Professional Documents
Culture Documents
Pecb Iso 27001 Lead Auditor Exam Preparation Guide PDF
Pecb Iso 27001 Lead Auditor Exam Preparation Guide PDF
www.pecb.com
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
The objective of the “Certified ISO/IEC 27001 Lead Auditor” exam is to ensure that the
candidate has acquired the necessary knowledge and the skills to plan and perform an
Information Security Management System (ISMS) audit compliant with the ISO/IEC 27001:2013
standard. Furthermore, the objective of the exam is to ensure that the candidate has acquired
the knowledge to master audit principles and techniques, and to manage (or be part of) audit
teams and audit programs in compliance with ISO/IEC 17021-1 certification process and
guidelines of ISO 19011.
Auditors seeking to perform and lead Information Security Management System (ISMS)
certification audits
Project managers or consultants seeking to master the Information Security Management
System audit process
Individuals responsible for maintaining conformance with Information Security
Management System audit process
Members of an information security team
Expert advisors in information technology
Technical experts seeking to prepare for an Information Security Management System
audit
Page 2 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
1. Ability to understand and explain the 1. Knowledge of the main standards related to
organization’s operations and the information security.
development of information security 2. Knowledge of the different sources of
standards. information security requirement for an
2. Ability to identify, analyze and evaluate organization: laws, regulations, international
the information security compliance and industry standards, contracts, market
requirements for an organization. practices, internal policies.
3. Ability to explain and illustrate the main 3. Knowledge of the main information security
concepts in information security and concepts and terminology as described in
information security risk management. ISO/IEC 27000.
4. Ability to distinguish and explain the 4. Knowledge of the concept of risk and its
difference between information asset, application in information security.
data and record. 5. Knowledge of the relationship between the
5. Ability to understand, interpret and concepts of asset, vulnerability, threat, impact
illustrate the relationship between the and controls.
concepts of asset, vulnerability, threat, 6. Knowledge of the difference and characteristics
impact and controls. of security objectives and controls.
7. Knowledge of the difference between
preventive, detective and corrective controls
and their characteristics.
Page 3 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
1. Ability to understand and explain the 1. Knowledge of the concepts, principles and
components of an Information Security terminology related to management systems
Management System based on and the "Plan-Do-Check-Act" (PDCA) model.
ISO/IEC 27001 and its principal 2. Knowledge of the principal characteristics of an
processes. integrated management system.
2. Ability to interpret and analyze ISO/IEC 3. Knowledge of the main advantages of a
27001 requirements. certification for an organization.
3. Ability to understand, explain and 4. Knowledge of the ISO/IEC 27001 requirements
illustrate the main steps to establish, presented in the clauses 4 to 8.
implement, operate, monitor, review,
5. Knowledge of the main steps to establish the
maintain and improve an organization's
ISMS and security policies, security objectives,
ISMS.
processes and procedures relevant to
4. Ability to formulate security objectives managing risk and improving information
and select the appropriate controls security to deliver results in accordance with an
based upon Annex A of ISO/IEC organization’s overall policies and objectives
27001. (Awareness level).
6. Knowledge of the concept of continual
improvement and its application to an ISMS.
7. Knowledge of security objectives and controls.
Page 4 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
1. Ability to understand, explain and illustrate 1. Knowledge of the main audit concepts
the application of the audit principles in the and terminology as described in ISO
context of an ISO/IEC 27001 audit. 19011.
2. Ability to identify and judge situations that 2. Knowledge of the differences between
would discredit the professionalism of the the types of audits such as first party,
auditor and the PECB code of ethics. second party and third party audit.
3. Ability to identify and evaluate ethical 3. Knowledge of the following audit
problems taking into account the obligations principles: integrity, fair presentation,
related to sponsors, auditee and law due professional care, confidentiality
enforcement or regulatory authorities. independence and evidence-based
4. Ability to explain, illustrate and apply the approach.
audit evidence approach in the context of an 4. Knowledge of professional responsibility
ISO/IEC 27001 audit. of an auditor and the PECB code of
5. Ability to explain and compare the types and ethics.
characteristics of evidence. 5. Knowledge of evidence based approach
6. Ability to determine and justify what type of in an audit.
evidence and how much evidence will be 6. Knowledge of the different types of
required in the context of a specific ISMS evidences: physical, mathematical,
audit mission. confirmative, technical, analytical,
7. Ability to determine and evaluate the level of documentary and verbal.
materiality and apply the risk based 7. Knowledge of the quality of audit
approach during the different phases of an evidences (appropriate, reliable, reliable
ISO/IEC 27001 audit. and sufficient) and the factors that will
8. Ability to judge the appropriate level of influence them.
reasonable assurance needed for a specific 8. Knowledge of the risk based approach
ISO/IEC 27001 audit mission. in an audit and the different types of risk
related to audit activities such as:
inherent risk, control risk and detection
risk.
9. Knowledge of the concept of the
materiality and its application in an
audit.
10. Knowledge of the concept of the
reasonable assurance and its
applicability in an audit.
Page 5 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
1. Ability to understand and explain the 1. Knowledge of the main responsibilities of the
steps and activities to prepare an ISMS audit team leader and audit team members.
audit, taking in consideration the 2. Knowledge of the roles and responsibilities of
specific context and conditions of the technical experts used for an audit.
mission.
3. Knowledge of the audit objectives, audit scope
2. Ability to understand and explain the and audit criteria.
roles and responsibilities of the audit
4. Knowledge of the difference between the ISMS
team leader, audit team members and
scope and the audit scope.
technical experts.
5. Knowledge of the elements to review during
3. Ability to determine, evaluate and
the feasibility study of an audit.
confirm the audit objectives, the audit
criteria and the audit scope for a 6. Knowledge of the cultural aspects to consider
specific ISO/IEC 27001 audit mission. in an audit.
4. Ability to do a feasibility study of an 7. Knowledge of the characteristics of audit terms
audit in the context of a specific of engagement and the best practices to
ISO/IEC 27001 audit mission. establish a first contact with an auditee.
5. Ability to explain, illustrate and define 8. Knowledge of the preparation of an audit plan
the characteristics of the audit terms of 9. Knowledge of the preparation and
engagement and apply the best development of audit working paper.
practices to establish a first contact with 10. Knowledge of advantages and disadvantages
an auditee in the context of a specific of using audit checklists.
ISO/IEC 27001 audit mission. 11. Knowledge of the best practices for formulating
6. Ability to develop audit working papers the audit test plans.
and to elaborate appropriate audit test
plans in the context of a specific
ISO/IEC 27001 audit mission.
Page 6 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
1. Ability to organize and conduct the 1. Knowledge of the objectives and the content of
opening meeting in the context of a the opening meeting of an audit.
specific ISO/IEC 27001 audit mission. 2. Knowledge of the difference of the stage 1
2. Ability to conduct a stage 1 audit in the audit and the stage 2 audit.
context of a specific ISO/IEC 27001 3. Knowledge of stage 1 audit requirements,
audit mission and taking into account steps and activities.
the documentation review conditions 4. Knowledge of the documentation review criteria
and criteria. 5. Knowledge of the documentation requirements
3. Ability to prepare the audit plan for stated in ISO/IEC 27001.
stage 2 audit, containing all the 6. Knowledge of stage 2 audit requirements,
necessary documents and the steps and activities.
assignment of the auditors and 7. Knowledge of best practices of communication
technical experts for the stage. during an audit.
4. Ability to conduct a stage 2 audit in the 8. Knowledge of the roles and responsibilities of
context of a specific ISO/IEC 27001 guides and observers during an audit.
audit mission by applying the best 9. Knowledge of the conflict resolution techniques
practices of communication to collect 10. Knowledge of evidence collection procedures:
the appropriate evidence and taking observation, documentation review, interviews,
into account the roles and analysis and technical verification.
responsibilities of all people involved. 11. Knowledge of evidence analysis procedures:
5. Ability to conduct audit tests, corroboration and evaluation.
appropriate procedures, as well as the 12. Knowledge of main concepts, principles and
non-conformity reports. statistical techniques used in an audit.
