U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB ISO-IEC-27001-Lead-Auditor Exam Questions

Exam Name: PECB ISO/IEC 27001 Lead Auditor Exam
Exam Code: ISO-IEC-27001-Lead-Auditor
Related Certification(s):
  • PECB Auditor Certifications
  • PECB Continuing Professional Development CPD Certifications
Certification Provider: PECB
Actual Exam Duration: 180 Minutes
Number of ISO-IEC-27001-Lead-Auditor practice questions in our database: 418 (updated: Jun. 26, 2026)
Expected ISO-IEC-27001-Lead-Auditor Exam Topics, as suggested by PECB :
  • Topic 1: Fundamental principles and concepts of Information Security Management System (ISMS): This section of the exam covers topics such as the most fundamental concepts and rules related to information security.
  • Topic 2: Information Security Management System (ISMS): In this exam section, candidates are tested for their knowledge of vital Information security management system (ISMS) principles.
  • Topic 3: Fundamental audit concepts and principles: Exam-takers are tested in this section about basic audit concepts and rules.
  • Topic 4: Preparation of an ISO/IEC 27001 audit: In this exam section, candidates are tested for their knowledge of preparing for stage 2 audit and other audit processes.
  • Topic 5: Conducting an ISO/IEC 27001 audit: This section of the exam covers activities during the audit conducting process such as communication during the audit process and testing audit strategies.
  • Topic 6: Closing an ISO/IEC 27001 audit: In this section, exam-takers are tested for their knowledge of drafting audit findings and nonconformity reports, reviewing the quality of the audit, its documentation process, and how to close it.
  • Topic 7: Managing an ISO/IEC 27001 audit program: This section of the exam covers managing the internal audit activity and assessment of plans.
Disscuss PECB ISO-IEC-27001-Lead-Auditor Topics, Questions or Ask Anything Related
0/2000 characters

John Howard

22 days ago
When it came to Information Security Management System ISMS the risk assessment and treatment questions were tricky, often presenting a business scenario and asking which risk treatment option is justified. Look closely at risk criteria, calculation methods, and how Annex A controls map to risk treatment decisions, I recently passed and leaned on practical risk register exercises.
upvoted 0 times
...

Sarah Peterson

1 month ago
The PECB ISO IEC 27001 Lead Auditor exam leaned heavily on audit logic, so mapping each clause to evidence and typical nonconformities made the questions much easier and I managed to pass on the first try.
upvoted 0 times
...

Gary Moore

2 months ago
I struggled most with Fundamental principles and concepts of ISMS because several exam scenarios required you to pick which principle a control supports, especially when confidentiality and integrity overlap. Expect scenario questions that test concept mapping and prioritization, study the definitions, relationships between CIA, and examples of control application. I passed the PECB Lead Auditor exam and thanks Pass4Success for a good collection of exam questions that helped me practice quickly.
upvoted 0 times
...

Nancy Allen

2 months ago
During the exam I found the requirement versus objective control mapping questions especially tricky, deciding whether a control satisfied a clause or just an objective required very careful reading. Practicing mapping clauses to Annex A controls and timing my answers helped me avoid overthinking.
upvoted 0 times

Thomas Adams

2 months ago
Another tricky area was distinguishing between major and minor nonconformities during audits since the impact and recurrence criteria can be subtle.
upvoted 0 times

Kevin Torres

2 months ago
One tip that helped me was sketching process flows for the ISMS so tracing controls back to risks and objectives became much faster.
upvoted 0 times

Kenneth Moore

1 month ago
Sometimes the case studies in the ISO-IEC-27001-Lead-Auditor practice materials felt overloaded with detail, so learning to extract only audit-relevant facts was crucial.
upvoted 0 times

Andrew Taylor

1 month ago
Interestingly, time management mattered as much as technical knowledge because the preparation and closing phases include many small but important tasks you can easily miss.
upvoted 0 times
...
...
...
...

