問題集を購入するなら最新の2025年05月10日 ISO-IEC-27001-Lead-Auditor-CN試験問題と解答PDFで一年間無料更新 [Q152-Q167]

Share

問題集を購入するなら最新の2025年05月10日 ISO-IEC-27001-Lead-Auditor-CN試験問題と解答PDFで一年間無料更新

時間限定無料ダウンロード!最新のISO-IEC-27001-Lead-Auditor-CN問題集で2025年最新のISO-IEC-27001-Lead-Auditor-CN試験問題

質問 # 152
以下是「誠信」的目的,這是資訊安全的基本組成部分之一

  • A. 根據授權實體的要求可存取和使用的屬性。
  • B. 保障資產準確性和完整性的屬性。
  • C. 資訊不會提供或揭露給未經授權的個人的屬性
  • D. 資訊不會提供或揭露給未經授權的個人的屬性

正解:B

解説:
Integrity is one of the basic components of information security, along with confidentiality and availability.
Integrity means that information is safeguarded from unauthorized or accidental changes that could affect its accuracy and completeness. Integrity ensures that information is reliable and trustworthy3. References: ISO
/IEC 27001:2022 Lead Auditor Training Course - BSI


質問 # 153
審核員在確定 (2)-------- 時應考慮 (1)--------

  • A. (1)標準要求。 (二)審核標準
  • B. (1) 與違法行為相關的處罰,(2) 重要性
  • C. (1) 稽核風險,(2) 稽核目標

正解:C

解説:
The auditor should consider "audit risks" when determining the "audit objectives." Understanding the risks associated with the audit helps define the objectives clearly, ensuring that the audit focuses on the most significant areas of concern, aligns with the audit scope, and adequately addresses the risks identified.
References: ISO 19011:2018, Guidelines for auditing management systems


質問 # 154
您是審計團隊負責人,對一家線上保險機構進行第三方審計。舞台期間
1,您發現組織採取了非常謹慎的風險方法,並將 ISO/IEC 27001:2022 附錄 A 中的所有資訊安全控制措施納入其適用性聲明中。
在第二階段審核期間,您的審核團隊發現沒有證據顯示實施了適用性聲明摘錄中顯示的三項控制措施(5.3 職責分離、6.1 篩選、7.12 佈線安全)。未找到風險處理方案。

選擇三個選項,說明您希望受審核方針對 ISO/IEC 27001:2022 第 6.1.3.e 條的不符合項所採取的措施。

  • A. 分配提供證據的責任,以向審核員證明控制措施已實施。
  • B. 制定定期評估與控制相關的風險的計畫。
  • C. 對每項適用的控制措施實施適當的風險處理。
  • D. 修改適用性聲明中的相關內容以證明其排除的合理性。
  • E. 將書面控製程序納入組織的安全手冊中。
  • F. 重新檢視與三項控制措施相關的風險評估流程。
  • G. 對客戶進行調查,以了解他們是否需要這些控制措施。
  • H. 從適用性聲明中刪除三個控制項。

正解:C、D、F

解説:
According to the PECB Candidate Handbook for ISO/IEC 27001 Lead Auditor, the auditee should take the following actions in response to a nonconformity against clause 6.1.3.e of ISO/IEC 27001:20221:
* Implement the appropriate risk treatment for each of the applicable controls, as this is the main requirement of clause 6.1.3.e and the objective of the risk treatment process2.
* Revise the relevant content in the Statement of Applicability to justify their exclusion, as this is the expected output of the risk treatment process and the evidence of the risk-based decisions3.
* Revisit the risk assessment process relating to the three controls, as this is the input for the risk treatment process and the source of identifying the risks and the controls4.
The other options are not correct because:
* Allocating responsibility for producing evidence to prove to auditors that the controls are implemented is not a valid action, as the audit team already found that there was no evidence of the implementation of the three controls.
* Compiling plans for the periodic assessment of the risks associated with the controls is not a valid action, as this is part of the risk monitoring and review process, not the risk treatment process5.
* Incorporating written procedures for the controls into the organisation's Security Manual is not a valid action, as this is part of the documentation and operation of the ISMS, not the risk treatment process.
* Removing the three controls from the Statement of Applicability is not a valid action, as this is not a sufficient justification for their exclusion and does not reflect the risk treatment process.
* Undertaking a survey of customers to find out if the controls are needed by them is not a valid action, as this is not a relevant criterion for the risk assessment and treatment process, which should be based on the organisation's own context and objectives.
References: 1: PECB Candidate Handbook for ISO/IEC 27001 Lead Auditor, page 36, section 4.5.22: ISO
/IEC 27001:2022, clause 6.1.3.e3: ISO/IEC 27001:2022, clause 6.1.3.f4: ISO/IEC 27001:2022, clause 6.1.25:
ISO/IEC 27001:2022, clause 6.2. : ISO/IEC 27001:2022, clause 7.5 and 8. : ISO/IEC 27001:2022, clause
6.1.3.d. : ISO/IEC 27001:2022, clause 4.1 and 4.2.


質問 # 155
選出最能完成句子的單字:
要用單字完成句子,請點擊要完成的空白部分,使其以紅色突出顯示,然後從下面的選項中點擊應用程式文字。或者,您可以將該選項拖曳到適當的空白部分。

正解:

解説:

Explanation:
competence of the audit team and decision made by the certification body According to ISO/IEC 17021-1, which specifies the requirements for bodies providing audit and certification of management systems, an accredited certification means that the certification body has been evaluated by an accreditation body against recognized standards to demonstrate its competence, impartiality and performance capability1. Therefore, an accredited certification assures the competence of the audit team that conducts the audit in accordance with ISO 19011 and ISO/IEC 27001:2022, and the decision made by the certification body that grants or maintains the certification based on the audit evidence and findings2. References: ISO/IEC
17021-1:2015 - Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements, ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) | CQI | IRCA


質問 # 156
Finnco 是一家認證機構的子公司,為組織提供 ISMS 諮詢服務。
考慮到這種情況,認證機構什麼時候可以對組織進行認證?

  • A. 這種情況下沒有時間限制
  • B. 任何時候都不會,因為這會帶來利益衝突
  • C. 如果自上次諮詢活動以來已經過了至少兩年

正解:B

解説:
A certification body cannot certify an organization if it has provided consultancy services to that organization.
This situation presents a conflict of interest, as the certification body is required to maintain impartiality and objectivity. The ISO/IEC 17021-1 standard, which sets out requirements for bodies providing audit and certification of management systems, specifies that providing both services to the same client is incompatible.
References: ISO/IEC 17021-1:2015 Conformity assessment - Requirements for bodies providing audit and certification of management systems


質問 # 157
管理審核計畫的個人負責下列哪六項行動?

  • A. 選擇審核團隊
  • B. 建立審核計劃
  • C. 保留審核結果的記錄資訊
  • D. 審核期間與受審核方的溝通
  • E. 確定審核計畫所需的資源
  • F. 定義單獨審核的目標、範圍和標準
  • G. 定義單獨審核的計劃
  • H. 確定審核計劃的範圍

正解:A、B、C、F、G、H

解説:
According to ISO 19011:2018, which provides guidelines for auditing management systems, an audit programme is a set of one or more audits planned for a specific time frame and directed towards a specific purpose1. The individual(s) managing the audit programme are responsible for establishing, implementing and maintaining the audit programme in accordance with the organization's policies and objectives1. This includes defining the extent of the audit programme based on strategic direction, risks and opportunities; establishing the audit programme by defining its objectives, scope and criteria; determining the resources necessary for the audit programme; selecting competent auditors and assigning them to appropriate audits; defining the objectives, scope and criteria for each individual audit; defining the plan of each individual audit; retaining documented information of the audit results; reviewing and improving the performance of the audit programme1. Therefore, these six actions are part of the responsibilities of the individual(s) managing the audit programme. The other option, communicating with the auditee during the audit, is not a responsibility of the individual(s) managing the audit programme, but rather a responsibility of the audit team leader1. References: ISO 19011:2018 - Guidelines for auditing management systems


質問 # 158
通過 ISO/IEC 27001 認證的組織範圍規定,他們提供編輯和網站託管服務。然而,由於組織的一些變化,與網站託管服務相關的技術支援已外包。在這種情況下是否應該啟動範圍變更?

  • A. 是的,因為外在環境的任何變化都會引發範圍的變化
  • B. 否,因為變更不需要實施新的安全控制
  • C. 否,因為該組織已獲得編輯和網站託管服務認證

正解:A

解説:
Yes, a change in the scope should be initiated because outsourcing a significant part of the service, such as technical support related to web hosting, could impact the risk landscape and the controls needed to manage those risks. This change affects the external environment and how the ISMS operates, necessitating a scope review and possible adjustment.
References: ISO/IEC 27001:2013, Clause 4.3 (Determining the scope of the information security management system)


質問 # 159
選出最能完成句子的單字:
要使用最佳單字完成句子,請按一下要完成的空白部分,使其以紅色突出顯示,然後從下面的選項中按一下適用的文字。或者,您可以將該選項拖曳到適當的空白部分。

正解:

解説:

Explanation:

* A third-party audit team leader is a person who leads an audit team that conducts audits on behalf of an external organization, such as a certification body, that provides certification or accreditation services to other organizations12.
* One of the main responsibilities of a third-party audit team leader is to act on behalf of the certification body, which means to represent its interests, policies, and procedures during the audit process12.
* Acting on behalf of the certification body involves communicating with the audit client and the auditee, planning and conducting the audit, reporting and evaluating the audit results, and making recommendations for certification or accreditation decisions12.
* Acting on behalf of the certification body also requires maintaining professional integrity, impartiality, confidentiality, and competence throughout the audit process12.
References :=
* ISO 19011:2022 Guidelines for auditing management systems
* ISO/IEC 17021-1:2022 Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements


質問 # 160
審計員發現,IT 部門 15 名員工中有兩人沒有接受足夠的資訊安全訓練。這代表什麼?

  • A. 審計證據
  • B. 審計結果
  • C. 資訊來源

正解:B

解説:
This scenario represents an "audit finding." An audit finding refers to results that indicate a deviation from the expected performance or standards. Discovering that two employees have not received the required training is an audit finding indicating noncompliance with the organization's training requirements.
References: ISO 19011:2018, Guidelines for auditing management systems


質問 # 161
情境 4:SendPay 是一家金融公司,透過代理商和金融機構網路提供服務。他們的主要服務之一是在全球範圍內轉帳。 SendPay 作為一家新公司,致力於為客戶提供最優質的服務。由於該公司提供國際交易,因此要求客戶提供個人信息,例如身份、交易原因以及完成交易可能需要的其他詳細信息。因此,SendPay 已實施安全措施來保護客戶的訊息,包括偵測、調查和回應可能出現的任何資訊安全威脅。他們對提供安全服務的承諾也體現在 ISMS 實施過程中,該公司投入了大量時間和資源。
去年,SendPay 推出了他們的數位平台,允許透過智慧型手機或筆記型電腦等電子設備進行貨幣交易,而無需支付額外費用。透過這個平台,SendPay 的客戶可以隨時隨地發送和接收資金。該數位平台幫助SendPay簡化了公司營運並進一步拓展了業務。當時SendPay正在外包其軟體業務,因此該專案是由外包公司的軟體開發團隊完成的。
該團隊還負責維護 SendPay 的技術基礎設施。
最近,該公司在實施 ISMS 近一年後申請了 ISO/IEC 27001 認證。他們與符合其標準的認證機構簽訂了合約。不久之後,認證機構任命了一個由四名審核員組成的團隊來審核 SendPay 的 ISMS。
審計過程中,發現以下情況:
1.外包軟體公司在未事先通知的情況下終止了與SendPay的合約。結果,SendPay 無法立即將服務恢復到內部,其營運中斷了五天。審計人員要求 SendPay 的代表提供證據,證明他們在合約終止的情況下有計劃遵循。這些代表沒有提供任何書面證據,但在接受審計時,他們告訴審計人員,SendPay的高層已經確定了另外兩家軟體開發公司,如果類似情況再次發生,可以立即提供服務。
2. 沒有證據顯示對外包給軟體開發公司的活動進行了監控。 SendPay 的代表再次告訴審計人員,他們定期與軟體開發公司溝通,並適當地告知可能發生的任何變更。
3.防火牆測試未發現異常狀況。審核員測試了防火牆配置,以確定這些服務提供的安全等級。他們使用資料包分析器來測試防火牆策略,這使他們能夠即時檢查發送或接收的資料包。
根據該場景,回答以下問題:
根據情境 4,審計人員要求提供有關外包業務監控過程的文件證據。這說明什麼?

  • A. 審核員表現出專業懷疑態度
  • B. 審計人員洩漏了外包業務的機密性
  • C. 審計師根據基於風險的方法評估了證據

正解:A

解説:
Based on the provided scenario, the auditors' request for documentary evidence regarding the monitoring process of outsourced operations indicates that the auditors demonstrated professional skepticism. This is because professional skepticism involves a critical assessment of audit evidence and includes a questioning mind and a careful evaluation of the information provided by the auditee123.
Professional skepticism is an essential part of the auditing process, especially in the context of ISO/IEC
27001, which requires auditors to systematically examine an organization's information security risks, including the management of outsourced processes4. The auditors' request for evidence suggests that they were not satisfied with verbal assurances alone and sought to verify that SendPay had a formal, documented process for monitoring outsourced activities, which is a requirement for maintaining an effective Information Security Management System (ISMS)5.
Therefore, the correct answer is: A. The auditors demonstrated professional skepticism.


質問 # 162
情境 4:SendPay 是一家金融公司,透過代理商和金融機構網路提供服務。他們的主要服務之一是在全球範圍內轉帳。 SendPay 作為一家新公司,致力於為客戶提供最優質的服務。由於該公司提供國際交易,因此要求客戶提供個人信息,例如身份、交易原因以及完成交易可能需要的其他詳細信息。因此,SendPay 已實施安全措施來保護客戶的訊息,包括偵測、調查和回應可能出現的任何資訊安全威脅。他們對提供安全服務的承諾也體現在 ISMS 實施過程中,該公司投入了大量時間和資源。
去年,SendPay 推出了他們的數位平台,允許透過智慧型手機或筆記型電腦等電子設備進行貨幣交易,而無需支付額外費用。透過這個平台,SendPay 的客戶可以隨時隨地發送和接收資金。該數位平台幫助SendPay簡化了公司營運並進一步拓展了業務。當時SendPay正在外包其軟體業務,因此該專案是由外包公司的軟體開發團隊完成的。
該團隊還負責維護 SendPay 的技術基礎設施。
最近,該公司在實施 ISMS 近一年後申請了 ISO/IEC 27001 認證。他們與符合其標準的認證機構簽訂了合約。不久之後,認證機構任命了一個由四名審核員組成的團隊來審核 SendPay 的 ISMS。
審計過程中,發現以下情況:
1.外包軟體公司在未事先通知的情況下終止了與SendPay的合約。結果,SendPay 無法立即將服務恢復到內部,其營運中斷了五天。審計人員要求 SendPay 的代表提供證據,證明他們在合約終止的情況下有計劃遵循。這些代表沒有提供任何書面證據,但在接受審計時,他們告訴審計人員,SendPay的高層已經確定了另外兩家軟體開發公司,如果類似情況再次發生,可以立即提供服務。
2. 沒有證據顯示對外包給軟體開發公司的活動進行了監控。 SendPay 的代表再次告訴審計人員,他們定期與軟體開發公司溝通,並適當地告知可能發生的任何變更。
3.防火牆測試未發現異常狀況。審核員測試了防火牆配置,以確定這些服務提供的安全等級。他們使用資料包分析器來測試防火牆策略,這使他們能夠即時檢查發送或接收的資料包。
根據該場景,回答以下問題:
SendPay 的代表表示,該公司沒有計劃與他們外包活動的公司終止合約。相反,最高管理層已經確定了另外兩家可以提供相同服務的軟體開發公司。您如何描述這種情況?

  • A. 可以接受,SendPay可以決定是否制定類似的合約終止計劃,因此不需要額外的證據
  • B. 不可接受,SendPay 用於識別替代軟體開發公司的證據和標準不充分
  • C. 不可接受,SendPay 必須始終制定恢復計劃,說明公司應遵循哪些步驟

正解:C

解説:
ISO/IEC 27001 emphasizes the need for organizations to have a comprehensive incident management and recovery plan for various situations, including the termination of contracts with key service providers. In the case of SendPay, having a specific, documented recovery plan that outlines steps and protocols in case of sudden termination is necessary to ensure business continuity and compliance with the standard.
References: ISO/IEC 27001:2013 Standard, Clauses 6.1.3, A.16 (Information security incident management)


質問 # 163
您詢問 IT 經理,為什麼組織仍在使用行動應用程序,而個人資料加密和假名化測試卻失敗了。此外,服務經理是否有權批准測試。
IT經理解釋說,根據軟體安全管理程序,測試結果應由他批准。加密和假名功能失敗的原因是這些功能嚴重降低了系統和服務效能。需要額外 150% 的資源來滿足這一點。服務經理同意存取控制足夠好並且可以接受。這就是服務經理簽署批准書的原因。
您正在準備審計結果。選擇正確的選項。

  • A. 存在不合格項 (NC)。組織和開發人員執行的安全測試失敗。
    (與第 8.1 條相關,控制措施 A.8.29)
  • B. 存在不合格項 (NC)。服務管理員不遵守軟體安全管理程序。 (與第 8.1 條相關,控制措施 A.8.30)
  • C. 存在不合格項 (NC)。組織和開發人員不執行驗收測試。
    (與第 8.1 條相關,控制措施 A.8.29)
  • D. 不存在不合格項 (NC)。服務經理做出了繼續提供服務的正確決定。
    (與第 8.1 條相關,控制措施 A.8.30)

正解:B

解説:
According to ISO 27001:2022 Annex A Control 8.30, the organisation shall ensure that externally provided processes, products or services that are relevant to the information security management system are controlled. This includes developing and entering into licensing agreements that cover code ownership and intellectual property rights, and implementing appropriate contractual requirements related to secure design and coding in accordance with Annex A 8.25 and 8.2912 In this case, the organisation and the developer have performed security tests that failed, which indicates that the secure design and coding requirements of Annex A 8.29 were not met. The IT Manager explains that the encryption and pseudonymisation functions failed because they slowed down the system and service performance, and that an extra 150% of resources are needed to cover this. However, this does not justify the acceptance of the test results by the Service Manager, who is not authorised to approve the test according to the software security management procedure. The Service Manager should have consulted with the IT Manager, who is the owner of the process, and followed the procedure for handling nonconformities and corrective actions. The Service Manager's decision to continue the service based on access control alone exposes the organisation to the risk of compromising the confidentiality, integrity, and availability of personal data processed by the mobile app. Therefore, there is a nonconformity (NC) with clause 8.1, control A.8.30.
References:
1: ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) Course by CQI and IRCA Certified Training 1 2: ISO/IEC 27001 Lead Auditor Training Course by PECB 2


質問 # 164
您正在 ABC Healthcare Services 的療養院執行 ISO 27001 ISMS 監督審核。 ABC 使用由供應商 WeCare 設計和維護的醫療保健行動應用程式來監控居民的健康狀況。在審計過程中,您了解到90%的居民家庭成員每週一次透過電子郵件和簡訊定期收到WeCare的醫療器材廣告。 ABC 與 WeCare 之間的服務協議禁止供應商使用居民的個人資料。美國廣播公司已收到許多居民及其家人的投訴。
服務經理表示,這些投訴作為資訊安全事件進行了調查,發現這些投訴是合理的。已根據不合格和糾正措施管理程序規劃並實施糾正措施。
您寫了一份不合格項“ABC 未能遵守與居民及其家庭成員的個人資料相關的資訊安全控制 A.5.34(隱私和 PII 保護)。供應商 WeCare 使用居民的個人資訊向家庭成員”,從列出的糾正和糾正措施中選擇您希望ABC 針對不合格項採取的三個選項

  • A. ABC 確認資訊安全控制 A.5.34 包含在適用性聲明 (SoA) 中
  • B. ABC 進行管理審查,以考慮居民家庭成員的回饋
  • C. ABC 識別並檢查是否遵守涉及第三方的所有適用法律和合約要求
  • D. ABC 需要收集更多關於組織如何定義管理系統範圍的證據,並找出他們是否涵蓋醫療設備製造商 WeCare
  • E. 服務經理實施糾正措施,客戶服務代表評估所實施糾正措施的有效性
  • F. 服務經理提供不合格原因分析的證據以及 ABC 如何評估已實施的糾正措施的有效性
  • G. 農行指示全體員工遵守與居民家屬簽署的醫療服務協議
  • H. ABC 在對不符合項採取行動之前需要收集更多證據,說明資訊安全風險評估與已識別的不符合項之間的關係

正解:C、E、F

解説:
According to the ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) course, the following corrections and corrective actions are expected from ABC in response to the nonconformity:
* B. The Service Manager provides evidence of analysis of the cause of nonconformity and how the ABC evaluates the effectiveness of implemented corrective actions. This is part of the requirement of clause
10.1 of ISO/IEC 27001:2022, which states that the organization shall determine the causes of nonconformities and evaluate the need for action to ensure that they do not recur or occur elsewhere12.
The organization shall also evaluate the effectiveness of any corrective actions taken12.
* F. ABC identifies and checks compliance with all applicable legislation and contractual requirements involving third parties. This is part of the requirement of clause 4.2 of ISO/IEC 27001:2022, which states that the organization shall determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system12. This includes the legal and contractual requirements related to the information security aspects of the organization's activities, products and services12.
* G. The Service Manager implements the corrective actions and Customer Service Representatives evaluate the effectiveness of implemented corrective actions. This is part of the requirement of clause
10.1 of ISO/IEC 27001:2022, which states that the organization shall implement any action needed and retain documented information as evidence of the results of any action taken12. The organization shall also monitor, measure, analyze and evaluate the information security performance and the effectiveness of the information security management system12.
References:
* 1: ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) course, CQI and IRCA Certified Training, 1
* 2: ISO/IEC 27001 Lead Auditor Training Course, PECB, 2


質問 # 165
身為資訊安全管理系統審核小組組長,您正在代表一家線上零售商對一家國際物流公司進行第二方審核。在審核期間,您的一名團隊成員報告了與 ISO/IEC 27001 附錄 A 的控制 5.18(存取權限)相關的不合格項:
2022 年。 她發現證據表明,刪除過去 3 個月內離開的 20 名人員的伺服器存取協定需要長達 1 週的時間,而政策要求在他們離開後 24 小時內刪除存取權限。
當被審核方被問及為何延遲刪除訪問權限時,他們回答說,“由於 COVID-19 的影響,IT 部門在此期間沒有人可用。”一旦 IT 官員出現,這些權利就被取消。
您注意到她打算針對存取權限控制 (5.18) 提出輕微不符合項。對此你該如何回應?

  • A. 在確定不合格項是否適當之前,需要先取得額外的審核證據。
  • B. 不同意提出輕微不符合項,因為已儘早採取適當行動。相反,提出改進的機會。
  • C. 不同意提出輕微不符合項,有足夠的證據證明昇級為重大不符合項是合理的。
  • D. 不同意提出輕微合規性,因為已儘早採取適當行動,不再採取進一步行動。
  • E. 同意針對 5.18 提出輕微不符合項。
  • F. 同意提出輕微不合格項,但反對控制措施 5.15,而不是 5.18。

正解:F


質問 # 166
進行認證審核的審核員在製定審核計畫時不需要下列哪一份工作文件?

  • A. 清單
  • B. 審核計劃
  • C. 外部提供者列表
  • D. IT 經理的職業經歷
  • E. 組織的財務報表
  • F. 範例計劃

正解:C、D、E

解説:
According to ISO 19011:2018, which provides guidelines for auditing management systems, an auditor conducting a certification audit should prepare for an audit by reviewing relevant information about the auditee's context and processes1. This may include reviewing documented information related to the audited management system (such as policies, procedures, manuals), previous audit reports and records (such as findings, nonconformities, corrective actions), relevant legal and regulatory requirements (such as laws, standards), relevant risks and opportunities (such as internal and external issues), relevant performance indicators (such as objectives, targets), etc1. Therefore, an auditor may need work documents such as an audit plan (which defines what will be done during an audit), a sample plan (which defines how many samples will be taken from a population), and a checklist (which helps to ensure that all relevant aspects are covered during an audit)1. However, an auditor does not need work documents such as an organisation's financial statement (which is not directly related to information security management), a career history of the IT manager (which is not relevant to assessing conformity with ISO/IEC 27001:2022), or a list of external providers (which is not necessary for planning an audit)1. References: ISO 19011:2018 - Guidelines for auditing management systems


質問 # 167
......

検証済みのISO-IEC-27001-Lead-Auditor-CN問題集と解答で一年間無料最速更新:https://jp.fast2test.com/ISO-IEC-27001-Lead-Auditor-CN-premium-file.html

最新のPECB ISO-IEC-27001-Lead-Auditor-CN認定の練習テスト問題:https://drive.google.com/open?id=1YlRyQObjyIl-5JL1k8G5tEb7-bNiNwwe


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어