6. Ability to explain, illustrate and apply 13. Knowledge of the main audit sampling methods
statistical techniques and main audit and their characteristics.
sampling methods.
7. Ability to gather appropriate evidences
objectively from the available
information in an audit and to evaluate
them objectively.
Page 7 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
Page 8 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
1. Ability to understand and explain the 1. Knowledge of the application of the PDCA
establishment of an audit program and model in the management of an audit program.
the application of the PDCA model. 2. Knowledge of requirements, guidelines and
2. Ability to understand and explain the best practices regarding audit resources,
implementation of an ISO/IEC 27001 procedures and policies.
audit program (first party, second party 3. Knowledge of the types of tools used by
and third party). professional auditors.
3. Ability to understand and explain the 4. Knowledge of requirements, guidelines and
responsibilities to protect the integrity, best practices regarding the management of
availability and confidentiality of audit audit records.
records. 5. Knowledge of the application of the continual
4. Ability to understand the requirements improvement concept to the management of an
related to the components of the audit program.
management system of an audit 6. Knowledge of the particularities to implement
program as quality management, and manage a first, second or third party audit
record management, complaint program.
management. 7. Knowledge of the managing the combined
5. Ability to understand the evaluation of audit activities.
the audit program efficiency by 8. Knowledge of the competency concept and its
monitoring the performance of each application to auditors.
auditor, each team and the entire 9. Knowledge of the personal attributes and
certification body. behavior of a professional auditor.
6. Ability to understand and explain the
way that the combined audits are
handled in an audit program.
7. Ability to demonstrate the application of
the personal attributes and behaviors
associated to professional auditors.
Page 9 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
Based on these seven domains and their relevance, twelve (12) questions are included in the
exam, as summarized in the following table:
Level of Understanding
(Cognitive/Taxonomy) Required
Questions that Number of % of test
Questions that Number of % of points
measure questions devoted to
Points per measure points per per
comprehension, per each
question synthesis and competency competency
application and competency competency
evaluation domain domain
analysis domain domain
Fundamental 5 X 2 16.67 15 20
principles and
concepts of
Information
Security 10 X
Management
System (ISMS)
Information
5 X
Security 2 16.67 10 13.33
Content Area/Competence Domains
Management
5 X
System (ISMS)
10 X 3 25 25 33.33
Closing an 5 X
ISO/IEC 27001
audit
10 X
Managing an 5 X
ISO/IEC 27001 2 16.67 10 13.33
audit program 5 X
Total points 75
Number of questions per level
7 5
of understanding
% of Test devoted to each
level of understanding 58.33 41.67
(cognitive/taxonomy)
After successfully passing the exam, candidates will be able to apply for the “PECB Certified
ISO/IEC 27001 Lead Auditor” credentials, depending on their level of experience.
Page 10 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
Candidates will be required to arrive at least thirty (30) minutes before the beginning of the
certification exam. Candidates arriving late will not be given additional time to compensate for
the late arrival and may be denied entry to the exam.
All candidates are required to present a valid identity card such as a national ID card, driver’s
license, or passport to the invigilator.
The exam duration is three (3) hours. Non-native speakers receive an additional thirty (30)
minutes.
The exam contains essay type questions: This type of format was selected as a means of
determining whether an examinee can clearly answer training related questions, by assessing
problem solving techniques and formulating arguments supported with reasoning and evidence.
The exam is set to be “open book”, and does not measure the recall of data or information. The
examination evaluates the candidates’ comprehension, application and analyzing skills.
Therefore, candidates will have to justify their answers by providing concrete explanations as to
demonstrate that they have been capable of understanding the training concepts. At the end of
this document, you will find samples of exam questions and potential answers.
As the exams are “open book”; candidates are allowed to use the following reference materials:
The use of electronic devices, such as laptops, cell phones, etc., is not allowed.
