
ISO-22301-Lead-Auditor認証試験の問題集解答を提供しています [2024年08月]
更新されたISO-22301-Lead-Auditor試験練習テスト問題
ISO-22301-Lead-Auditor 認定試験は、事業継続管理の原則と概念、ISO 22301 規格の要件、監査プロセス、効果的な監査を実施するために必要なスキルなどのトピックをカバーしています。試験では、候補者の監査計画と実施能力、監査結果の報告、是正措置のフォローアップ能力も評価されます。この認定は、保持者が BCMS の有効性を評価し、改善のための推奨事項を提供するために必要な知識とスキルを持っていることを示しています。また、業界標準とベストプラクティスについての情報を常に最新のものに保ち、継続的なプロフェッショナル開発に取り組んでいることも示しています。
PECB ISO-22301-Lead-Auditor 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
PECB ISO-22301-Lead-Auditor認定は、BCMS監査における候補者の知識とスキルを試験する厳格な試験です。試験は複数選択肢の問題から構成され、ISO 22301標準およびその要件の理解、効果的なBCMS監査を実施する能力、BCMS実装に関する指導を提供する能力、改善の余地を特定する能力を評価します。
質問 # 49
Which of the following Audit verifies that the BCM Programme activities are adequately managed through conformance?
- A. Quality
- B. Dependency
- C. Security
- D. Maintenance
正解:A
質問 # 50
____________________ manages the full spectrum of risks and their combined impact as an interrelated risk profile to the organization.
- A. Enterprise Strategy Management (ESM)
- B. Enterprise Continual Management (ECM)
- C. Enterprise Planning Management (EPM)
- D. Enterprise Risk Management (ERM)
正解:D
質問 # 51
Which two (2) are the key areas of Exercise?
- A. Staff
- B. Plans
- C. Stakeholder
- D. Organisation
正解:A、B
質問 # 52
Which of the following evaluation process enables senior executives to manage decisions on building resilience in the development programme?
- A. Process Evaluation
- B. Resources Allocation
- C. Adaption
- D. New Product/Service Assessment
正解:D
解説:
Explanation
The evaluation process that enables senior executives to manage decisions on building resilience in the development programme is the new product/service assessment. This process involves evaluating the potential impact of new products or services on the organization's business continuity objectives, risks, and capabilities.
The new product/service assessment helps senior executives to identify and prioritize the business continuity requirements and resources needed for the successful launch and delivery of new products or services. The new product/service assessment also helps senior executives to monitor and review the performance and effectiveness of the new products or services in relation to the business continuity objectives and expectations.
References:
ISO 22301 Auditing eBook, page 67
ISO 22301:2019, clause 8.3
質問 # 53
All outsourced functions of processes that are part of the organization's delivery system should be included in the scoping analysis.
- A. True
- B. False
正解:A
質問 # 54
A business continuity champion represents the executive management perspective in setting up the expectation for BCM.
- A. True
- B. False
正解:A
解説:
Explanation
According to ISO 22301 Auditing eBook, Chapter 2.1.2, a business continuity champion is a person who represents the executive management perspective in setting up the expectation for business continuity management (BCM). The business continuity champion is responsible for ensuring that the BCM policy and objectives are aligned with the strategic direction of the organization, and that the necessary resources and support are provided for the implementation and maintenance of the business continuity management system (BCMS). The business continuity champion also acts as a liaison between the executive management and the business continuity manager, who is the person in charge of the operational aspects of the BCMS. References:
ISO 22301 Auditing eBook, Chapter 2.1.2.
質問 # 55
Which of the following includes guidelines, procedures and physical control systems?
- A. Corporate Defences
- B. Corporate Structure
- C. Corporate Processes
- D. Corporate Income
正解:A
質問 # 56
Which one of the following initiative of Business Continuity Management is a regulatory system that controls an organization and its activities?
- A. Leadership
- B. Governance
- C. Good Business Practice
- D. Long Rance Focus
正解:B
質問 # 57
Which one of the following function encompasses the knowledge and skills of a diverse group of professionals to manage the corporate Business Continuity Management programme?
- A. Multidisciplinary Function
- B. Value Preservation
- C. Communication
- D. Adaption
正解:A
質問 # 58
The purpose of risk management for business continuity is to find out what problems an organization may face.
How should the level of risk for an organization be determined?
- A. Combining importance and acceptance of events
- B. Combining profitability and analysis of events
- C. Combining acceptable and tolerable events
- D. Combining consequence and likelihood of events
正解:D
質問 # 59
Which activities are exposed to innumerable threats that have the potential to compromise the achievement of corporate goals?
