30 January, 2020

Verified EC-Council 712-50 Paper

Proper study guides for Renovate EC-Council EC-Council Certified CISO (CCISO) certified begins with EC-Council 712-50 preparation products which designed to deliver the Accurate 712-50 questions by making you pass the 712-50 test at your first time. Try the free 712-50 demo right now.

Page: 1 / 28

Total 343 questions Full Exam Access

Question 1

- (Topic 1)
The PRIMARY objective of security awareness is to:

Ensure that security policies are read.

Encourage security-conscious employee behavior.

Meet legal and regulatory requirements.

Put employees on notice in case follow-up action for noncompliance is necessary

Question 2

- (Topic 4)
What type of attack requires the least amount of technical equipment and has the highest success rate?

War driving

Operating system attacks

Social engineering

Shrink wrap attack

Question 3

- (Topic 3)
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

Failed to identify all stakeholders and their needs

Deployed the encryption solution in an inadequate manner

Used 1024 bit encryption when 256 bit would have sufficed

Used hardware encryption instead of software encryption

Question 4

- (Topic 3)
Which of the following is a major benefit of applying risk levels?

Risk management governance becomes easier since most risks remain low once mitigated

Resources are not wasted on risks that are already managed to an acceptable level

Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

Risk appetite can increase within the organization once the levels are understood

Question 5

- (Topic 4)
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Well established and defined digital forensics process

Establishing Enterprise-owned Botnets for preemptive attacks

Be able to retaliate under the framework of Active Defense

Collaboration with law enforcement

Question 6

- (Topic 3)
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

low risk-tolerance

high risk-tolerance

moderate risk-tolerance

medium-high risk-tolerance

Question 7

- (Topic 5)
The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

Safeguard Value

Cost Benefit Analysis

Single Loss Expectancy

Life Cycle Loss Expectancy

Question 8

- (Topic 3)
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

Tell the team to do their best and respond to each alert

Tune the sensors to help reduce false positives so the team can react better

Request additional resources to handle the workload

Tell the team to only respond to the critical and high alerts

Question 9

- (Topic 1)
Which of the following should be determined while defining risk management strategies?

Organizational objectives and risk tolerance

Risk assessment criteria

IT architecture complexity

Enterprise disaster recovery plans

Question 10

- (Topic 4)
The process for identifying, collecting, and producing digital information in support of legal proceedings is called

chain of custody.

electronic discovery.

evidence tampering.

electronic review.

Question 11

- (Topic 5)
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance

Understand the business and focus your efforts on enabling operations securely

Draw from your experience and recount stories of how other companies have been compromised

Cite corporate policy and insist on compliance with audit findings

Question 12

- (Topic 2)
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

A substantive test of program library controls

A compliance test of program library controls

A compliance test of the program compiler controls

A substantive test of the program compiler controls

Question 13

- (Topic 5)
SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
In what phase of the response will the team extract information from the affected systems without altering original data?

Response

Investigation

Recovery

Follow-up

Question 14

- (Topic 3)
When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

At the time the security services are being performed and the vendor needs access to the network

Once the agreement has been signed and the security vendor states that they will need access to the network

Once the vendor is on premise and before they perform security services

Prior to signing the agreement and before any security services are being performed

Question 15

- (Topic 1)
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Need to comply with breach disclosure laws

Need to transfer the risk associated with hosting PII data

Need to better understand the risk associated with using PII data

Fiduciary responsibility to safeguard credit card information

Question 16

- (Topic 2)
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

ISO 27001

ISO 27002

ISO 27004

ISO 27005

Question 17

- (Topic 5)
Annual Loss Expectancy is derived from the function of which two factors?

Annual Rate of Occurrence and Asset Value

Single Loss Expectancy and Exposure Factor

Safeguard Value and Annual Rate of Occurrence

Annual Rate of Occurrence and Single Loss Expectancy

Question 18

- (Topic 3)
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Upper management support

More frequent project milestone meetings

More training of staff members

Involve internal audit

Question 19

- (Topic 1)
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

Security officer

Data owner

Vulnerability engineer

System administrator

Question 20

- (Topic 5)
Human resource planning for security professionals in your organization is a:

Simple and easy task because the threats are getting easier to find and correct.

Training requirement that is met through once every year user training.

Training requirement that is on-going and always changing.

Not needed because automation and anti-virus software has eliminated the threats.

Question 21

- (Topic 3)
When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

Type of data contained in the process/system

Type of connection/protocol used to transfer the data

Type of encryption required for the data once it is at rest

Type of computer the data is processed on

Question 22

- (Topic 2)
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

ISO 27001

PRINCE2

ISO 27004

ITILv3

Question 23

- (Topic 5)
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

NIST and Privacy Regulations

ISO 27000 and Payment Card Industry Data Security Standards

NIST and data breach notification laws

ISO 27000 and Human resources best practices

Question 24

- (Topic 2)
Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

It allows executives to more effectively monitor IT implementation costs

Implementation of it eases an organization’s auditing and compliance burden

Information Security (IS) procedures often require augmentation with other standards

It provides for a consistent and repeatable staffing model for technology organizations

Question 25

- (Topic 3)
The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

The company lacks a risk management process

The company does not believe the security vulnerabilities to be real

The company has a high risk tolerance

The company lacks the tools to perform a vulnerability assessment

Page: 1 / 28

Total 343 questions Full Exam Access