29 January, 2020
Verified EC-Council 712-50 Paper
Proper study guides for Renovate EC-Council EC-Council Certified CISO (CCISO) certified begins with EC-Council 712-50 preparation products which designed to deliver the Accurate 712-50 questions by making you pass the 712-50 test at your first time. Try the free 712-50 demo right now.
Question 1
- (Topic 1)
The PRIMARY objective of security awareness is to:
The PRIMARY objective of security awareness is to:
Question 2
- (Topic 4)
What type of attack requires the least amount of technical equipment and has the highest success rate?
What type of attack requires the least amount of technical equipment and has the highest success rate?
Question 3
- (Topic 3)
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):
Question 4
- (Topic 3)
Which of the following is a major benefit of applying risk levels?
Which of the following is a major benefit of applying risk levels?
Question 5
- (Topic 4)
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
Question 6
- (Topic 3)
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
Question 7
- (Topic 5)
The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:
The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:
Question 8
- (Topic 3)
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?
Question 9
- (Topic 1)
Which of the following should be determined while defining risk management strategies?
Which of the following should be determined while defining risk management strategies?
Question 10
- (Topic 4)
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
Question 11
- (Topic 5)
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
Question 12
- (Topic 2)
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
Question 13
- (Topic 5)
SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
In what phase of the response will the team extract information from the affected systems without altering original data?
SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
In what phase of the response will the team extract information from the affected systems without altering original data?
Question 14
- (Topic 3)
When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?
When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?
Question 15
- (Topic 1)
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
Question 16
- (Topic 2)
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.
Question 17
- (Topic 5)
Annual Loss Expectancy is derived from the function of which two factors?
Annual Loss Expectancy is derived from the function of which two factors?
Question 18
- (Topic 3)
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?
Question 19
- (Topic 1)
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?
Question 20
- (Topic 5)
Human resource planning for security professionals in your organization is a:
Human resource planning for security professionals in your organization is a:
Question 21
- (Topic 3)
When gathering security requirements for an automated business process improvement program, which of the following is MOST important?
When gathering security requirements for an automated business process improvement program, which of the following is MOST important?
Question 22
- (Topic 2)
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
Question 23
- (Topic 5)
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?
Question 24
- (Topic 2)
Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?
Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?
Question 25
- (Topic 3)
The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?
The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?