ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 1

Report
Export
Collapse

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

A.
information security metrics.
A.
information security metrics.
Answers
B.
knowledge required to analyze each issue.
B.
knowledge required to analyze each issue.
Answers
C.
baseline against which metrics are evaluated.
C.
baseline against which metrics are evaluated.
Answers
D.
linkage to business area objectives.
D.
linkage to business area objectives.
Answers
Suggested answer: D

Question 2

Report
Export
Collapse

Which of the following most commonly falls within the scope of an information security governance steering committee?

A.
Approving access to critical financial systems
A.
Approving access to critical financial systems
Answers
B.
Developing content for security awareness programs
B.
Developing content for security awareness programs
Answers
C.
Interviewing candidates for information security specialist positions
C.
Interviewing candidates for information security specialist positions
Answers
D.
Vetting information security policies
D.
Vetting information security policies
Answers
Suggested answer: D

Question 3

Report
Export
Collapse

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

A.
Lack of a formal security awareness program
A.
Lack of a formal security awareness program
Answers
B.
Lack of a formal security policy governance process
B.
Lack of a formal security policy governance process
Answers
C.
Lack of formal definition of roles and responsibilities
C.
Lack of formal definition of roles and responsibilities
Answers
D.
Lack of a formal risk management policy
D.
Lack of a formal risk management policy
Answers
Suggested answer: B

Question 4

Report
Export
Collapse

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

A.
Need to comply with breach disclosure laws
A.
Need to comply with breach disclosure laws
Answers
B.
Need to transfer the risk associated with hosting PII data
B.
Need to transfer the risk associated with hosting PII data
Answers
C.
Need to better understand the risk associated with using PII data
C.
Need to better understand the risk associated with using PII data
Answers
D.
Fiduciary responsibility to safeguard credit card information
D.
Fiduciary responsibility to safeguard credit card information
Answers
Suggested answer: C

Question 5

Report
Export
Collapse

Credit card information, medical data, and government records are all examples of:

A.
Confidential/Protected Information
A.
Confidential/Protected Information
Answers
B.
Bodily Information
B.
Bodily Information
Answers
C.
Territorial Information
C.
Territorial Information
Answers
D.
Communications Information
D.
Communications Information
Answers
Suggested answer: A

Question 6

Report
Export
Collapse

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

A.
Contacting the Internet Service Provider for an IP scope
A.
Contacting the Internet Service Provider for an IP scope
Answers
B.
Getting authority to operate the system from executive management
B.
Getting authority to operate the system from executive management
Answers
C.
Changing the default passwords
C.
Changing the default passwords
Answers
D.
Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities
D.
Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities
Answers
Suggested answer: B

Question 7

Report
Export
Collapse

The single most important consideration to make when developing your security program, policies, and processes is:

A.
Budgeting for unforeseen data compromises
A.
Budgeting for unforeseen data compromises
Answers
B.
Streamlining for efficiency
B.
Streamlining for efficiency
Answers
C.
Alignment with the business
C.
Alignment with the business
Answers
D.
Establishing your authority as the Security Executive
D.
Establishing your authority as the Security Executive
Answers
Suggested answer: C

Question 8

Report
Export
Collapse

An organization's Information Security Policy is of MOST importance because

A.
it communicates management's commitment to protecting information resources
A.
it communicates management's commitment to protecting information resources
Answers
B.
it is formally acknowledged by all employees and vendors
B.
it is formally acknowledged by all employees and vendors
Answers
C.
it defines a process to meet compliance requirements
C.
it defines a process to meet compliance requirements
Answers
D.
it establishes a framework to protect confidential information
D.
it establishes a framework to protect confidential information
Answers
Suggested answer: A

Question 9

Report
Export
Collapse

Developing effective security controls is a balance between:

A.
Risk Management and Operations
A.
Risk Management and Operations
Answers
B.
Corporate Culture and Job Expectations
B.
Corporate Culture and Job Expectations
Answers
C.
Operations and Regulations
C.
Operations and Regulations
Answers
D.
Technology and Vendor Management
D.
Technology and Vendor Management
Answers
Suggested answer: A

Question 10

Report
Export
Collapse

The PRIMARY objective for information security program development should be:

A.
Reducing the impact of the risk to the business.
A.
Reducing the impact of the risk to the business.
Answers
B.
Establishing strategic alignment with bunsiness continuity requirements
B.
Establishing strategic alignment with bunsiness continuity requirements
Answers
C.
Establishing incident response programs.
C.
Establishing incident response programs.
Answers
D.
Identifying and implementing the best security solutions.
D.
Identifying and implementing the best security solutions.
Answers
Suggested answer: A
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms