ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 11

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 101

Report
Export
Collapse

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

A.
Organization control
A.
Organization control
Answers
B.
Procedural control
B.
Procedural control
Answers
C.
Management control
C.
Management control
Answers
D.
Technical control
D.
Technical control
Answers
Suggested answer: D

Question 102

Report
Export
Collapse

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

A.
Procedural control
A.
Procedural control
Answers
B.
Management control
B.
Management control
Answers
C.
Technical control
C.
Technical control
Answers
D.
Administrative control
D.
Administrative control
Answers
Suggested answer: B

Question 103

Report
Export
Collapse

The amount of risk an organization is willing to accept in pursuit of its mission is known as

A.
Risk mitigation
A.
Risk mitigation
Answers
B.
Risk transfer
B.
Risk transfer
Answers
C.
Risk tolerance
C.
Risk tolerance
Answers
D.
Risk acceptance
D.
Risk acceptance
Answers
Suggested answer: C

Question 104

Report
Export
Collapse

Which of the following is a fundamental component of an audit record?

A.
Date and time of the event
A.
Date and time of the event
Answers
B.
Failure of the event
B.
Failure of the event
Answers
C.
Originating IP-Address
C.
Originating IP-Address
Answers
D.
Authentication type
D.
Authentication type
Answers
Suggested answer: A

Question 105

Report
Export
Collapse

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

A.
Lack of notification to the public of disclosure of confidential information.
A.
Lack of notification to the public of disclosure of confidential information.
Answers
B.
Lack of periodic examination of access rights
B.
Lack of periodic examination of access rights
Answers
C.
Failure to notify police of an attempted intrusion
C.
Failure to notify police of an attempted intrusion
Answers
D.
Lack of reporting of a successful denial of service attack on the network.
D.
Lack of reporting of a successful denial of service attack on the network.
Answers
Suggested answer: A

Question 106

Report
Export
Collapse

Which of the following is a benefit of a risk-based approach to audit planning?

A.
Resources are allocated to the areas of the highest concern
A.
Resources are allocated to the areas of the highest concern
Answers
B.
Scheduling may be performed months in advance
B.
Scheduling may be performed months in advance
Answers
C.
Budgets are more likely to be met by the IT audit staff
C.
Budgets are more likely to be met by the IT audit staff
Answers
D.
Staff will be exposed to a variety of technologies
D.
Staff will be exposed to a variety of technologies
Answers
Suggested answer: A

Question 107

Report
Export
Collapse

Dataflow diagrams are used by IT auditors to:

A.
Order data hierarchically.
A.
Order data hierarchically.
Answers
B.
Highlight high-level data definitions.
B.
Highlight high-level data definitions.
Answers
C.
Graphically summarize data paths and storage processes.
C.
Graphically summarize data paths and storage processes.
Answers
D.
Portray step-by-step details of data generation.
D.
Portray step-by-step details of data generation.
Answers
Suggested answer: C

Question 108

Report
Export
Collapse

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

A.
Identify and evaluate the existing controls.
A.
Identify and evaluate the existing controls.
Answers
B.
Disclose the threats and impacts to management.
B.
Disclose the threats and impacts to management.
Answers
C.
Identify information assets and the underlying systems.
C.
Identify information assets and the underlying systems.
Answers
D.
Identify and assess the risk assessment process used by management.
D.
Identify and assess the risk assessment process used by management.
Answers
Suggested answer: A

Question 109

Report
Export
Collapse

Which of the following reports should you as an IT auditor use to check on compliance with a service level agreement's requirement for uptime?

A.
Systems logs
A.
Systems logs
Answers
B.
Hardware error reports
B.
Hardware error reports
Answers
C.
Utilization reports
C.
Utilization reports
Answers
D.
Availability reports
D.
Availability reports
Answers
Suggested answer: D

Question 110

Report
Export
Collapse

IT control objectives are useful to IT auditors as they provide the basis for understanding the:

A.
Desired results or purpose of implementing specific control procedures.
A.
Desired results or purpose of implementing specific control procedures.
Answers
B.
The audit control checklist.
B.
The audit control checklist.
Answers
C.
Techniques for securing information.
C.
Techniques for securing information.
Answers
D.
Security policy
D.
Security policy
Answers
Suggested answer: A
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms