Latest PECB ISO-IEC-42001-Lead-Auditor PDF and Dumps (2026) Free Exam Questions Answers
Pass Your AI management system (AIMS) ISO-IEC-42001-Lead-Auditor Exam on Jun 24, 2026 with 200 Questions
PECB ISO-IEC-42001-Lead-Auditor Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
NEW QUESTION # 101
During a combined audit, if an auditor identifies a finding linked to one criterion, should they consider its potential impact on corresponding or related criteria of other management systems?
- A. Yes, the auditor should consider the possible impact on the corresponding or similar criteria of the other management system
- B. Yes, the auditor should consider the other criteria only if the finding is deemed significant
- C. No, in such cases the auditor should always focus on the specific criterion identified
Answer: A
Explanation:
In combined audits (e.g., when ISO/IEC 42001 is audited alongside ISO/IEC 27001, ISO 9001, etc.), findings in one management system may affect others. ISO 19011:2018 Clause 5.5.5 recommends that auditors take a holistic view and evaluate how a finding in one standard may influence conformity with another standard - especially where there are shared or overlapping requirements (e.g., risk management, data governance, etc.).
This approach supports better integration, reduces duplication, and ensures comprehensive risk mitigation across systems.
Reference:
ISO 19011:2018 Clause 5.5.5 - Conducting audits of integrated management systems ISO/IEC 42001:2023 Clause 6.1 - Context and integration with other standards Below are Questions 71 to 74 formatted in your requested structure according to ISO/IEC 42001:2023 Artificial Intelligence Management System Lead Auditor guidelines. Each question includes the correct answer and a detailed explanation referencing the standard.
-
NEW QUESTION # 102
Question:
A certification body is conducting surveillance audits for a company managing multiple sites, including a temporary construction site with a limited duration.
The audit team is considering whether the presence of this temporary site should influence the frequency of surveillance audits.
Can this factor necessitate an adjustment in the audit schedule?
- A. Yes, because it represents a management system certification of limited duration
- B. No, temporary construction sites do not influence audit frequency
- C. Yes, but only if the construction site operates under different seasonal conditions
Answer: A
Explanation:
Temporary sitesmustbe considered in surveillance audit planning, as they aretime-limitedandpresent specific operational risks.
* ISO/IEC 17021-1:2015 Clause 9.6.2.2states:"Audit frequency and scheduling must consider factors such as temporary sites, risk exposure, and operational changes."
* TheIAF MD1 Guidelinesfurther support the adjustment of surveillance activities based on the presence of temporary sites or operations.
Reference:ISO/IEC 17021-1:2015 Clause 9.6.2.2; IAF MD1 Mandatory Document.
NEW QUESTION # 103
Scenario 6 (continued):
Scenario 6: HappilyAI is a pioneering enterprise dedicated to developing and deploying artificial intelligence Al solutions tailored toenhance customer service experiences across various industries. The company offers innovative products like virtual assistants,predictive analytics tools, and personalized customer interaction platforms. As part of its commitment to operational excellence andinnovation, HappilyAI has implemented a robust Al management system AIMS to oversee its Al operations effectively. Currently.HappilyAI is undergoing a comprehensive audit process of its AIMS to evaluate its compliance with ISO/IEC 42001.
Under the leadership of Jess, the audit team began the audit process with meticulous planning and coordination, setting the groundworkfor the extensive on-site activities of the stage 1 audit. This initial phase was marked by a comprehensive documentation review. Theaudit scope encompassed a critical review of HappilyAI's core departments, including Research and Development (R&D), CustomerService, and Data Security, aiming to assess the conformity of HappilyAI's AIMS to the requirements of ISO/IEC 42001.
Afterward, Jess and the team conducted a formal opening meeting with HappilyAI to introduce the audit team and outline the auditactivities. The meeting set a collaborative tone for the subsequent phases, where the team engaged in information collection, executedaudit tests, identified findings, and prepared draft nonconformity reports while maintaining a strict quality review process.
In gathering evidence, the audit team employed a sampling method, which involved dividing the population into homogeneous groups toensure a comprehensive and representative data collection by drawing samples from each segment. Furthermore, the team employedobservation to deepen their understanding of the Al management processes. They verified the availability of essential documentation,including Al-related policies, and evaluated the communication channels established for reporting incidents.
Additionally, they scrutinized specific monitoring tools designed to track the performance of data acquisition processes, ensuring thesetools effectively identify and respond to errors or anomalies. However, a notable challenge emerged as the team encountered a lack ofaccess to documented information that describes how tasks about AIMS are executed. In addition to this, the team identified a potentialnonconformity within the Sales Department. They decided not to record this as a nonconformity in the audit report but onlycommunicated it to the HappilyAI's representatives.
During the stage 2 audit, the certification body, in collaboration with HappilyAI, assigned the roles of technical experts within the auditteam. Recognized for their specialized knowledge and expertisein artificial intelligence and its applications, these technical experts aretasked with the thorough assessment of the AIMS framework to ensure its alignment with industry standards and best practices,focusing on areas such as data ethics, algorithmic transparency, and Al system security.
Question:
During the stage 2 audit, the certification body and the company assigned the roles of technical experts. Is this acceptable?
- A. Yes, the role of technical experts must be agreed upon by the certification body and the company during the audit process
- B. No, the roles of technical experts must be assigned by the certification body prior to conducting the audit
- C. No, the company must assign the roles of technical experts independently of the certification body's involvement
Answer: A
Explanation:
It isacceptableif thecertification body and auditee agreeon the technical experts' roles.
* ISO/IEC 17021-1:2015 Clause 9.1.9states:"The role and involvement of technical experts must be planned and agreed between the certification body and auditee prior to their participation."
* TheLead Auditor Manualreinforces:"Technical experts provide specialized knowledge, but their roles must be coordinated through mutual agreement between certification bodies and auditees." Reference:ISO/IEC 17021-1:2015 Clause 9.1.9; ISO/IEC 42001:2023 Clause 9.2.2.
NEW QUESTION # 104
Question:
What is a significant drawback of using judgment-based sampling in audits?
- A. It requires extensive statistical training for the audit team
- B. It does not allow for a statistical estimate of uncertainty in the audit findings
- C. It relies mostly on previously identified significant risks
Answer: B
Explanation:
The major limitation ofjudgment-based samplingis that itdoes not support statistical estimation of audit uncertainty.
* ISO 19011:2018 Clause 6.5.5clarifies:"Judgment-based sampling may introduce bias and cannot provide statistical confidence in the findings."
* Although this method is useful for targeting high-risk areas, it lacks quantifiable precision.
Reference:ISO 19011:2018 Clause 6.5.5; ISO/IEC 42001 Lead Auditor Guide - Section 6 ("AuditSampling and Limitations").
NEW QUESTION # 105
Audit evidence must be:
- A. Refutable
- B. Verifiable
- C. Structured
- D. Physical
Answer: B
Explanation:
Audit evidencemust beobjective and verifiable, meaning that it can beconfirmed through observation, documentation, or reproducible results. This is a foundational principle of auditing as per:
* ISO 19011:2018 - Clause 3.8defines audit evidence as "records, statements of fact or other information which arerelevant to the audit criteria and verifiable."
* This principle is also emphasized in ISO/IEC 42001 during internal audits (Clause 9.2), ensuring that conclusions are based onfactual, traceable, and confirmabledata.
Verifiability ensures the credibility and reliability of audit findings, especially critical in evaluating AIMS due to the complexity and potential subjectivity of AI behaviors.
Reference: ISO 19011:2018 - Clause 3.8; Principle of evidence-based approach ISO/IEC 42001:2023 - Clause 9.2.2 (Internal audit process) PECB Lead Auditor Guide - Domain 3: "Audit Evidence and Findings"
NEW QUESTION # 106
Which control in Annex A of ISO 42001:2023 focuses on the need for stakeholder engagement in AI system development?
- A. Data Management
- B. Stakeholder Consultation
- C. Risk Assessment
- D. Continuous Improvement
Answer: B
Explanation:
Annex A - Control A.5.2.2: Stakeholder Consultationexplicitly requires organizations toconsult with relevant stakeholders(such as users, impacted communities, regulators, etc.) during the development and operation of AI systems.
This control emphasizes the importance of engaging stakeholders toidentify expectations, values, ethical concerns, and social impact risksassociated with the AI system.
Stakeholder engagement supports transparency, ethical alignment, and social acceptability of AI solutions.
NEW QUESTION # 107
Which step involves reviewing documents and records relevant to the audit scope?
- A. Audit reporting
- B. Audit follow-up
- C. Document review
- D. Closing meeting
Answer: C
Explanation:
TheDocument Reviewstep is a key part of audit preparation where auditors evaluate relevantdocuments, records, policies, and proceduresto understand the structure and implementation of the AI Management System.
As perISO 19011:2018 - Clause 6.4.3, document review helps auditorsfamiliarize themselves with the management system, identify potential areas of concern, and refine the audit plan.
In AI audits (such as AIMS under ISO/IEC 42001), this may include reviewingAI governance policies, data governance procedures, impact assessments, or model documentation.
Reference: ISO 19011:2018 - Clause 6.4.3 (Review of documented information) ISO/IEC 42001:2023 - Clause 9.2.1 (Internal audit preparation) PECB Lead Auditor Guide - Domain 4: "Document and Record Review in Audit Planning"
NEW QUESTION # 108
Which among the following core concepts of Artificial Intelligence uses artificial neural networks inspired by the human brain to process complex data like images, text, and speech?
- A. Natural Language Processing
- B. Deep Learning
- C. Machine Learning
- D. Computer Vision
Answer: B
Explanation:
Deep Learning (DL)is a subfield of Machine Learning that employsartificial neural networks,particularly multi-layered architectures, inspired by the structure and function of the human brain. DL excels at processinghigh-dimensional datasuch as:
* Images(e.g., object detection)
* Text(e.g., sentiment analysis)
* Speech(e.g., voice recognition)
While NLP and Computer Vision areapplication domains, and Machine Learning is thebroader category, Deep Learningis thecorrect specific techniqueknown for handling such complex tasks.
As per thePECB Lead Auditor Study Guide - Domain 1, Deep Learning is used whenlarge volumes of unstructured or complex dataare involved, and is referenced as the foundation of modern AI systems like voice assistants, recommendation engines, and image recognition tools.
NEW QUESTION # 109
A healthcare provider wants to develop a system that can analyze medical images, such as X-rays and MRIs, to assist doctors in diagnosing diseases. Which AI concept is most relevant for this application?
- A. Deep Learning (DL)
- B. Machine Learning (ML)
- C. Natural Language Processing (NLP)
- D. Computer Vision
Answer: D
Explanation:
The AI concept most relevant for analyzingvisual data like X-rays and MRIsisComputer Vision. This field focuses on enabling machines tounderstand and interpret image and video data.
As outlined in thePECB Lead Auditor Guide - Domain 1, Computer Vision is specifically applied in medical imaging, object detection, facial recognition, and other tasks requiring interpretation of visual content.
WhileDeep Learningmay be used as an underlying technique (e.g., convolutional neural networks), Computer Visionis the broader and correct domain applicable to the question.
Reference: PECB Lead Auditor Guide - Domain 1: "AI Technologies and Use Cases" ISO/IEC 42001:2023 - Clause 8.2.3 (Selecting suitable AI approaches based on purpose and data types)
NEW QUESTION # 110
Which among the following is NOT a core element of AIMS?
- A. Fairness and non-discrimination
- B. Privacy and security
- C. Safety and reliability
- D. Independence and honesty
Answer: D
Explanation:
While Independence and honesty are general auditing values (as per ISO 19011:2018, Clause 4 on audit principles), they are not listed as core principles of an AI Management System (AIMS) under ISO/IEC
42001:2023.
The recognized core principles and values within an AIMS - according to the standard and PECB training
- include:
* Fairness and Non-Discrimination
* Privacy and Security
* Safety and Reliability
* Accountability
* Transparency and Explainability
* Human-Centered Design
These principles guide the risk management, operational control, and ethical alignment of AI systems throughout their lifecycle, as required in Clauses 4.2, 6.1, and 8.2 of ISO/IEC 42001.
Reference: ISO/IEC 42001:2023 - Clauses 4.2, 6.1.2, 8.2.3
PECB Lead Auditor Guide - Domain 1: "Core Principles of AIMS"
NEW QUESTION # 111
Scenario 5 (continued):
Scenario 5: Aizoia, located in Washington, DC, has revolutionized data analytics, software development, and consulting by using advanced Al algorithms. Central to its success is an Al platform adept at deciphering complex datasets for enhanced insights. To ensure that its Al systems operate effectively and responsibly, Aizoia has established an artificial intelligence management system AIMS based on ISO/IEC 42001 and is now undergoing a certification audit to verify the AIMS's effectiveness and compliance with ISO/IEC 42001.
