PECB Exam ISO-IEC-27001-Lead-Auditor Topic 1 Question 58 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam

Question #: 58
Topic #: 1

[All ISO-IEC-27001-Lead-Auditor Questions]

You are performing an ISMS audit at a residential nursing home that provides healthcare services and are reviewing the Software Code Management (SCM) system. You found a total of 10 user accounts on the SCM. You confirm that one of the users, Scott, resigned 9-months

ago. The SCM System Administrator confirmed Scott's last check-out of the source code was found 1 month ago. He was using one of the uthorized desktops from the local network in a secure area.

You check with the user de-registration procedure which states "Managers have to make sure of deregistration of the user account and authorisation immediately from the relevant ICT system and/or equipment after resignation approval." There was no deregistration record for user Scott.

The IT Security Manager explains that Scott still comes back to the office every month after he resigned to provide support on source code maintenance. That's why his account on SCM still exists.

You would like to investigate other areas further to collect more audit evidence. Select three options that would not be valid audit trails.

ACollect more evidence on how access controls are periodically reviewed to maintain security (Relevant to control A.5.35)

BCollect more evidence on how the transition of Scott from full-time to part-time employment was managed (relevant to control A.6.5)

CCollect more evidence from Scott's background verification checks performed by the human resource department under the new employment relationship. (Relevant to control A.6.1)

DCollect more evidence of why Scott resigned and whether his re-engagement represents a conflict of interest. (relevant to control A.5.3)

ECollect more evidence on how Scott can access the employee's desktop and local network. (Relevant to control A.5.15)

FCollect more evidence on how Scott can access the secure are
a. (Relevant to control A.8.4)

GCollect more evidence on how the organization pays for Scott's source code maintenance support service. (Relevant to control A.6.2)

HCollect more evidence on where Scott kept the source code that he checked out and how it was secured. (Relevant to control A.8.4)

Show Suggested Answer

Suggested Answer: B, D, G

The options B, D, and G are not valid audit trails because they are not directly related to the ISMS requirements or the audit criteria. They are more relevant to the human resource management or the contractual arrangements of the organization, which are outside the scope of the ISMS audit. The other options are valid audit trails because they can provide evidence of how the organization implements and maintains the ISMS controls related to access control, secure areas, and information security aspects of business continuity management.Reference:

PECB Candidate Handbook ISO/IEC 27001 Lead Auditor, page 16, section 4.2.1

ISO/IEC 27001:2013, clauses A.5.3, A.5.15, A.5.35, A.6.1, A.6.2, A.6.5, A.8.4, A.17.1

ISO 19011:2018, clause 6.2.2

by Noe at Apr 07, 2025, 11:16 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ammie

4 days ago

I think option B is not a valid audit trail because it's not directly related to the issue of Scott's access after resignation.

upvoted 0 times

...