New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Auditor Exam - Topic 1 Question 58 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 58
Topic #: 1
[All ISO-IEC-27001-Lead-Auditor Questions]

You are performing an ISMS audit at a residential nursing home that provides healthcare services and are reviewing the Software Code Management (SCM) system. You found a total of 10 user accounts on the SCM. You confirm that one of the users, Scott, resigned 9-months

ago. The SCM System Administrator confirmed Scott's last check-out of the source code was found 1 month ago. He was using one of the uthorized desktops from the local network in a secure area.

You check with the user de-registration procedure which states "Managers have to make sure of deregistration of the user account and authorisation immediately from the relevant ICT system and/or equipment after resignation approval." There was no deregistration record for user Scott.

The IT Security Manager explains that Scott still comes back to the office every month after he resigned to provide support on source code maintenance. That's why his account on SCM still exists.

You would like to investigate other areas further to collect more audit evidence. Select three options that would not be valid audit trails.

Show Suggested Answer Hide Answer
Suggested Answer: B, D, G

The options B, D, and G are not valid audit trails because they are not directly related to the ISMS requirements or the audit criteria. They are more relevant to the human resource management or the contractual arrangements of the organization, which are outside the scope of the ISMS audit. The other options are valid audit trails because they can provide evidence of how the organization implements and maintains the ISMS controls related to access control, secure areas, and information security aspects of business continuity management.Reference:

PECB Candidate Handbook ISO/IEC 27001 Lead Auditor, page 16, section 4.2.1

ISO/IEC 27001:2013, clauses A.5.3, A.5.15, A.5.35, A.6.1, A.6.2, A.6.5, A.8.4, A.17.1

ISO 19011:2018, clause 6.2.2


by Noe at Apr 07, 2025, 11:16 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maxima
2 months ago
Collecting evidence on Scott's access is definitely relevant.
upvoted 0 times
...
Muriel
2 months ago
Not sure if the part-time thing justifies keeping his account active.
upvoted 0 times
...
Edelmira
2 months ago
Wait, he still has access? That's surprising!
upvoted 0 times
...
Shalon
3 months ago
Totally agree, that's a big security risk!
upvoted 0 times
...
Lou
3 months ago
Scott's account should've been deactivated after he resigned.
upvoted 0 times
...
Billy
3 months ago
I recall that we talked about conflicts of interest, but I'm not clear if investigating Scott's resignation reasons is necessary for this audit.
upvoted 0 times
...
Sunshine
3 months ago
I feel like the audit trails related to Scott's access to the secure area could be important, but I'm uncertain if they directly relate to the issue at hand.
upvoted 0 times
...
Garry
4 months ago
I think we practiced a question about user deregistration procedures, and it seems like collecting evidence on Scott's background checks might not be relevant here.
upvoted 0 times
...
Edna
4 months ago
I remember discussing the importance of user account management, but I'm not sure if Scott's situation falls under access control reviews or employment transitions.
upvoted 0 times
...
Venita
4 months ago
This is a good opportunity to demonstrate my understanding of the ISMS controls. I'll carefully review each option and select the ones that don't directly address the problem of the inactive user account and potential security risks.
upvoted 0 times
...
Tyra
4 months ago
Alright, let's do this. The main issue is that Scott's user account is still active even though he resigned, so we need to look at the controls around user deregistration and access management. I'll select the options that don't seem to address those core concerns.
upvoted 0 times
...
Sylvie
4 months ago
Hmm, this is a tricky one. There are a lot of different angles we could investigate, but we need to be strategic and focus on the most critical areas. I'm going to carefully review the options and choose the ones that don't seem directly relevant to the problem at hand.
upvoted 0 times
...
Belen
5 months ago
Okay, I think I've got a handle on this. The key is to focus on the controls that are directly relevant to the problem, like access controls, personnel management, and physical security. I'll select the options that don't seem to address those core issues.
upvoted 0 times
...
Jose
5 months ago
This question seems straightforward, but I want to make sure I understand the key issues before selecting the options. The main concern seems to be the lack of user deregistration for Scott, even though he resigned 9 months ago.
upvoted 0 times
...
Phuong
10 months ago
This is a classic case of 'the IT guy knows too much'. I'd focus on how he's accessing the secure area and the employee desktops. Sounds like someone's been watching too many spy movies.
upvoted 0 times
Leonida
9 months ago
F) Collect more evidence on how Scott can access the secure area. (Relevant to control A.8.4)
upvoted 0 times
...
Bonita
9 months ago
E) Collect more evidence on how Scott can access the employee's desktop and local network. (Relevant to control A.5.15)
upvoted 0 times
...
Wava
9 months ago
A) Collect more evidence on how access controls are periodically reviewed to maintain security (Relevant to control A.5.35)
upvoted 0 times
...
...
Beth
10 months ago
Haha, I bet Scott's got a secret underground lair where he's keeping all the source code. Gotta collect evidence on that for sure!
upvoted 0 times
Lawrence
10 months ago
Definitely, let's stick to the relevant audit trails and not get distracted by Scott's potential secret lair.
upvoted 0 times
...
Amalia
10 months ago
Yeah, we should focus on collecting evidence related to access controls and transition of employment instead.
upvoted 0 times
...
Margarett
10 months ago
That would be interesting to find out! But investigating Scott's secret lair is not a valid audit trail.
upvoted 0 times
...
...
Garry
10 months ago
I think option G is not a valid audit trail either. It's more about the organization's payment process, not directly related to Scott's unauthorized access.
upvoted 0 times
...
Lindsey
10 months ago
Hmm, this sounds like a mess. I'd look into the conflict of interest angle - why is the company still paying him to do work? Seems fishy to me.
upvoted 0 times
Zita
8 months ago
Let's not forget to collect more evidence on how the organization pays for Scott's source code maintenance support service.
upvoted 0 times
...
Chu
9 months ago
It's important to look into where Scott kept the source code that he checked out and how it was secured.
upvoted 0 times
...
Margurite
9 months ago
I think we should also investigate how Scott can access the employee's desktop and local network.
upvoted 0 times
...
Edna
10 months ago
I agree, the conflict of interest aspect is definitely suspicious.
upvoted 0 times
...
...
Kiera
10 months ago
I agree with Ammie. Option C also seems irrelevant as it focuses on Scott's background verification checks, not his current access to the system.
upvoted 0 times
...
Yolando
10 months ago
Wait, so Scott is still accessing the system even after resigning? That's a major security breach! I'd focus on how he can still get in and verify the deregistration processes.
upvoted 0 times
...
Ammie
11 months ago
I think option B is not a valid audit trail because it's not directly related to the issue of Scott's access after resignation.
upvoted 0 times
...

Save Cancel