Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. PECB
  4. ISO 27001
  5. ISO-IEC-27001-Lead-Auditor Discussions
  6. ISO-IEC-27001-Lead-Auditor Exam Topic 12 Question 119 Discussion

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 119 Topic 12 Discussion

 PECB Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 119 Topic 12 Discussion

ISO-IEC-27001-Lead-Auditor Exam Topic 12 Question 119 Discussion:
Question #: 119
Topic #: 12

You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services.

The next step in your audit plan is to verify the information security of ABC's healthcare mobile app development, support, and lifecycle process. During the audit, you learned the organisation outsourced the mobile app development to a professional software development organisation with CMMI Level 5, ITSM

(ISO/IEC 20000-1), BCMS (ISO 22301) and ISMS (ISO/IEC 27001) certified.

The IT Manager presents the software security management procedure and summarises the process as follows:

The mobile app development shall adopt "security-by-design" and "security-by-default" principles, as a minimum. The following security functions for personal data protection shall be available:

Access control.

Personal data encryption, i.e., Advanced Encryption Standard (AES) algorithm, key lengths: 256 bits; and

Personal data pseudonymization.

Vulnerability checked and no security backdoor

You sample the latest Mobile App Test report - Reference ID: 0098, details as follows:

ISO-IEC-27001-Lead-Auditor Question 119

ISO-IEC-27001-Lead-Auditor Question 119

You would like to investigate other areas further to collect more audit evidence. Select three options that will not be in your audit trail.
A.

Collect more evidence on how much residents' family members pay to install ABC's healthcare mobile app. (Relevant to clause 4.2)

B.

Collect more evidence by downloading and testing the mobile app on your phone. (Relevant to control A.8.1)

C.

Collect more evidence to determine the number of users of ABC's healthcare mobile app. (relevant to clause 4.2)

D.

Collect more evidence on how the organisation performs testing of personal data handling. (Relevant to control A.5.34)

E.

Collect more evidence on the organisation's business continuity policy. (Relevant to control A.5.30)

F.

Collect more evidence on how the organisation manages information security in the selection of an external service provider. (Relevant to control A.5.19)

G.

Collect more evidence on how the developer trains its product support personnel. (Relevant to clause 7.2)

Get Premium ISO-IEC-27001-Lead-Auditor Questions
Actual exam question for PECB ISO-IEC-27001-Lead-Auditor exam by Jett92718 at Feb 1, 2026, 6:44:12 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next