- A. Formal
- B. Organizational
- C. Structural
- D. Procedural
正解:B
解説:
Explanation
Organizational activities are the actions and processes that an organization performs to achieve its objectives and deliver its products and services. These activities are exposed to innumerable threats that have the potential to compromise the achievement of corporate goals. These threats can be internal orexternal, natural or man-made, intentional or accidental, and can affect the organization's resources, capabilities, reputation, and continuity. Some examples of threats that can disrupt organizational activities are:
Natural disasters, such as earthquakes, floods, storms, fires, or pandemics Cyber-attacks, such as hacking, malware, ransomware, denial-of-service, or data breaches Human errors, such as mistakes, negligence, or miscommunication Malicious acts, such as sabotage, theft, fraud, vandalism, or terrorism Supply chain issues, such as delays, shortages, quality problems, or contractual disputes Regulatory changes, such as new laws, standards, or policies that affect the organization's operations or compliance Market changes, such as shifts in customer demand, preferences, or expectations, or increased competition or innovation Social changes, such as changes in demographics, culture, values, or behaviors that affect the organization's stakeholders or environment To protect against these threats and ensure the continuity of organizational activities, organizations need to implement a business continuity management system (BCMS) that follows the requirements of ISO 22301. A BCMS is a set of policies, procedures, and practices that enable an organization to prepare for, respond to, and recover from disruptions when they arise. A BCMS helps an organization to identify its critical activities, assess the risks and impacts of potential disruptions, develop strategies and plans to mitigate and manage the disruptions, and test and improve the effectiveness of the BCMS. By implementing a BCMS, an organization can enhance its resilience, reduce its losses, and maintain its reputation and customer satisfaction. References: : What is ISO 22301 standard and what is its purpose? : Building Business Resilience: A Guide to ISO 22301 Certification : ISO 22301:2019(en), Security and resilience ? Business continuity management systems ?
Requirements
質問 # 60
Which phase determines potential issues pertaining to the management of the BCMS?
- A. Plan
- B. Check
- C. Act
- D. Do
正解:C
質問 # 61
Which step in PDCA Cycle Formulate and implement a management plan with actions?
- A. Plan
- B. Do
- C. Check
- D. Act
正解:B
質問 # 62
Which two dependencies are validated by Business Impact Analysis? (Choose two)
- A. Static Dependencies
- B. External Dependencies
- C. Dynamic Dependencies
- D. Internal Dependencies
正解:B、D
解説:
Explanation
Business Impact Analysis (BIA) is a process of identifying and evaluating the potential impacts of disruptions to critical business processes, systems, and resources. One of the objectives of BIA is to validate the dependencies of the organization's essential functions and operations. Dependencies are the relationships or interconnections between the organization and its internal or external stakeholders, such as suppliers, customers, partners, regulators, etc. Dependencies can affect the organization's ability to deliver its products and services, and therefore, they need to be considered in the BIA process. According to ISO/TS 22317:2021, there are two types of dependencies that are validated by BIA: internal dependencies and external dependencies1. Internal dependencies are the dependencies within the organization, such as between different functions, processes, activities, resources, or locations. For example, a production function may depend on the supply of raw materials from a warehouse, or a finance function may depend on the availability of an accounting system. Internal dependencies can be identified by analyzing the inputs and outputs of each function or process, and the resources required to support them. External dependencies are the dependencies outside the organization, such as with suppliers, customers, partners, regulators, or other stakeholders. For example, a retail company may depend on the delivery of goods from its suppliers, or a bank may depend on the compliance with regulatory requirements. External dependencies can be identified by analyzing the contracts, agreements, or expectations with the external parties, and the potential impacts of their failure or disruption. References:
ISO/TS 22317:2021, clause 6.3.2
質問 # 63
The purpose of risk management for business continuity is to find out what problems an organization may face.
How should the level of risk for an organization be determined?
- A. Combining importance and acceptance of events
- B. Combining profitability and analysis of events
- C. Combining acceptable and tolerable events
- D. Combining consequence and likelihood of events
正解:D
解説:
Explanation
According to ISO 22301:2019, Clause 6.1.2, the organization must establish, implement, and maintain a documented process to manage risks related to the continuity of its critical functions and the achievement of its business continuity objectives. The risk management process should include the identification, analysis, and evaluation of the risks that may cause disruption to the organization's operations, products, and services. The level of risk for an organization should be determined by combining the consequence and likelihood of the events that may lead to disruption, as well as the organization's risk criteria, risk appetite, and risk tolerance.
The consequence of an event is the impact or effect that it may have on the organization's objectives, reputation, stakeholders, and resources. The likelihood of an event is the probability or frequency that it may occur, based on historical data, statistical analysis, expert judgment, or other methods. The organization should use appropriate tools and techniques to assess the level of risk, such as risk matrices, risk registers, risk maps, or risk software. The organization should also document the results of the risk assessment and communicate them to relevant interested parties. The purpose of risk management for business continuity is to find out what problems an organization may face, and to take appropriate actions to prevent, mitigate, or transfer the risks, or to accept them if they are within the organization's riskcriteria. References: ISO 22301:2019, Clause 6.1.2; ISO 22301 Auditing eBook, Chapter 4.2.2.
質問 # 64
......
合格させるISO 22301 ISO-22301-Lead-Auditor試験には102問があります:https://jp.fast2test.com/ISO-22301-Lead-Auditor-premium-file.html