Free ISO/IEC 27001 Lead Auditor Exam Braindumps (page: 17)

Page 16 of 41

Which of the following types of audit requires that the auditee and audit team agree on remote access protocols prior to conducting the audit?

  1. Virtual
  2. Internal
  3. External

Answer(s): A

Explanation:

A virtual audit typically requires the auditee and the audit team to agree on remote access protocols before the audit is conducted. Since the audit is performed remotely, both parties must ensure secure and efficient access to the necessary systems, documents, and data. This agreement helps facilitate the audit process while maintaining confidentiality and compliance with relevant security standards.



What is the purpose of audit test plans in the audit process?

  1. To develop detailed audit reports
  2. To conduct audit procedures such as observation and interviews
  3. To select all elements of the management system for validation

Answer(s): B

Explanation:

The purpose of audit test plans is to guide the audit process by outlining the procedures and activities that will be used to gather evidence. This includes specific methods like observation, interviews, sampling, testing, and document reviews to assess the effectiveness and compliance of the management system with relevant standards. The test plans help auditors focus their efforts and ensure that the audit procedures are systematic, thorough, and aligned with the audit objectives.



The auditor used sampling to ensure that event logs recording information security events are maintained and regularly reviewed. Sampling was based on the audit objectives, whereas the sample selection process was based on the probability theory. What type of sampling was used?

  1. Statistical sampling
  2. Judgment-based sampling
  3. Multi-site sampling

Answer(s): A

Explanation:

Statistical sampling is a method where the sample selection process is based on probability theory, ensuring that each item in the population has a known, non-zero chance of being selected. In this case, the auditor used sampling based on probability theory to ensure event logs were maintained and reviewed, which is characteristic of statistical sampling. This method allows the auditor to draw conclusions about the entire population based on the sample selected.



Which option below is correct about the audit plan?

  1. The audit plan involves the use of several audit procedures
  2. The audit plan should be flexible to allow for modifications
  3. The auditee's top management prepares the audit plan

Answer(s): B

Explanation:

The audit plan is a document that outlines the audit's objectives, scope, methodology, and timeline. It should be flexible to allow for modifications during the audit process, as unforeseen circumstances or issues may arise that require adjustments. The plan is typically prepared by the audit team, not the auditee's top management, and while it may involve several audit procedures, the flexibility ensures that the audit remains effective in addressing key risks and concerns.






Post your Comments and Discuss EXIN ISO/IEC 27001 Lead Auditor exam with other Community members:

ISO/IEC 27001 Lead Auditor Discussions & Posts