New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Implementer Exam - Topic 1 Question 60 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 60
Topic #: 1
[All ISO-IEC-27001-Lead-Implementer Questions]

Scenario 9: OpenTech provides IT and communications services. It helps data communication enterprises and network operators become multi-service providers During an internal audit, its internal auditor, Tim, has identified nonconformities related to the monitoring procedures He identified and evaluated several system Invulnerabilities.

Tim found out that user IDs for systems and services that process sensitive information have been reused and the access control policy has not been followed After analyzing the root causes of this nonconformity, the ISMS project manager developed a list of possible actions to resolve the nonconformity. Then, the ISMS project manager analyzed the list and selected the activities that would allow the elimination of the root cause and the prevention of a similar situation in the future. These activities were included in an action plan The action plan, approved by the top management, was written as follows:

A new version of the access control policy will be established and new restrictions will be created to ensure that network access is effectively managed and monitored by the Information and Communication Technology (ICT) Department

The approved action plan was implemented and all actions described in the plan were documented.

Based on this scenario, answer the following question:

OpenTech has decided to establish a new version of its access control policy. What should the company do when such changes occur?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to ISO/IEC 27001:2022, clause 6.2, the organization shall establish information security objectives at relevant functions and levels. The information security objectives shall be consistent with the information security policy and relevant to the information security risks. The organization shall update the information security objectives as changes occur. Therefore, when OpenTech decides to establish a new version of its access control policy, it should update its information security objectives accordingly to reflect the changes and ensure alignment with the policy.


by Bong at Jun 10, 2025, 10:34 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Implementer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Katina
2 months ago
Not sure if just monitoring change factors is enough, though.
upvoted 0 times
...
Lawanda
2 months ago
I think they should also include the changes in the scope.
upvoted 0 times
...
Marva
3 months ago
Wait, are they really reusing user IDs? That's a huge risk!
upvoted 0 times
...
King
3 months ago
Definitely need to update the security objectives too.
upvoted 0 times
...
Dorsey
3 months ago
Sounds like a solid plan to update the access control policy!
upvoted 0 times
...
Ronny
3 months ago
I’m a bit confused about the best approach. Should we focus more on monitoring or updating objectives? Both seem important, but I can’t recall which one takes priority.
upvoted 0 times
...
France
4 months ago
I remember a practice question about including changes in the scope. It feels relevant here since the access control policy is a key part of our ISMS.
upvoted 0 times
...
Sherly
4 months ago
I'm not entirely sure, but updating the information security objectives might be important too. It could help align the new policy with our overall goals.
upvoted 0 times
...
Bernadine
4 months ago
I think we should definitely identify the change factors to be monitored. It seems crucial to understand what triggered the need for a new policy.
upvoted 0 times
...
Lennie
4 months ago
I feel pretty confident about this one. When changes to the access control policy happen, the company should identify the key factors that need to be monitored to ensure the changes are implemented effectively. Option A seems like the best choice.
upvoted 0 times
...
Rodrigo
4 months ago
Based on the scenario, it seems like the company needs to establish a new version of the access control policy. So I would go with option A - identifying the change factors to be monitored. That seems like the logical first step.
upvoted 0 times
...
Arminda
4 months ago
I'm a bit confused by the wording of the options. Do we need to update the information security objectives or just include the changes in the scope? I'm not sure which one is the correct approach.
upvoted 0 times
...
Natalie
5 months ago
This seems like a straightforward question about access control policy changes. I think the key is to identify the factors that need to be monitored when such changes occur.
upvoted 0 times
...
Howard
7 months ago
Hey, at least they're not asking us to 'turn it off and on again' to fix the problem. That's the IT equivalent of 'have you tried using a bigger hammer?'
upvoted 0 times
Lewis
5 months ago
C) Include the changes in the scope
upvoted 0 times
...
Felton
6 months ago
A) Identify the change factors to be monitored
upvoted 0 times
...
...
Garry
8 months ago
Including the changes in the scope? What is this, a construction project? We're talking about an IT policy update here, folks.
upvoted 0 times
...
Talia
8 months ago
I believe including the changes in the scope is also important to ensure all aspects are covered.
upvoted 0 times
...
An
8 months ago
Updating the information security objectives? Isn't that a bit overkill for a simple policy change? Let's keep it simple and focused on the immediate issue at hand.
upvoted 0 times
Annette
7 months ago
C) Include the changes in the scope
upvoted 0 times
...
Tijuana
7 months ago
B) Update the information security objectives
upvoted 0 times
...
Mabel
7 months ago
A) Identify the change factors to be monitored
upvoted 0 times
...
...
Hana
8 months ago
I agree with Lisha. Updating the information security objectives is crucial when changes occur.
upvoted 0 times
...
Tamekia
8 months ago
I agree, monitoring the change factors is crucial. You don't want to introduce new vulnerabilities while trying to fix the existing ones.
upvoted 0 times
...
Lisha
9 months ago
I think the company should update the information security objectives.
upvoted 0 times
...
Janine
9 months ago
Identifying the change factors to be monitored seems like the logical step here. You can't just update the policy without understanding how it will impact the organization.
upvoted 0 times
Bulah
7 months ago
C) Include the changes in the scope
upvoted 0 times
...
Martha
8 months ago
B) Update the information security objectives
upvoted 0 times
...
Iraida
8 months ago
A) Identify the change factors to be monitored
upvoted 0 times
...
...

Save Cancel