ECCouncil 712-50 Free Practice Exam & Test Training - Part 4 PDF

9/27/2019 ECCouncil 712-50 Free Practice Exam & Test Training - ITExams.
com
Exam code or name... 
EC-Council Certified CISO v1.0 (712-50) - Full Access

Question 301 ( Topic 1 )

When analyzing and forecasting an operating expense budget what are not included?
A. New datacenter to operate from

B. Network connectivity costs
C. Software and hardware license fees
D. Utilities and power costs
Answer : A
Next Question


Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls,
and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk
mitigation needs.
When formulating the remediation plan, what is a required input?
A. Board of directors
B. Latest virus definitions file
C. Patching history
D. Risk assessment
Answer : D
Next Question


Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The
company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked
you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?
A. Roles and responsibilities

B. Information security theory
C. Incident response contacts
D. Desktop configuration standards
Answer : A
https://www.itexams.com/exam/712-50? 1/16
9/27/2019 ECCouncil 712-50 Free Practice Exam & Test Training - ITExams.com
Next Question


Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy
mandates.
What is one proven method to account for common elements found within separate regulations and/or standards?
A. Design your program to meet the strictest government standards

B. Develop a crosswalk
C. Hire a GRC expert
D. Use the Find function of your word processor
Answer : B
Next Question


Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to
deal with risk to information from people first.
How can you minimize risk to your most sensitive information before granting access?
A. Set your firewall permissions aggressively and monitor logs regularly.

B. Develop an Information Security Awareness program
C. Conduct background checks on individuals before hiring them
D. Monitor employee drowsing and surfing habits
Answer : C
Next Question


Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and
international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps
were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning.
Which of the following is the MOST logical next step?
A. Create detailed remediation funding and staffing plans

B. Report the audit findings and remediation status to business stake holders
C. Validate the effectiveness of current controls
D. Review security procedures to determine if they need modified according to findings
Answer : B
Next Question
e t Quest o


Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct
periodic:
A. Baseline of computer systems

B. Password changes
C. Controlled spear phishing campaigns
D. Scanning for viruses
Answer : C
Next Question


Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion
that the security program only slows things down and limits the performance of the â€œreal workers.â€
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the
organization?
A. Cite corporate policy and insist on compliance with audit findings

B. Draw from your experience and recount stories of how other companies have been compromised
C. Understand the business and focus your efforts on enabling operations securely
D. Cite compliance with laws, statutes, and regulations â€" explaining the financial implications for the company for non-compliance
Answer : C
Next Question


were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?
A. Inform peer executives of the audit results

B. Validate gaps and accepts or dispute the audit findings
C. Create remediation plans to address program gaps
D. Determine if security policies and procedures are adequate
Answer : B
Next Question


Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and
industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in
just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?
A. NIST and Privacy Regulations

B. NIST and data breach notification laws
C. ISO 27000 and Payment Card Industry Data Security Standards
D. ISO 27000 and Human resources best practices
Answer : C
Next Question


Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The
implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as
scalable as originally thought and will not fit the organizationâ€™s needs.
What is the MOST logical course of action the CISO should take?
A. Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements
B. Review the original solution set to determine if another system would fit the organizationâ€™s risk appetite and budget regulatory compliance
requirements
C. Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor.
D. Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be proved when needed
Answer : B
Next Question


Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team
and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are
spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements.
During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data
on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?
A. Consult with other C-Level executives to develop an action plan

B. Contract with a credit reporting company for paid monitoring services for affected customers
C. Contact your local law enforcement agency
D. Destroy the repository of stolen data
Answer : A
Next Question
Next Question


Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational
systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only
approved personnel can use particular applications or retrieve information.
All employees have access to their own human resource information, including the ability to change their bank routing and account information and
other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. The organization wants a
more permanent solution to the threat to user credential compromise through phishing.
What technical solution would BEST address this issue?
A. Multi-factor authentication employing hard tokens

B. Forcing password changes every 90 days
C. Decreasing the number of employees with administrator privileges
D. Professional user education on phishing conducted by a reputable vendor
Answer : A
Next Question


Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team
and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are
spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the
rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign
country.
Your team now has full access to the data on the foreign server. Your defenses did not hold up to the test as originally thought. As you investigate how
the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an
obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time.
Which technology or solution could you deploy to prevent employees from removing corporate data from your network?
A. Rigorous syslog reviews

B. Intrusion Detection Systems (IDS)
C. Security Guards posted outside the Data Center
D. Data Loss Prevention (DLP)
Answer : D
Next Question


Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The
company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked
you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?
A. Payment Card Industry Digital Security Standard (PCI DSS)

B. National Institute of Standards and Technology (NIST) Special Publication 800-53
C. International Organization for Standardization â€" ISO 27001/2
D. British Standard 7799 (BS7799)
Answer : C
Next Question


Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of
the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as
needed. You have thirty days until the briefing.
To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?
A. Business Continuity plan

B. Security roadmap
C. Business Impact Analysis
D. Annual report to shareholders
Answer : C
Next Question


Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security
consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance
the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISOâ€™s approach to security?
A. IT security centric agenda