Rachel Hernandez

2 months ago
I worried most about audit evidence because examples often felt ambiguous until I practiced writing concise, objective evidence statements.
upvoted 0 times
...
...

Kris

3 months ago
Passing the PECB ISO/IEC 27001 Lead Auditor exam was a significant achievement for me. The practice questions from Pass4Success were a great help. A tough question from Domain 5 asked about the different types of audit reports. It required explaining the purpose and content of each type, which was a bit challenging for me.
upvoted 0 times
...

Diego

3 months ago
I am thrilled to have passed the PECB ISO/IEC 27001 Lead Auditor exam. The Pass4Success practice questions were very helpful. One question from Domain 4 that stumped me was about the audit conclusion process. It asked to describe the steps involved in reaching an audit conclusion, and I wasn't entirely sure of the answer.
upvoted 0 times
...

Jani

3 months ago
Successfully passing the PECB ISO/IEC 27001 Lead Auditor exam was a great achievement. The practice questions from Pass4Success were invaluable. A challenging question from Domain 3 asked about the audit evidence collection methods. It required explaining each method and providing examples, which was a bit tricky for me.
upvoted 0 times
...

Sabrina

4 months ago
I passed the PECB ISO/IEC 27001 Lead Auditor exam, and the Pass4Success practice questions were a great help. One question from Domain 2 that I found difficult was about the risk monitoring process. It asked to describe the steps involved in monitoring risks and their effectiveness, and I had to think hard about it.
upvoted 0 times
...

Joesph

4 months ago
Passing the PECB ISO/IEC 27001 Lead Auditor exam was a rewarding experience. The practice questions from Pass4Success were very helpful. A tough question from Domain 1 asked about the audit scope. It required explaining how to determine the audit scope and its importance, which was a bit challenging for me.
upvoted 0 times
...

Hector

4 months ago
ISO 27001 Lead Auditor now, thanks to Pass4Success's efficient study materials.
upvoted 0 times
...

Jettie

4 months ago
Grateful for Pass4Success. Their questions were crucial for my ISO 27001 exam success.
upvoted 0 times
...

Mammie

5 months ago
My hands trembled during the prep week, yet the practice tests and expert tips from pass4success turned fear into focus, and I walked out with assurance—keep pushing forward, future testers.
upvoted 0 times
...

Twanna

5 months ago
The hardest topic for me was the context of the organization and interested parties; questions would twist requirements. Pass4Success practice prepared me by drilling those exact scenarios until the logic clicked.
upvoted 0 times
...

Audry

5 months ago
Pass4Success nailed it with their exam prep. ISO 27001 certification secured!
upvoted 0 times
...

Bettina

5 months ago
Scenario-based questions on internal audits were brutal, with distractors that looked plausible. pass4success practice exams trained me to spot the subtle differences and stay consistent with auditing standards.
upvoted 0 times
...

Shonda

6 months ago
I am happy to share that I passed the PECB ISO/IEC 27001 Lead Auditor exam. The Pass4Success practice questions were extremely beneficial. One question from Domain 5 that I found difficult was about the different types of audit documentation. It asked to explain the purpose and importance of each type, and I wasn't entirely confident in my answer.
upvoted 0 times
...

Laurel

6 months ago
The tricky part was interpreting the Annex A control references in context, especially when multiple controls seem applicable. pass4success practice exams organized my thought process and showed how to justify choices under exam conditions.
upvoted 0 times
...

Leatha

6 months ago
The toughest part for me was the risk assessment and treatment plan questions; their scenarios forced precise alignment with ISO 27001 controls. Pass4Success practice exams helped me map each control to real-world outcomes, so I could pick the best-fit answer quickly.
upvoted 0 times
...

Peggie

6 months ago
Passing the PECB ISO/IEC 27001 Lead Auditor exam was a huge accomplishment. Tip: Focus on understanding the core concepts, not just memorizing facts, and the pass4success practice tests will help with that.
upvoted 0 times
...

Alida

7 months ago
Successfully passing the PECB ISO/IEC 27001 Lead Auditor exam was a great experience. The practice questions from Pass4Success were very helpful. A challenging question from Domain 4 asked about the audit follow-up process. It required describing the steps involved in following up on audit findings, which was a bit tricky for me.
upvoted 0 times
...

Frank

7 months ago
I passed the PECB ISO/IEC 27001 Lead Auditor exam, and the Pass4Success practice questions played a crucial role. One question from Domain 3 that I found difficult was about the audit team selection criteria. It asked to explain the factors to consider when selecting audit team members, and I had to think hard about it.
upvoted 0 times
...

Lera

7 months ago
Tough exam, but Pass4Success materials made it manageable. Passed with flying colors!
upvoted 0 times
...

Bette

8 months ago
ISO 27001 certification achieved! Pass4Success was a lifesaver for quick studying.
upvoted 0 times
...

Yoko

8 months ago
The Pass4Success practice exams were a game-changer for me. Tip: Manage your time wisely during the exam, and don't get bogged down in any single question.
upvoted 0 times
...

Willodean

8 months ago
Couldn't have passed without Pass4Success. Their questions were nearly identical to the real thing.
upvoted 0 times
...

James

8 months ago
I felt the jitters from the moment I opened the syllabus, but the Pass4Success drills lined up with real-world scenarios and helped me think like an auditor, not just memorize facts—believe in your study, you've got this.
upvoted 0 times
...

Isaiah

8 months ago
Pass4Success made prep a breeze. Aced the ISO 27001 exam in no time!
upvoted 0 times
...

Marsha

9 months ago
I was nervous before the exam, doubting if I could recall every control and clause; Pass4Success gave me structured practice, mock audits, and clear rationales that boosted my confidence, so you can conquer it too—trust your preparation and stay persistent.
upvoted 0 times
...

Marvel

9 months ago
Passing the PECB ISO/IEC 27001 Lead Auditor exam was a significant achievement for me. The practice questions from Pass4Success were a great help. A tough question from Domain 2 asked about the risk communication process. It required describing the steps involved in communicating risks to stakeholders, which was a bit challenging for me.
upvoted 0 times
...

Nan

9 months ago
Just passed the ISO 27001 Lead Auditor exam! Thanks Pass4Success for the spot-on practice questions.
upvoted 0 times
...

Franchesca

9 months ago
I am thrilled to have passed the PECB ISO/IEC 27001 Lead Auditor exam. The Pass4Success practice questions were very helpful. One question from Domain 1 that stumped me was about the audit criteria. It asked to explain the importance of audit criteria and how they are determined, and I wasn't entirely sure of the answer.
upvoted 0 times
...

Nelida

10 months ago
Nailed the Lead Auditor exam! Pass4Success's materials were a game-changer for my prep.
upvoted 0 times
...

Stephania

10 months ago
Successfully passing the PECB ISO/IEC 27001 Lead Auditor exam was a great achievement. The practice questions from Pass4Success were invaluable. A challenging question from Domain 5 asked about the different types of audit findings. It required explaining each type and providing examples, which was a bit tricky for me.
upvoted 0 times
...

Loren

12 months ago
ISO 27001 certified in no time, thanks to Pass4Success's comprehensive question bank.
upvoted 0 times
...

Lashaun

1 year ago
Pass4Success's practice exams were spot on. Made passing ISO 27001 a breeze!
upvoted 0 times
...

Tina

1 year ago
Lead Auditor exam conquered! Pass4Success's prep was efficient and effective.
upvoted 0 times
...

Gearldine

1 year ago
Couldn't have passed without Pass4Success. Their questions matched the exam perfectly.
upvoted 0 times
...

Aileen

1 year ago
ISO 27001 certification achieved! Pass4Success's materials were worth every penny.
upvoted 0 times
...

Lai

1 year ago
Thanks to Pass4Success, I felt well-prepared for the ISO 27001 exam. Passed with flying colors!
upvoted 0 times
...