Robert, one of the certification body's full-time employees with extensive experience in auditing, was appointed as the audit team leader despite not receiving an official offer for the role. Understanding the critical importance of assembling an audit team with diverse skills and knowledge, the certification body selected competent individuals to form the audit team. The certification body appointed a team of seven members to conduct the audit after considering the specific conditions of the audit mission and the required competencies.
Initially, the certification body, in cooperation with Aizoia, defined the extent and boundaries of the audit, specifying the sites (whether physical or virtual), organizational units, and the activities for review. Once the scope, processes, methods, and team composition had been defined, the certification body provided the audit team leader with extensive information, including the audit objectives and documented details on the scope, processes, methods, and team compositions.
Additionally, the certification body shared contact details of the auditee, including locations, time frames, and the duration of the audit activities to be conducted. The team leader also received information needed for evaluating and addressing identified risks and opportunities for the achievement of the audit objectives.
Before starting the audit, Robert wrote an engagement letter, introducing himself to Aizoia and outlining plans for scheduling initial contact. The initial contact aimed to confirm the communication channels, establish the audit team's authority to conduct the audit, and summarize the audit's key aspects, such as objectives, scope, criteria, methods, and team composition. During this first meeting, Robert emphasized the need for access to essential information that would help to conduct the audit.
Moreover, audit logistics, such as scheduling, access, health and safety arrangements, observer attendance, and the need for guides or interpreters, were thoroughly planned. The meeting also addressed areas of interest or concern, preemptively resolving potential issues and finalizing any matters related to the audit team composition.
As the audit progressed, Robert recognized the complexity of Aizoia's operations, leading him to conclude that a review of its Al-related data governance practices was essential for compliance with ISO/IEC 42001.
He discussed this need with Aizoia's management, proposing an expanded audit scope. After careful consideration, they agreed to conduct a thorough review of the Al data governance practices, but there was no mutual decision to officially change the audit scope. Consequently. Robert decided to proceed with the audit based on the original scope, adhering to the initial audit plan, and documented the conversation and decision accordingly.
Based on the scenario above, answer the following question:
Question:
Based on Scenario 5, were all the recommended aspects covered during the initial contact with Aizoia?
- A. No, the negotiation of the final audit fee and payment schedule was not covered
- B. No, the agreement with the auditee regarding the extent of the disclosure and the treatment of confidential information was not confirmed
- C. Yes, all the required aspects were covered during the initial contact
Answer: B
Explanation:
The scenario does not mention addressing confidentiality agreements, which is mandatory during the initial contact.
* ISO/IEC 17021-1:2015 Clause 9.2.3.1 and ISO 19011:2018 Clause 6.4.3 both require that agreements about confidentiality, access rights, and data protection must be confirmed before starting the audit.
* The Lead Auditor Manual highlights: "Initial contact meetings must establish the treatment of confidential information and audit-related disclosure agreements." Reference: ISO/IEC 17021-1:2015 Clause 9.2.3.1; ISO 19011:2018 Clause 6.4.3.
NEW QUESTION # 112
Question:
An auditor has been assigned to perform a certification audit for an organization. However, the auditor discovers that their close relative holds a key management position within the organization being audited.
What kind of threat to impartiality does this situation represent?
- A. Familiarity
- B. Self-interest
- C. Advocacy
- D. Intimidation
Answer: A
Explanation:
This situation represents aFamiliarity Threat.
* ISO/IEC 17021-1:2015 Clause 5.2.7identifiesfamiliarityas a risk when an auditor develops a relationship with a client that could impair objectivity.
* TheISO/IEC 42001 Lead Auditor Guidestates:"Familiarity threat occurs when an auditor becomes too sympathetic to the auditee's interests, due to close relationships or repeated interactions."A relative in management would heavily impair the auditor's independence.
Reference:ISO/IEC 17021-1:2015 Clause 5.2.7; ISO/IEC 42001 Lead Auditor Study Manual Section 4 ("Threats to Auditor Impartiality").
NEW QUESTION # 113
What is the difference between reactive machines and limited-memory AI?