B. Lack of risk management process
C. Lack of risk management process
D. Compliance centric agenda
Answer : A
Next Question


approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information,
including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application.
All employees have access to the organizational VPN.
Once supervisors and data owners have approved requests, information system administrators will implement:
A. Management control(s)
B. Technical control(s)
C. Operational control(s)
D. Policy controls(s)
Answer : B
Next Question


just a few years. The organization has already been subject to a significant amount of credit card fraud.
Which of the following is the MOST likely reason for this fraud?
A. Lack of compliance to the Payment Card Industry (PCI) standards

B. Ineffective security awareness program
C. Lack of technical controls when dealing with credit card data
D. Security practices not in alignment with ISO 27000 frameworks
Answer : A
Next Question


Scenario: Critical servers show signs of erratic behavior within your organizationâ€™s intranet. Initial information indicates the systems are under
attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine
the details of this incident and take action according to the information available to the team. During initial investigation, the team suspects criminal
activity but cannot initially prove or disprove illegal actions.
What is the MOST critical aspect of the teamâ€™s activities?
A. Regular communication of incident status to executives

B. Preservation of information
C. Eradication of malware and system restoration
D. Determination of the attack source
Answer : B
Next Question


Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion
that the security program only slows things down and limits the performance of the â€œreal workers.â€
Which group of people should be consulted when developing your security program?
A. Peers
B. End Users
C. All of the above
D. Executive Management
Answer : C
Next Question


Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind
schedule and way over budget. Using the best business practices for project management, you determine that the project correctly aligns with the
organization goals.
What should be verified next?
A. Scope
B. Constraints
C. Resources
D. Budget
Answer : A
Next Question


Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind
schedule and way over budget.
Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?
A. Upper management support

B. Involve internal audit
C. More frequent project milestone meetings
D. More training of staff members
Answer : A
Next Question


You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that
most projects are behind schedule and over budget. Using the best business practices for project management you determine that the project correct
aligns with the company goals.
What needs to be verified FIRST?
A. Training of the personnel on the project

B. Timeline of the project milestones
C. Vendor for the project
D. Scope of the project
Answer : D
Next Question


The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind
schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company
goals.
Which of the following needs to be performed NEXT?
A. Verify technical resources

B. Verify capacity constraints
C. Verify the scope of the project
D. Verify the regulatory requirements
Answer : A
Next Question


Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy
mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the___________________________.
A. Most complex standard

B. Recommendations of your Legal Staff
C. Easiest regulation or standard to implement
D. Stricter regulation or standard
Answer : C
Next Question


were identified.
After determining the audit findings are accurate, which of the following is the MOST logical next activity?
A. Validate gaps with the Information Technology team

B. Begin initial gap remediation analyses
C. Review the security organizationâ€™s charter
D. Create a briefing of the findings for executive management
Answer : B
Next Question


mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls.
What is the NEXT step?
A. Create a risk metrics for all unmitigated risks

B. Get approval from the board of directors
C. Verify that the cost of mitigation is less than the risk
D. Screen potential vendor solutions
Answer : C
Next Question


You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that
most projects are behind schedule and over budget. Using the best business practices for project management you determine that the project correctly
aligns with the company goals and the scope of the project is correct.
What is the NEXT step?
A. Verify resources
B. Review time schedules
C. Verify budget
D. Verify constraints
Answer : A
Next Question


the details of this incident and take action according to the information available to the team.
What phase of the response provides measures to reduce the likelihood of an incident from recurring?
A. Recovery
B. Follow-up
C. Response
D. Investigation
Answer : B
Next Question


mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
A. Never
B. Quarterly
C. Annually
D. Semi-annually
Answer : A
Next Question


were identified. The CISO has implemented remediation activities.
Which of the following is the MOST logical next step?
A. Validate the effectiveness of applied controls

B. Report the audit findings and remediation status to business stake holders
C. Validate security program resource requirements
D. Review security procedures to determine if they need modified according to findings
Answer : A
Next Question


the IT security centric agenda. The CISO has been able to implement a number of technical controls and is able to influence the Information
Technology teams but has not been able to influence the rest of the organization.
From an organizational perspective, which of the following is the LIKELY reason for this?
A. The CISO reports to the IT organization

B. The CISO has not implemented a policy management framework
C. The CISO does not report directly to the CEO of the organization
D. The CISO has not implemented a security awareness program
Answer : A
Next Question


Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system
credentials.
What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while
still allowing employees to manage their bank information?
A. Turn off VPN access for users originating from outside the country
B. Force a change of all passwords
C. Enable monitoring on the VPN for suspicious activity
D. Block access to the Employee-Self Service application via VPN
Answer : D
Next Question


scalable as originally thought and will not fit the organizationâ€™s needs. The CISO is unsure of the information provided and orders a vendor proof
of concept to validate the systemâ€™s scalability.
This demonstrates which of the following?
A. A methodology-based approach to ensure authentication mechanism functions

B. An approach providing minimum time impact to the implementation schedules
C. An approach that allows for minimum budget impact if the solution is unsuitable
D. A risk-based approach to determine if the solution is suitable for investment
Answer : D
Next Question