Twanna

1 year ago
I passed the PECB ISO/IEC 27001 Lead Auditor exam, and the Pass4Success practice questions were a great help. One question from Domain 4 that I found difficult was about the audit reporting process. It asked to describe the steps involved in preparing and presenting an audit report, and I had to think hard about it.
upvoted 0 times
...

Angelica

1 year ago
Pass4Success's practice tests were key to my ISO 27001 success. Highly recommend!
upvoted 0 times
...

Paz

2 years ago
Passing the PECB ISO/IEC 27001 Lead Auditor exam was a rewarding experience. The practice questions from Pass4Success were very helpful. A tough question from Domain 3 asked about the audit plan components. It required listing and describing each component, which was a bit challenging for me.
upvoted 0 times
...

Bernardo

2 years ago
I am happy to share that I passed the PECB ISO/IEC 27001 Lead Auditor exam. The Pass4Success practice questions were extremely beneficial. One question from Domain 2 that I found challenging was about the risk treatment options. It asked to explain each option and provide examples, which required careful thought.
upvoted 0 times
...

Julie

2 years ago
Aced the Lead Auditor exam in record time. Pass4Success made all the difference in my prep.
upvoted 0 times
...

Elfriede

2 years ago
The PECB ISO/IEC 27001 Lead Auditor exam was challenging, but I passed with the help of Pass4Success practice questions. A question from Domain 1 asked about the principles of auditing. It required identifying and explaining each principle, which was a bit tricky for me.
upvoted 0 times
...

Carmelina

2 years ago
I passed the PECB ISO/IEC 27001 Lead Auditor exam, and the Pass4Success practice questions played a crucial role. One question from Domain 5 that I found difficult was about the different types of audit evidence. It asked to differentiate between direct and indirect evidence, and I wasn't entirely confident in my answer.
upvoted 0 times
...

Louann

2 years ago
ISO 27001 certified! Pass4Success's questions were incredibly similar to the real thing.
upvoted 0 times
...

Barabara

2 years ago
Successfully passing the PECB ISO/IEC 27001 Lead Auditor exam was a great experience. The practice questions from Pass4Success were very helpful. A question in Domain 4 about the audit process stages was particularly tough. It asked to list and describe each stage, and I had to recall my studies carefully.
upvoted 0 times
...

Janey

2 years ago
I am thrilled to have passed the PECB ISO/IEC 27001 Lead Auditor exam. The Pass4Success practice questions were invaluable. One challenging question from Domain 3 asked about the roles and responsibilities of the audit team leader. I wasn't completely sure of the answer, but I still succeeded.
upvoted 0 times
...

Roselle

2 years ago
Wow, that exam was tough! Grateful for Pass4Success's prep materials - they were a lifesaver.
upvoted 0 times
...

Zachary

2 years ago
Great. Any final advice?
upvoted 0 times
...

Emeline

2 years ago
Passing the PECB ISO/IEC 27001 Lead Auditor exam was a significant achievement for me, thanks to the practice questions from Pass4Success. There was a tricky question in Domain 2 about risk assessment methodologies. It asked how to prioritize risks based on their impact and likelihood, and I had to think hard about it.
upvoted 0 times
...

Lisandra

2 years ago
Focus on the context of the organization. Understand how to determine internal and external issues affecting the ISMS. Good luck!
upvoted 0 times
...

Julio

2 years ago
I recently passed the PECB ISO/IEC 27001 Lead Auditor exam, and the Pass4Success practice questions were a great help. One question that stumped me was about the different types of audits in Domain 1. It asked about the key differences between internal and external audits, and I wasn't entirely sure of the answer, but I still managed to pass.
upvoted 0 times
...

My

2 years ago
Just passed the ISO 27001 Lead Auditor exam! Thanks Pass4Success for the spot-on practice questions.
upvoted 0 times
...

