Free Access PECB.ISO-IEC-27001-Lead-Auditor.v2025-07-30.q306 Practice Test (Page 44)

Question 211

You are carrying out your first third-party ISMS surveillance audit as an audit team leader. You are presently in the auditee's data centre with another member of your audit team and the organisation's guide.
You request access to a locked room protected by a combination lock and iris scanner. The room contains several rows of uninterruptable power supplies along with several data cabinets containing client-supplied equipment, predominantly servers, and switches.
You note that there is a gas-based fire extinguishing system in place. A label indicates that the system requires testing every 6 months however the most recent test recorded on the label was carried out by the manufacturer 12 months ago.
Based on the scenario above which two of the following actions would you now take?

A.Raise a nonconformity against control A.7.11 'supporting utilities' as information processing facilities are not adequately protected against possible disruption

B.Make a note to ask the site maintenance manager for evidence that a fire extinguishing system test was carried out 6 months ago

C.Require the guide to initiate the organisation's information security incident process

D.Providing water-based extinguishers are accessible in the room, take no further action as these provide an alternative means to put out a fire

E.Raise a nonconformity against control A.5.7 'threat intelligence' as the organisation has not identified the need to take action against the threat of fire

F.Determine if requirements for recording fire extinguisher checks have been revised within the last year.
If so, suggest these are referenced on the existing labels as an opportunity for improvement

Question 212

An audit team leader is planning a follow-up audit after the completion of a third-party surveillance audit earlier in the year. They have decided they will verify the nonconformities that require corrections before they move on to consider corrective actions.
Based on the descriptions below, which four of the following are corrections for nonconformities identified at the surveillance?

A.A signature missing from a client's contract for the supply of data services was added

B.A software installation guide which had not been sent to the client along with their new system was posted out

C.An incorrectly dated purchase order for a new network switch was rectified

D.Data centre staff not carrying out backups in accordance with specified procedures were retrained

E.Hard drive HD302 which had been colour-coded green (available for use) instead of red (to be destroyed) was removed from the system

F.Scheduled management reviews, having been missed, were prioritised by the General Manager for holding on a specific date twice each following year

G.The documented process for product shipment, which did not reflect how this activity was conducted by the despatch team, was re-written and the team trained accordingly

H.The organisation, having failed to maintain its Schedule of Applicability, re-allocated responsibility for its updating to the Technical Director

Question 213

Which two of the following statements are true?

A.The role of a certification body auditor involves evaluating the organisation's processes for ensuring compliance with their legal requirements

B.Curing a third-party audit, the auditor evaluates how the organisation ensures that 4 6 made aware of changes to the legal requirements

C.As part of a certification body audit the auditor is resporable for verifying the organisation's legal compliance status

Question 214

You have just completed a scheduled information security audit of your organisation when the IT Manager approaches you and asks for your assistance in the revision of the company's risk management process.
He is attempting to update the current documentation to make it easier for other managers to understand, however, it is clear from your discussion he is confusing several key terms.
You ask him to match each of the descriptions with the appropriate risk term. What should the correct answers be?

Question 215

You are the audit team leader conducting a third-party audit of an online insurance company. During Stage 1, you found that the organization took a very cautious risk approach and included all the information security controls in ISO/IEC 27001:2022 Appendix A in their Statement of Applicability.
During the Stage 2 audit, your audit team found that there was no evidence of a risk treatment plan for the implementation of the three controls (5.3 Segregation of duties, 6.1 Screening, 7.12 Cabling security). You raise a nonconformity against clause 6.1.3.e of ISO 27001:2022.
At the closing meeting, the Technical Director issues an extract from an amended Statement of Applicability (as shown) and asks for the nonconformity to be withdrawn.

Select three options of the correct responses of an audit team leader to the request of the Technical Director.

A.Advise management that the information provided will be reviewed when the auditors have more time.

B.Advise the Technical Director that his request will be included in the audit report.

C.Advise the Technical Director that once a nonconformity is raised it cannot be withdrawn.