- A. Reactive machines have conscious understanding of their existence and a sense of self, whereas limited memory AI does not
- B. Reactive machines can improve their functionality over time by learning from past data, while limited memory AI operates solely on present data
- C. Reactive machines operate solely on present data, while limited memory AI can temporarily store and learn from past data to improve over time
Answer: C
Explanation:
Reactive machines: These are the simplest form of AI systems. They operate only on current inputs and do not store past data (e.g., IBM's Deep Blue chess computer).
Limited-memory AI: These systems can use past data to make better decisions and predictions - commonly seen in machine learning models like those used in autonomous vehicles.
Therefore, Option C correctly highlights that reactive machines lack memory and operate only on real-time inputs, whereas limited-memory AI can utilize recent past information for learning.
Reference:
ISO/IEC 22989:2022, Clause 3.7 - Types of AI systems
ISO/IEC TR 24028:2020 - Overview of Trustworthiness in AI, includes capability taxonomy PECB AI Lead Auditor Study Guide, Chapter 2.2 - AI System Classifications
NEW QUESTION # 114
Scenario 3 (continued):
ArBank is a financial institution located in Brussels, Belgium, which offers a diverse range of banking and investment servicesto its clients. To ensure the continual improvement of its operations, ArBank has implemented a quality management system QMS based on ISO 9001 and an artificial intelligence management system AIMS based on the requirements of ISO/IEC
42001.
Audrey, an experienced auditor, led an internal audit focused on the AIMS within ArBank. She assessed the chatbots integrated into thebank's website and mobile app, analyzing communications using big data technology to identify potential noncompliance, fraud, orunethical conduct. Instead of relying solely on the information provided by the chatbots, Audrey sought out evidence that would eitherconfirm or challenge the validity of the data, ensuring her conclusions were based on reliable and accurate information. Her review ofselected chatbot interactions confirmed they met their intended purpose.
For the specific context of ArBank's operations, Audrey utilized an Al system to assess the efficiency of the bank's digital infrastructure,focusing on tasks critical to the Finance Department. This Al system was able to analyze the functionality of chatbots integrated intoArBank's website and mobile app to determine if it adheres to ISO/IEC 42001 requirements and internal policies governing customerservice in the banking sector.
In addition, Audrey conducted a deeper assessment of the bank's AIMS. Her evaluation included observing different stages of the AIMSlife cycle, from development to deployment, to ensure that roles and responsibilities were clearly defined and aligned with ArBank'soperational goals. She also evaluated the tools used to monitor and measure the performance of the AIMS.
Audrey continued the audit process by auditing ArBank's outsourced operations. Upon checking the contractual agreements between thetwo parties, Audrey decided that there was no need to gather audit evidence regarding the contractual agreement. She reviewed thecompany's processes for monitoring the quality of outsourced operations, determined whether appropriate governance processes are inplace with regard to the engagement of outsourced persons or organizations, andreviewed and evaluated the company's plans in case ofexpected or unexpected termination of the outsourcing agreement.
Based on the scenario above, answer the following question:
Question:
Based on Scenario 3, did Audrey perform a technical assessment during the audit?
- A. Yes, she performed a general assessment of ArBank's customer service performance
- B. No, only the certification body should perform technical assessments
- C. No, she only reviewed contractual agreements with outsourced service providers
- D. Yes, she conducted observations of the AIMS life cycle and evaluated the tools used to monitor its performance
Answer: D
Explanation:
Audreyconducted a technical assessmentbecause she observed the AIMS lifecycle (development, deployment) and evaluated monitoring tools, as required:
* ISO/IEC 42001 Clause 9.2.2 ("Conducting Audits") mandates that auditors must assess the full lifecycle and technical effectiveness of AI systems.
* TheLead Auditor Manualnotes:"Technical assessments during AIMS audits must include evaluating controls for AI system monitoring, performance, and lifecycle stages." Reference:ISO/IEC 42001:2023 Clause 9.2.2; Lead Auditor Study Guide, Section 5 ("Technical Review during Audits").
NEW QUESTION # 115
Question:
Who is responsible for reviewing the corrections, identified causes, and corrective actions of the auditee?
- A. The certification body
- B. The internal auditor
- C. The audit team
Answer: A
Explanation:
Thecertification bodyhas the ultimate responsibility forreviewing and verifyingcorrective actions after an audit.