What type of control is being implemented by supervisors and data owners?
A. Management
B. Technical
C. Operational
D. Administrative
Answer : C
Next Question


just a few years. This global retail company is expected to accept credit card payments.
Which of the following is of MOST concern when defining a security program for this organization?
A. Adherence to local data breach notification laws

B. Compliance to Payment Card Industry (PCI) data security standards
C. Compliance with local government privacy laws
D. International encryption restrictions
Answer : B
Next Question


just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?
A. Define formal roles and responsibilities for Information Security

B. Define formal roles and responsibilities for Internal audit functions
C. create an executive security steering committee
D. Contract a third party to perform a security risk assessment
Answer : A
Next Question


the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?
A. Lack of business continuity process

B. Lack of identification of technology stake holders
C. Lack of a security awareness program
D. Lack of influence with leaders outside IT
Answer : D
Next Question


Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all
locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:
A. The number of unique communication links is large

B. The distance to the end node is farthest away
C. The volume of data being transmitted is small
D. The speed of the encryption / deciphering process is essential
Answer : D
Next Question


scalable as originally thought and will not fit the organizationâ€™s needs. The CISO discovers the scalability issue will only impact a small number of
network segments.
What is the next logical step to ensure the proper application of risk management methodology within the two-factor implementation project?
A. Decide to accept the risk on behalf of the impacted business units

B. Create new use cases for operational use of the solution
C. Report the deficiency to the audit team and create process exceptions
D. Determine if sufficient mitigating controls can be applied
Answer : D
Next Question


Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all
locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your employer?
A. Use certificate authority to distribute private keys

B. Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it
C. Use a self-generated key on both ends to eliminate the need for distribution
D. Use asymmetric encryption for the automated distribution of symmetric key
Answer : D
Next Question


the details of this incident and take action according to the information available to the team.
In what phase of the response will the team extract information from the affected systems without altering original data?
A. Follow-up
B. Recovery
C. Response
D. Investigation
Answer : D
Next Question


When creating contractual agreements and procurement processes why should security requirements be included?
A. To make sure the security process aligns with the vendorâ€™s security process
B. To make sure they are added on after the process is completed
C. To make sure the costs of security is included and understood
D. To make sure the patching process is included with the costs
Answer : C
Next Question
CONNECT WITH US
 Facebook
 Twitter
 Youtube
 support@itexams.com
DMCA & LEGAL

ECCouncil 712-50 Free Practice Exam & Test Training - Part 4 PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

ECCouncil 712-50 Free Practice Exam & Test Training - Part 4 PDF

Caricato da

Copyright:

Formati disponibili

9/27/2019 ECCouncil 712-50 Free Practice Exam & Test Training - ITExams.

Exam code or name... 

EC-Council Certified CISO v1.0 (712-50) - Full Access

A. New datacenter to operate from

Question 302 ( Topic 1 )

Question 303 ( Topic 1 )

A. Roles and responsibilities

Question 304 ( Topic 1 )

A. Design your program to meet the strictest government standards

Question 305 ( Topic 1 )

A. Set your firewall permissions aggressively and monitor logs regularly.

Question 306 ( Topic 1 )

A. Create detailed remediation funding and staffing plans

Question 307 ( Topic 1 )

A. Baseline of computer systems

Question 308 ( Topic 1 )

A. Cite corporate policy and insist on compliance with audit findings

Question 309 ( Topic 1 )

A. Inform peer executives of the audit results

Question 310 ( Topic 1 )

A. NIST and Privacy Regulations

Question 311 ( Topic 1 )

Question 312 ( Topic 1 )

A. Consult with other C-Level executives to develop an action plan

Question 313 ( Topic 1 )

A. Multi-factor authentication employing hard tokens

Question 314 ( Topic 1 )

A. Rigorous syslog reviews

Question 315 ( Topic 1 )

A. Payment Card Industry Digital Security Standard (PCI DSS)

Question 316 ( Topic 1 )

A. Business Continuity plan

Question 317 ( Topic 1 )

A. IT security centric agenda

Question 318 ( Topic 1 )

Question 319 ( Topic 1 )

A. Lack of compliance to the Payment Card Industry (PCI) standards

Question 320 ( Topic 1 )

A. Regular communication of incident status to executives

Question 321 ( Topic 1 )

Question 322 ( Topic 1 )

Question 323 ( Topic 1 )

A. Upper management support

Question 324 ( Topic 1 )

A. Training of the personnel on the project

Question 325 ( Topic 1 )

A. Verify technical resources

Question 326 ( Topic 1 )

A. Most complex standard

Question 327 ( Topic 1 )

A. Validate gaps with the Information Technology team

Question 328 ( Topic 1 )

A. Create a risk metrics for all unmitigated risks

Question 329 ( Topic 1 )

Question 330 ( Topic 1 )

Question 331 ( Topic 1 )

Question 332 ( Topic 1 )

A. Validate the effectiveness of applied controls

Question 333 ( Topic 1 )

A. The CISO reports to the IT organization

Question 334 ( Topic 1 )

Question 335 ( Topic 1 )

A. A methodology-based approach to ensure authentication mechanism functions