Study Document 11

Practice question types and partial scoring.

A guide to ISO 27001 Lead Auditor practice question formats, scenario judgement, multi-select instructions, matching, sequencing, NCR writing, and proportional marks allocation.

Purpose

Practice should test judgement, not only memory.

The KISCyber practice portal supports question types that reflect how lead auditor candidates are tested: knowledge recall, audit sequencing, scenario interpretation, evidence judgement, and nonconformity writing.

40Full practice paper questions across five exam domains.
80Total marks in the practice-paper model used by KISCyber.
50%Overall pass benchmark: 40 out of 80 marks.

Question formats

Use the right question type for the skill being tested.

Good practice papers mix simple recall with applied audit judgement. The wording must tell the learner how many options to select and what evidence to consider.

Select one

Single best answer.

Learner chooses one correct or best option. Useful for definitions, clause recognition, audit role questions, and best next action scenarios.

Select multiple

Two, three, or more correct options.

The question must clearly state the number of answers required. Useful for evidence selection, valid findings, and combined clause requirements.

Matching

Match terms or concepts.

Useful for mapping terms to definitions, clauses to requirements, evidence to audit criteria, or controls to risk treatment themes.

Sequencing

Arrange steps in order.

Useful for risk assessment, audit planning, opening-to-closing audit flow, corrective action review, and report closure steps.

Scenario judgement

Choose the best audit response.

Tests whether the learner can identify scope, criteria, evidence, professional behaviour, and the appropriate next action.

NCR writing

Validate or draft a finding.

Tests whether the learner can connect requirement, objective evidence, problem statement, location, and classification.

Partial scoring

Marks are divided across the correct options.

For multi-select questions, proportional marking awards credit for each correct answer selected. The mark value for each correct option is the total marks divided by the number of correct options.

Formula

Marks per correct option = question marks / number of correct options. Award the learner the marks for each correct option selected, subject to the selected scoring mode and question instructions.

Worked examples

The same logic applies to 1, 2, or 3 mark questions.

This is the scoring logic used to make multi-select questions fair when the learner selects only some of the correct answers.

Question marks
Correct options
Each correct option
Example selected
Score
1 mark
2 correct options
0.5 marks each
1 correct selected
0.5 / 1
1 mark
2 correct options
0.5 marks each
2 correct selected
1 / 1
2 marks
3 correct options
0.67 marks each
2 correct selected
1.33 / 2
3 marks
3 correct options
1 mark each
2 correct selected
2 / 3
3 marks
1 correct option
3 marks each
1 correct selected
3 / 3

Scoring modes

Learning mode and strict mode serve different goals.

KISCyber can use simple learning mode for study and strict mode for harder exam simulation. The learner should know which mode is active before starting.

Simple learning mode

No negative marking. Award marks for correct selected answers. Wrong selections do not add marks. This mode helps learners understand partial knowledge without heavy penalty.

Strict exam simulation mode

Deduct the same fractional value for wrong selections, but do not allow the question score to fall below zero. This encourages careful selection where too many guesses should not be rewarded.

Scenario format

Scenario questions should include evidence and audit context.

A strong scenario gives enough context for the learner to identify audit criteria, evidence, the right audit behaviour, and whether further evidence is needed.

Sample scenario

During a Stage 2 audit, the auditor finds that the risk treatment plan includes implementation of MFA for privileged users. Three sampled privileged accounts do not have MFA enabled. The IT manager says MFA rollout is planned next quarter, but the SoA states the relevant control is implemented.

Question: Which two audit conclusions are most appropriate?

  1. Raise or consider a nonconformity because the SoA implementation status is inconsistent with sample evidence.
  2. Accept the explanation because the control is planned.
  3. Seek further evidence to confirm whether this is isolated or systemic.
  4. Recommend certification without noting the issue.
  5. Exclude the control from Annex A.

Correct answers: 1 and 3. The SoA states implemented, but sample evidence indicates otherwise. The auditor should evaluate the finding and determine whether the issue is isolated or systemic.

Coverage by domain

Question type should match exam-domain skill.

Use the five-domain model to balance concept recall, audit planning, evidence collection, and reporting judgement.

Domain
Best-fit question types
What to test
Domain 1
Select one, select multiple, matching.
ISO family, ISMS concepts, clauses, risk-based thinking, and terminology.
Domain 2
Scenario judgement, select multiple, matching.
Audit type, audit principles, auditor behaviour, independence, confidentiality, and competence.
Domain 3
Sequencing, scenario judgement, select multiple.
Audit programme, scope, criteria, audit plan, sampling, and Stage 1 readiness.
Domain 4
Scenario judgement, evidence selection, sequencing.
Opening meetings, interviews, audit trails, objective evidence, and finding development.
Domain 5
NCR writing, scenario judgement, select multiple.
NCR wording, audit report, closing meeting, corrective action review, and closure evidence.

Question-writing checklist

Every question needs clear rules.

  • State how many answers must be selected.
  • State total marks for the question.
  • Ensure each option is plausible but only the intended answers are correct.
  • Avoid trick wording that tests language confusion instead of audit competence.
  • Provide an explanation after submission for learning value.

Exam technique

Read the instruction before reading options.

  • Check whether the question asks for best answer, correct answers, next action, or valid conclusion.
  • For multi-select, select only the requested number unless the system allows otherwise.
  • In scenario questions, identify criteria, evidence, scope, and auditor role before choosing.
  • Do not select an option that gives consultancy advice during a certification audit.

Use note

This is a KISCyber learner guide.

This page is an original training summary using user-provided ISO 27001 Lead Auditor study materials and the KISCyber practice-paper model as references. Always use the authorised standard, official course material, and current exam provider guidance when preparing for certification.