All attempt to copy, collude or otherwise cheat during the exam will automatically lead to the
exam’s failure.
PECB exams are available in English. For availability of the exam in a language other than
English, please contact examination@pecb.com.
Results will be communicated by email within a period of 6 to 8 weeks from your examination
date. The candidate will be provided with only two possible examination results: pass or fail,
rather than an exact grade.
Candidates who successfully complete the examination will be able to apply for a certified
scheme.
Page 11 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
In case of a failure, the results will be accompanied with the list of domains where the candidate
failed to fully answer the question. This can help the candidate better prepare for a retake the
exam.
Candidates who disagree with the exam results may file a complaint by writing to
examination@pecb.com. For more information, please refer to www.pecb.com.
There is no limit on the number of times a candidate may retake an exam. However, there are
some limitations in terms of allowed time-frame in between exam retakes, such as:
If a candidate does not pass the exam on the first attempt, he/she must wait 15 days for
the next attempt (1st retake). Retake fee applies.
Note: Students, who have completed the full training but failed the written exam, are eligible to
retake the exam once for free within a 12 month period from the initial date of the exam.
If a candidate does not pass the exam on the second attempt, he/she must wait 3
months (from the initial date of the exam) for the next attempt (2nd retake). Retake fee
applies.
If a candidate does not pass the exam on the third attempt, he/she must wait 6 months
(from the initial date of the exam) for the next attempt (3rd retake). Retake fee applies.
After the fourth attempt, a waiting period of 12 months from the last session date is required, in
order for candidate to sit again for the same exam. Regular fee applies.
For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official
training in order to be better prepared for the exam.
To arrange exam retakes (date, time, place, costs), the candidate needs to contact the PECB
partner who has initially organized the session.
Closing a Case
If an applicant does not apply for his/her certificate within three years, their case will be closed.
Even though an applicant’s certification period expires they have the right to reopen their case,
however, PECB will no longer be responsible for any changes regarding the conditions,
standards, policies, candidate handbook or exam preparation guide that were applicable before
the applicant’s case was closed. Applicants requesting their case to reopen must do so in
writing, and pay the required fees.
Page 12 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
EXAMINATION SECURITY
Questions 1:
Determine how you would verify each of the following control measures. You must provide
examples of evidence you would look for to have a reasonable guarantee that the control
measure has been effectively implemented. State at least two elements of proof for each.
Possible answers:
Question 2:
You have received a plan for corrective actions. Evaluate the adequacy of the proposed
corrective actions. If you agree with the corrective actions, explain why. If you disagree, explain
why and propose what you think would be adequate corrective actions.
- A non-conformity was observed because the Human Resources team was not aware
of the procedure that requires them to validate all future employee references before
hiring them.
Page 13 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
Possible answers:
I agree. This solves the problem that was ignorance of the procedure. As auditor, a sampling
will be performed during the surveillance audit to find out if the procedure is followed.
Question 3:
Determine threats and vulnerabilities associated to the following situations and indicate the
possible impacts. Also indicate if the risks would affect confidentiality, data integrity and/or
availability.
For each risk identified, provide the appropriate controls (by providing the clause number of the
control) which allows to reduce, transfer or avoid risks.
Possible answers:
Question 4:
For each of the following 5 controls, indicate if it used as a preventive, corrective, and/or
detective control; and indicate, if the control is an administrative, technical, managerial or legal
measure. Explain your answer.
Possible answers:
Page 14 of 15
PECB-820-1-ISO/IEC 27001LA Exam Preparation Guide
Question 5:
Write a test plan to validate the following control identifying the different applicable audit
procedures (observation, documentation review, interview, technical verification and analysis):
Possible answers:
Protection of logged information (A.12.4.2): Logging facilities and log information shall be protected
against tampering and unauthorized access.
Interview with the information security manager and validate the logging policy
objectives, interview with the network administrator to validate the operation of
Interview the controls in place to protect the logged information against sabotage and
unauthorized accesses.
Page 15 of 15