New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Implementer Exam - Topic 2 Question 47 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 47
Topic #: 2
[All ISO-IEC-27001-Lead-Implementer Questions]

Which situation presented in scenario 8 is not in compliance with ISO/IEC 27001 requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Shelba at Sep 16, 2024, 08:48 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Implementer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Donette
3 months ago
Totally agree, B is not following ISO standards!
upvoted 0 times
...
Carrol
3 months ago
C is definitely a problem, too much access for one person.
upvoted 0 times
...
Gracia
3 months ago
Wait, two years for an audit? That seems too long!
upvoted 0 times
...
Valentin
4 months ago
I think B is the issue, audits should be more frequent.
upvoted 0 times
...
Mozell
4 months ago
Option A is compliant, Emma's role is fine.
upvoted 0 times
...
Emilio
4 months ago
I'm a bit confused about the specifics of the roles in option A; I thought operational roles had to be clearly defined, but I can't recall the details.
upvoted 0 times
...
James
4 months ago
I feel like option C raises some red flags about access control, which is a big part of ISO/IEC 27001 compliance.
upvoted 0 times
...
Carri
4 months ago
I remember a practice question about audit timelines, and I think option B could be problematic if audits are supposed to be more frequent.
upvoted 0 times
...
Thad
5 months ago
I think option A might be okay since operational roles are often part of the management system, but I'm not entirely sure.
upvoted 0 times
...
Ines
5 months ago
Ah, I see. I think option A is the correct answer. Having an operational role in the management system could compromise the independence and objectivity of the ISMS.
upvoted 0 times
...
Stefania
5 months ago
I'm pretty confident that the answer is B. The standard requires regular audits, and waiting two years seems too long to me.
upvoted 0 times
...
Evangelina
5 months ago
I'm a bit confused on this one. I'll need to re-read the scenario and the answer choices a few times to make sure I understand the requirements properly.
upvoted 0 times
...
Tambra
5 months ago
Okay, let's see. I think it might be option C, since having unrestricted access to all offices and documentation could be a security risk and violate the principle of least privilege.
upvoted 0 times
...
Sharen
5 months ago
Hmm, this one seems tricky. I'll need to carefully review the ISO/IEC 27001 requirements to determine which situation is not in compliance.
upvoted 0 times
...
Gladis
5 months ago
Hmm, this seems straightforward. I think the engineer needs to match the survey to a "normal client" since that's the typical type of client they would encounter.
upvoted 0 times
...
Letha
1 year ago
I hope the correct answer isn't 'All of the above' - that would be a real ISO/IEC 27001 plot twist!
upvoted 0 times
Elke
1 year ago
I agree, 'All of the above' would be a nightmare!
upvoted 0 times
...
Maryanne
1 year ago
Option C: Not conducting regular security training for employees.
upvoted 0 times
...
Gayla
1 year ago
Option B: Allowing unauthorized access to the server room.
upvoted 0 times
...
Belen
1 year ago
Option A: Storing sensitive data on unencrypted devices.
upvoted 0 times
...
...
Quentin
1 year ago
This question is like a game of ISO/IEC 27001 'Where's Waldo?' - gotta find that non-compliant situation!
upvoted 0 times
...
Leota
1 year ago
C) Emma had access to all offices and documentation of HealthGenic. Yikes! That's like giving the keys to the kingdom to a random employee. Not very secure.
upvoted 0 times
...
Latricia
1 year ago
B) The recodification audit Is planned to be conducted two years after HealthGenic implemented the ISMS. Ah, I see. ISO/IEC 27001 requires more frequent audits.
upvoted 0 times
...
Maira
1 year ago
A) Emma has an operational role in the HealthGenic's management system. Hmm, I don't see any issues with that. Operational roles are common in ISMS.
upvoted 0 times
Arlette
1 year ago
Yes, access control is crucial for maintaining compliance.
upvoted 0 times
...
Flo
1 year ago
That's a clear violation of ISO/IEC 27001 requirements.
upvoted 0 times
...
Fletcher
1 year ago
But in scenario 8, Emma also has access to sensitive information without proper authorization.
upvoted 0 times
...
Yolando
1 year ago
I agree, having an operational role in ISMS is normal.
upvoted 0 times
...
...
Dong
1 year ago
C) Emma had access to all offices and documentation of HealthGenic. That's a big no-no. Access should be limited based on the principle of least privilege.
upvoted 0 times
Isabella
1 year ago
Emma having access to everything at HealthGenic is definitely not in compliance with ISO/IEC 27001 requirements.
upvoted 0 times
...
Lonna
1 year ago
Having access to all offices and documentation is a big security risk.
upvoted 0 times
...
Stevie
1 year ago
Access should definitely be limited based on the principle of least privilege.
upvoted 0 times
...
...
Madelyn
1 year ago
But what about the recodification audit being planned two years later? Isn't that also a violation of ISO/IEC 27001 requirements?
upvoted 0 times
...
Alex
1 year ago
B) The recodification audit Is planned to be conducted two years after HealthGenic implemented the ISMS. This doesn't sound right. Shouldn't it be conducted more frequently?
upvoted 0 times
Marge
1 year ago
HealthGenic may need to review their audit schedule to ensure they are meeting ISO/IEC 27001 requirements.
upvoted 0 times
...
Terina
1 year ago
It's important to regularly assess and update the ISMS to maintain compliance with the standard.
upvoted 0 times
...
Jeanice
1 year ago
Maybe HealthGenic should consider conducting the audit annually to stay in line with ISO/IEC 27001 requirements.
upvoted 0 times
...
Tess
1 year ago
I agree, the recodification audit should be conducted more frequently to ensure compliance.
upvoted 0 times
...
...
Leatha
1 year ago
I agree with Lavera, that goes against the principle of least privilege.
upvoted 0 times
...
Lavera
1 year ago
I think the situation with Emma having access to all offices and documentation is not in compliance.
upvoted 0 times
...

Save Cancel