditee - CORRECT ANSWER - C. An auditee
1. According to ISO 9000, what is an asset?
A. Item or entity that has potential or actual value to an organization
B. Meaningful data for an organization
,C. Document which states requirements for an organization - CORRECT ANSWER - A.
Item or entity that has potential or actual value to an organization
1. What is the difference between specifications and records?
A. Specifications are documents that state requirements, whereas records are documents that
state achieved results
B. Specifications refer to information and the medium on which it is contained, whereas records
are documents that state requirements
C. Specifications and records are both forms of documents, so they can be used interchangeably -
CORRECT ANSWER - A. Specifications are documents that state requirements, whereas
records are documents that state achieved results
1. A former employee of Company A has gained unauthorized access to the company's sensitive
information. What does this present?
A. A threat that has the potential to harm the assets of the organization, such as information or
systems
B. A vulnerability in the monitoring system of the organization that does not have corresponding
threats
C. A security control incorrectly implemented by the organization that is not vulnerable -
CORRECT ANSWER - A. A threat that has the potential to harm the assets of the
organization, such as information or systems
1. With which of the following principles does an organization comply if it ensures that only
authorized users have access to their sensitive data?
A. Confidentiality
B. Integrity
C. Availability - CORRECT ANSWER - A. Confidentiality
1. What does the integrity principle entail?
A. That information is available to authorized individuals
B. That information is accurate and safe from unauthorized access
, C. That information is accessible when needed - CORRECT ANSWER - B. That
information is accurate and safe from unauthorized access
1. Which of the options below represents an example of a vulnerability?
A. Unencrypted data
B. Unauthorized access by persons who have left the organization
C. Data input error by personnel - CORRECT ANSWER - A. Unencrypted data
1. What can have an impact on the availability of information?
A. Incorrect results
B. Deliberate change of information
C. Performance degradation - CORRECT ANSWER - C. Performance degradation
1. An organization has clearly defined the security procedures and uses an access control
software to avoid unauthorized access of the personnel to its confidential data. What is the
function of these security controls?
A. To prevent the occurrence of incidents
B. To correct errors arising from a problem
C. To report the occurrence of a malicious act - CORRECT ANSWER - A. To prevent the
occurrence of incidents
1. To which classification of security controls does the implementation of patches after the
identification of system vulnerabilities belong?
A. Preventive by function and managerial by type
B. Corrective by function and technical by type
C. Detective by function and administrative by type - CORRECT ANSWER - B.
Corrective by function and technical by type
1. What is one of the main purposes of implementing an ISMS?
A. To determine the information security objectives
ACTUAL Exam Questions and CORRECT
Answers
1. What does the ISO/IEC 27001 standard provide?
A. Requirements for organizations certifying an information security management system
B. Requirements for an information security management system
C. Guidance for auditing an information security management system - CORRECT
ANSWER - B. Requirements for an information security management system
1. Organizations can obtain certification against the ISO/IEC 27002 standard if they implement
all of its information security controls. - CORRECT ANSWER - A. False
1. The implementation of ISO/IEC 27001 is a legal requirement in most countries. - CORRECT
ANSWER - A. False
1. What is the aim of laws with regard to intellectual property rights?
A. Protecting certain intangible assets
B. Ensuring that certain assets are regularly reviewed
C. Providing asset management reports for legal purposes - CORRECT ANSWER - A.
Protecting certain intangible assets
1. Which of the following is one of the objectives of the privacy protection policy?
A. To increase awareness regarding the legal requirements for protecting personal information
B. To increase awareness regarding cybercrimes that target an organization's computer network
C. To increase awareness regarding the validity of digital signatures in electronic documents -
CORRECT ANSWER - A. To increase awareness regarding the legal requirements for
protecting personal information
1. When does the surveillance audit take place?
,A. After conducting stage 2 audit
B. After conducting the audit follow-up
C. After obtaining certification - CORRECT ANSWER - C. After obtaining certification
1. ISO performs accreditation and certification activities.
A. True
B. False - CORRECT ANSWER - False
1. Which of the statements holds true?
A. Certification bodies are accredited by accreditation bodies
B. Certification bodies are certified by accreditation bodies
C. Certification bodies are hired by accreditation bodies - CORRECT ANSWER - A.
Certification bodies are accredited by accreditation bodies
1. A third party that performs the assessment of conformity of management systems is:
A. An international standard
B. An accreditation body
C. A certification body - CORRECT ANSWER - C. A certification body
1. Your Market is a market research company which helps its customers determine which
products and services are on demand. The company is currently evaluating the effectiveness of
its information security controls through an ISMS audit. What is Your Market in this case?
A. An accreditation body
B. A certification body
C. An auditee - CORRECT ANSWER - C. An auditee
1. According to ISO 9000, what is an asset?
A. Item or entity that has potential or actual value to an organization
B. Meaningful data for an organization
,C. Document which states requirements for an organization - CORRECT ANSWER - A.
Item or entity that has potential or actual value to an organization
1. What is the difference between specifications and records?
A. Specifications are documents that state requirements, whereas records are documents that
state achieved results
B. Specifications refer to information and the medium on which it is contained, whereas records
are documents that state requirements
C. Specifications and records are both forms of documents, so they can be used interchangeably -
CORRECT ANSWER - A. Specifications are documents that state requirements, whereas
records are documents that state achieved results
1. A former employee of Company A has gained unauthorized access to the company's sensitive
information. What does this present?
A. A threat that has the potential to harm the assets of the organization, such as information or
systems
B. A vulnerability in the monitoring system of the organization that does not have corresponding
threats
C. A security control incorrectly implemented by the organization that is not vulnerable -
CORRECT ANSWER - A. A threat that has the potential to harm the assets of the
organization, such as information or systems
1. With which of the following principles does an organization comply if it ensures that only
authorized users have access to their sensitive data?
A. Confidentiality
B. Integrity
C. Availability - CORRECT ANSWER - A. Confidentiality
1. What does the integrity principle entail?
A. That information is available to authorized individuals
B. That information is accurate and safe from unauthorized access
, C. That information is accessible when needed - CORRECT ANSWER - B. That
information is accurate and safe from unauthorized access
1. Which of the options below represents an example of a vulnerability?
A. Unencrypted data
B. Unauthorized access by persons who have left the organization
C. Data input error by personnel - CORRECT ANSWER - A. Unencrypted data
1. What can have an impact on the availability of information?
A. Incorrect results
B. Deliberate change of information
C. Performance degradation - CORRECT ANSWER - C. Performance degradation
1. An organization has clearly defined the security procedures and uses an access control
software to avoid unauthorized access of the personnel to its confidential data. What is the
function of these security controls?
A. To prevent the occurrence of incidents
B. To correct errors arising from a problem
C. To report the occurrence of a malicious act - CORRECT ANSWER - A. To prevent the
occurrence of incidents
1. To which classification of security controls does the implementation of patches after the
identification of system vulnerabilities belong?
A. Preventive by function and managerial by type
B. Corrective by function and technical by type
C. Detective by function and administrative by type - CORRECT ANSWER - B.
Corrective by function and technical by type
1. What is one of the main purposes of implementing an ISMS?
A. To determine the information security objectives