D.Advise the Technical Director that the nonconformity must stand since the evidence obtained for it was clear.

E.Ask the auditor who raised the issue for their opinion on how you should respond to the request.

F.Inform the Technical Director that the nonconformity will be changed to an Opportunity for Improvement.

G.Review the documentation produced and withdraw the nonconformity.

H.State that a follow up audit will be necessary to review the evidence for the updated Statement of Applicability.

Correct Answer: B,D,H

The three options of the correct responses of an audit team leader to the request of the Technical Director are:
* B. Advise the Technical Director that his request will be included in the audit report.
* D. Advise the Technical Director that the nonconformity must stand since the evidence obtained for it was clear.
* H. State that a follow up audit will be necessary to review the evidence for the updated Statement of Applicability.
* B. This response is correct because the audit team leader should document the request of the Technical Director and include it in the audit report, along with the audit findings and conclusions12. This will ensure transparency and traceability of the audit process and the audit results.
* D. This response is correct because the audit team leader should not withdraw the nonconformity based on the amended Statement of Applicability alone. The nonconformity was raised against clause 6.1.3.e of ISO 27001:2022, which requires the organisation to produce and maintain a risk treatment plan that defines how the information security risks are treated, including the controls selected and their implementation status34. The Statement of Applicability is only one part of the risk treatment plan, and it does not provide sufficient evidence that the controls have been implemented effectively. The audit team leader should base the nonconformity on the objective evidence obtained during the audit, not on the subjective claims of the auditee12.
* H. This response is correct because the audit team leader should state that a follow up audit will be necessary to review the evidence for the updated Statement of Applicability. A follow up audit is an audit that is conducted after a previous audit to verify the implementation and effectiveness of the corrective actions and/or opportunities for improvement that were agreed upon as a result of the previous audit56. The follow up audit should seek to ensure that the nonconformity has been effectively addressed and that the ISMS is compliant and effective. The follow up audit should also consider any new or changed risks or requirements that may affect the ISMS56.
References:
1: PECB Candidate Handbook - ISO 27001 Lead Auditor, page 25 2: ISO 19011:2018 - Guidelines for auditing management systems, clause 6.7 3: ISO/IEC 27001:2022 - Information technology - Security techniques - Information security management systems - Requirements, clause 6.1.3.e 4: ISO/IEC 27005:
2022 - Information technology - Security techniques - Information security risk management, clause 8.3.2
5: PECB Candidate Handbook - ISO 27001 Lead Auditor, page 25 6: ISO 19011:2018 - Guidelines for auditing management systems, clause 6.7

Other Version: 3190PECB.ISO-IEC-27001-Lead-Auditor.v2024-10-22.q296; 2360PECB.ISO-IEC-27001-Lead-Auditor.v2024-07-04.q280; 1700PECB.ISO-IEC-27001-Lead-Auditor.v2024-05-07.q128; 1545PECB.ISO-IEC-27001-Lead-Auditor.v2023-05-01.q35; 1569PECB.ISO-IEC-27001-Lead-Auditor.v2022-05-18.q33; 1808PECB.ISO-IEC-27001-Lead-Auditor.v2022-01-24.q33; 118PECB.Exams4sures.ISO-IEC-27001-Lead-Auditor.v2021-11-27.by.elva.33q.pdf

Latest Upload: 255PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 364Nokia.4A0-113.v2026-05-01.q69; 400EC-COUNCIL.312-49v11.v2026-04-30.q214; 316Microsoft.MB-820.v2026-04-30.q101; 249Salesforce.MC-202.v2026-04-30.q57; 277BICSI.INSTC_V8.v2026-04-29.q53; 415NMLS.MLO.v2026-04-28.q82; 280NCARB.Project-Management.v2026-04-28.q27; 497EMC.D-AV-DY-23.v2026-04-27.q184; 1309ServiceNow.CSA.v2026-04-27.q483

Question 211

Question 212

Question 213

Question 214

Question 215

Download PDF File