Preparation of the ISO27k Lead Auditor Exam

1. Could you share any Case Study or role play exercises.

Answer: It's our policy not to provide specific answers or materials related to exams.

2. Is this session required technical skills such as the controls  to answer correctly ?

Answer: For the Lead Auditor course and exam there is no need for deep knowledge about the controls to answer the questions, although basic knowledge will make easier for you to develop your answers.

3. Do we have to memorize the Annex A controls for the exam?

Answer: There is no need to memorize specific information for the exam (you can consult the standard during the exam), but it is important you understand and memorize the general structure of the standard, because this will let you find what you want faster (e.g., if the question is about leadership, then you can go directly to section 5 of the standard).

4. In the webinar, you mentioned that we should think of 5 to 6 findings. Do you mean we ju st arbitrarily think some security findings or there will be a case study to ask you for any security findings and describe the non-conformities?

Answer: In the exam there will be case studies for you to read and evaluate if they contain or not non-conformities (5 to 6 findings are the general quantity you can expect). You should note that not all case studies will contain non conformities (one of the purposes of the exam is just this, evaluate your understanding and skill to identify situations that are non conformites and when they are not).

5. Lastly, do we have to study the ISMS Manual in the exam ?

Answer: ISO 27001 does not require an ISMS Manual, so this document will not be covered in the exam.