* ISO/IEC 17021-1:2015 Clause 9.4.9states:"The certification body shall review the correction, cause analysis, and corrective actions proposed by the client."
* Although the audit team may assist, responsibility lies with the certification body for ensuring compliance before issuing or maintaining certification.
Reference:ISO/IEC 17021-1:2015 Clause 9.4.9; ISO/IEC 42001 Lead Auditor Guide Section 8 ("Post-Audit Responsibilities").
NEW QUESTION # 116
During an audit, the auditor uncovers sensitive data regarding the AI system's algorithms and their decision-making processes. Which principle must the auditor adhere to when handling this information?
- A. Integrity
- B. Evidence-Based Approach
- C. Confidentiality
- D. Fair Presentation
Answer: C
Explanation:
The correct principle isConfidentiality.
ISO 19011:2018 - Clause 4(e)states that auditors mustrespect the confidentiality of informationacquired during the audit and use it only for audit purposes. This includessensitive or proprietary data, such as AI algorithms, models, and proprietary decision logic.
ThePECB Lead Auditor Guide - Domain 3reinforces that anyinternal or sensitive company information discovered must besafeguarded and never disclosedwithout authorization.
Reference: ISO 19011:2018 - Clause 4(e): "Confidentiality - Security of information" PECB Lead Auditor Guide - Domain 3: "Auditor Conduct and Ethics - Confidentiality Requirements"
NEW QUESTION # 117
Scenario 4 (continued):
BioNovaPharm, a German biopharmaceutical company, has implemented an artificial intelligence management system AIMSbased on ISO/IEC 42001 to optimize various aspects of drug discovery, including analyzing extensive biological data, identifying potentialdrug candidates, and streamlining clinical trial processes. After having the AIMS in place for over a year, the company contracted acertification body and is now undergoing an AIMS audit to obtain certification against ISO/IEC 42001.
Adopting a risk-based approach, the audit team focused on risk throughout their activities. The level of detail outlined in the audit plancorresponded to the scope and complexity of the audit. The team employed a ranking system for detailed audit procedures, prioritizingthose with the highest risk.
Once the stage 1 audit began, the audit team started reviewing the auditee's documented information. To assess whether BioNovaPharmcomplies with the legal and regulatory requirements related to incident communication, the audit team examined evidence provided bythe company's external legal office. The evidence confirmed that BioNovaPharm applies the requirements of the EU Al Act, whichmandates that providers of high-risk Al systems report serious incidents to relevant authorities.
Following the completion of the stage 1 audit, John, an audit team member, documented the stage 1 audit outputs, including theobservations of the audit team that could result in nonconformities during the on-site audit. However, the audit team leader, Emma, whowas overseeing the audit activities, observed that John failed to document significant observations related to the lack of transparency inthe Al decision-making processes of BioNovaPharm. Considering that Emma observed John's lack of competence in undertaking some audit activities, a disciplinary note was recorded for John.
Question:
Based on Scenario 4, is the decision of the top management representative not to provide theadditional evidence requested by the audit team justifiable?
- A. Yes, because audits are based purely on interview evidence
- B. No, because verbal evidence is less reliable than the other types of evidence and requires additional supporting evidence
- C. Yes, because the top management representative determined that the answers from the interviews could be corroborated by interviewing different employees
- D. No, because it is not recommended to conduct interviews with different employees to verify segregation of roles and responsibilities within the organization
Answer: B
Explanation:
Verbal evidence alone is consideredless reliable.
* ISO/IEC 42001 Clause 9.2.2 states that"auditors shall corroborate interviews with documented information or other tangible evidence whenever possible."
* TheISO 19011:2018 Guidelines for Auditing Management Systems(adopted for auditing principles) Clause 6.5.6 also clearly specifies:"Interview results should be verified with other forms of evidence because interviews alone are insufficient." Reference:ISO/IEC 42001:2023 Clause 9.2.2; ISO 19011:2018 Clause 6.5.6.
NEW QUESTION # 118
......
ISO-IEC-42001-Lead-Auditor Dumps for AI management system (AIMS) Certified Exam Questions and Answer: https://examcollection.prep4king.com/ISO-IEC-42001-Lead-Auditor-latest-questions.html