Vi

2 years ago
Passing the PECB ISO/IEC 27001 Lead Auditor exam was a significant achievement for me, and I attribute my success to the valuable practice questions provided by Pass4Success. The exam delved into essential Information Security Management System (ISMS) principles, and I had to demonstrate my understanding of how to effectively manage information security. One question that challenged me was about the process of continual improvement in ISMS. Although I had some doubts, I managed to pass the exam.
upvoted 0 times
...

Glynda

2 years ago
Cleared the ISO 27001 exam thanks to Pass4Success. Their questions mirrored the actual exam perfectly. Great resource!
upvoted 0 times
...

Stephen

2 years ago
My experience taking the PECB ISO/IEC 27001 Lead Auditor exam was intense, but I successfully passed it thanks to Pass4Success practice questions. The exam tested my knowledge of Information Security Management System (ISMS) principles, and I had to apply my understanding of key concepts to answer the questions. One question that made me pause was about the role of top management in implementing ISMS. Despite my initial uncertainty, I was able to pass the exam.
upvoted 0 times
...

Jody

2 years ago
I recently passed the PECB ISO/IEC 27001 Lead Auditor exam with the help of Pass4Success practice questions. The exam covered fundamental principles and concepts of Information Security Management System (ISMS), and I found it challenging yet rewarding. One question that stood out to me was related to the importance of risk assessment in ISMS. I wasn't completely sure of the answer, but I managed to pass the exam.
upvoted 0 times
...

Susy

2 years ago
Understanding the ISMS implementation process was crucial. You may encounter questions about establishing the context of the organization and leadership commitment. Review the PDCA cycle and how it applies to ISMS implementation. Pass4Success's exam materials were spot-on and greatly contributed to my success in passing this challenging certification.
upvoted 0 times
...

Onita

2 years ago
Passed the ISO 27001 Lead Auditor exam! Pass4Success provided spot-on practice questions. Grateful for their efficient prep materials.
upvoted 0 times
...

Harrison

2 years ago
Pass4Success made ISO 27001 exam prep a breeze. Passed with flying colors. Highly recommend their focused study materials.
upvoted 0 times
...

Tori

2 years ago
ISO 27001 Lead Auditor certification achieved! Pass4Success's practice tests were invaluable. Saved me tons of study time.
upvoted 0 times
...

Reuben

2 years ago
Thanks to Pass4Success, I aced the ISO 27001 Lead Auditor exam. Their questions were incredibly similar to the real thing!
upvoted 0 times
...

Free PECB ISO-IEC-27001-Lead-Auditor Exam Actual Questions

Note: Premium Questions for ISO-IEC-27001-Lead-Auditor were last updated On Jun. 26, 2026 (see below)

Question #1

Scenario 3

NightCore, a multinational technology enterprise headquartered in the United States, specializes in e-commerce, cloud computing, digital streaming, and artificial intelligence (AI). After having an information security management system (ISMS) implemented for over a year, NightCore contracted a certification body to perform an audit for ISO/IEC 27001 certification.

The certification body formed a team of five auditors, with Jack as a team leader. Jack is renowned for his extensive auditing experience in risk management, information security controls, and incident management. His skill set aligns well with the requirements of auditing principles and processes, enabling him to effectively comprehend the audit scope and apply relevant criteria effectively. Jack also demonstrates a solid understanding of NightCore's organizational structure, purpose, and management practices and the statutory and regulatory requirements applicable to its activities.

The audit carried out by the audit team followed a rational method to reach reliable and reproducible conclusions systematically. The audit team recognized that only information capable of being verified to some extent should be considered valid evidence. In some rare instances during the audit where the verification of certain information posed challenges and where its degree of verifiability was low, the auditors exercised their professional judgment to assess the reliability and determine the level of reliance that could be placed on such evidence.

During the audit, the auditors documented their observations and inspection notes regarding the operational planning and control of NightCore's ISMS operations. They also recorded observations of NightCore's inventory of information and associated assets. Additionally, the auditors reviewed the configuration of firewalls implemented to secure connections to network services.

As the audit approached its final stages, NightCore's commitment to upholding the highest levels of information security became evident. With ISO/IEC 27001 certification within reach, NightCore is well-positioned to achieve ISO/IEC 27001 certification, enhancing its reputation in the technology sector.

According to Scenario 3, did the auditors appropriately handle information that could only be verified to some extent?

Reveal Solution Hide Solution
Correct Answer: A

The auditors handled partially verifiable information appropriately by applying professional judgment, which makes option A the correct answer. ISO 19011:2018 emphasizes that auditing is not a purely mechanical process and requires auditors to apply due professional care when evaluating evidence. Audit evidence is often based on samples and may vary in its degree of verifiability. The key requirement is that auditors assess the reliability, relevance, and sufficiency of the evidence before using it to support audit conclusions.

In the scenario, the audit team explicitly recognized that some information could only be verified to a limited extent and responded by carefully evaluating how much reliance could be placed on that information. This aligns with ISO 19011 principles, particularly the evidence-based approach and due professional care. Auditors are expected to exercise judgment when full verification is impractical, provided they clearly understand the limitations of the evidence and do not overstate its reliability.

Option B is incorrect because ISO standards do not require auditors to discard all partially verifiable information. Doing so could lead to incomplete audit conclusions and an unrealistic audit process. Option C is also incorrect because while external experts may be used in certain specialized cases, ISO 19011 does not mandate their involvement whenever evidence is difficult to verify. The auditors' approach in the scenario demonstrates appropriate competence and professional judgment, consistent with ISO auditing guidance.


Question #2

To verify conformity to control 8.15 Logging of ISO/IEC 27001 Annex A, the audit team studied a sample of server logs to determine if they could be edited or deleted. Which audit procedure did the audit team use?

Reveal Solution Hide Solution
Correct Answer: B

The audit team used technical verification, making option B the correct answer. Technical verification involves examining technical configurations, system settings, or operational characteristics of information systems to verify whether controls are implemented and effective. In this scenario, the auditors examined server logs to determine whether they could be altered or deleted, which directly assesses the technical enforcement of logging controls.

ISO/IEC 27002:2022 control 8.15 requires organizations to ensure that logs are protected against unauthorized modification or deletion. Verifying this requirement cannot be achieved through interviews or documentation alone; it requires direct interaction with or inspection of the technical system.

Option A is incorrect because analysis refers to evaluating information, patterns, or results after evidence has been collected, not to the act of examining system configurations. Option C is incorrect because observation involves watching activities or processes being performed, such as monitoring staff behavior or physical security practices, not inspecting system-level controls.

Therefore, reviewing server logs for editability or deletion capability is a clear example of technical verification, which is an appropriate and necessary audit procedure for technological controls.


Question #3

Which two of the following phrases would apply to "audit objectives"?

Reveal Solution Hide Solution
Correct Answer: B, F

The audit objectives are the purpose and scope of an audit, as defined by the audit client and the auditor.According to the ISO/IEC 27001 standard, the audit objectives for an ISMS audit may include determining the extent of conformity of the ISMS with the audit criteria, evaluating the ability of the ISMS to ensure the organization meets its information security objectives, and identifying potential areas for improvement of the ISMS12.References: =1: PECB Candidate Handbook - ISO/IEC 27001 Lead Auditor, page 192: ISO/IEC 27007:2011 Information technology --- Security techniques --- Guidelines for information security management systems auditing, clause 4.2.1.


Question #4

Scenario 5: Cobt. an insurance company in London, offers various commercial, industrial, and life insurance solutions. In recent years, the number of Cobt's clients has increased enormously. Having a huge amount of data to process, the company decided that certifying against ISO/IEC 27001 would bring many benefits to securing information and show its commitment to continual improvement. While the company was well-versed in conducting regular risk assessments, implementing an ISMS brought major changes to its daily operations. During the risk assessment process, a risk was identified where significant defects occurred without being detected or prevented by the organizations internal control mechanisms.

The company followed a methodology to implement the ISMS and had an operational ISMS in place after only a few months After successfully implementing the ISMS, Cobt applied for ISO/IEC 27001 certification Sarah, an experienced auditor, was assigned to the audit Upon thoroughly analyzing the audit offer, Sarah accepted her responsibilities as an audit team leader and immediately started to obtain general information about Cobt She established the audit criteria and objective, planned the audit, and assigned the audit team members' responsibilities.

Sarah acknowledged that although Cobt has expanded significantly by offering diverse commercial and insurance solutions, it still relies on some manual processes Therefore, her initial focus was to gather information on how the company manages its information security risks Sarah contacted Cobt's representatives to request access to information related to risk management for the off-site review, as initially agreed upon for part of the audit However, Cobt later refused, claiming that such information is too sensitive to be accessed outside of the company This refusal raised concerns about the audit's feasibility, particularly regarding the availability and cooperation of the auditee and access to evidence Moreover, Cobt raised concerns about the audit schedule, stating that it does not properly reflect the recent changes the company made It pointed out that the actions to be performed during the audit apply only to the initial scope and do not encompass the latest changes made in the audit scope

Sarah also evaluated the materiality of the situation, considering the significance of the information denied for the audit objectives. In this case, the refusal by Cobt raised questions about the completeness of the audit and its ability to provide reasonable assurance. Following these situations, Sarah decided to withdraw from the audit before a certification agreement was signed and communicated her decision to Cobt and the certification body. This decision was made to ensure adherence to audit principles and maintain transparency, highlighting her commitment to consistently upholding these principles.

Based on the scenario above, answer the following question:

Based on the role of Sarah described in Scenario 5, which of the following should NOT be part of her responsibilities?

Reveal Solution Hide Solution
Correct Answer: A

Comprehensive and Detailed In-Depth

A . Assigning responsibilities to the audit team members (Correct Answer) -- This is not Sarah's responsibility. The certification body assigns the audit team and defines responsibilities, ensuring independence and objectivity.

B . Defining the audit criteria and objectives (Correct Responsibility) -- Sarah, as the audit team leader, must establish audit criteria and objectives, per ISO 19011 (Guidelines for Auditing Management Systems).

C . Planning the audit (Correct Responsibility) -- The audit team leader is responsible for planning the audit, including timelines and resource allocation.

Relevant Standard Reference:

ISO/IEC 27001:2022 Clause 9.2 (Internal Audit)

ISO 19011:2018 Clause 5.5.2 (Defining Audit Objectives and Criteria)


Question #5

According to ISO/IEC 27001, Clause 5.1 (Leadership and Commitment), which of the following is NOT a responsibility of top management?

Reveal Solution Hide Solution
Correct Answer: B

Comprehensive and Detailed In-Depth

ISO/IEC 27001 Clause 5.1 (Leadership and Commitment) defines top management's role in ensuring the effectiveness of the Information Security Management System (ISMS). It requires top management to:

Ensure the availability of resources for the ISMS (Correct Responsibility).

Promote continual improvement of the ISMS (Correct Responsibility).

Direct and support employees to contribute to ISMS effectiveness (Correct Responsibility).

B . Conducting regular internal audits -- Incorrect Responsibility:

Internal audits are not a direct responsibility of top management. Instead, Clause 9.2 (Internal Audit) requires audits to be conducted independently of management.

Top management is responsible for ensuring audits are conducted but does not need to conduct them personally.

Thus, top management is responsible for oversight and support but not for conducting internal audits themselves.

Relevant Standard Reference:

ISO/IEC 27001:2022 Clause 5.1 (Leadership and Commitment)

ISO/IEC 27001:2022 Clause 9.2 (Internal Audit)



Unlock Premium ISO-IEC-27001-Lead-Auditor Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now

Save Cancel