ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 111

Report
Export
Collapse

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

A.
Inform senior management of the risk involved.
A.
Inform senior management of the risk involved.
Answers
B.
Agree to work with the security officer on these shifts as a form of preventative control.
B.
Agree to work with the security officer on these shifts as a form of preventative control.
Answers
C.
Develop a computer assisted audit technique to detect instances of abuses of the arrangement.
C.
Develop a computer assisted audit technique to detect instances of abuses of the arrangement.
Answers
D.
Review the system log for each of the late night shifts to determine whether any irregular actions occurred.
D.
Review the system log for each of the late night shifts to determine whether any irregular actions occurred.
Answers
Suggested answer: A

Question 112

Report
Export
Collapse

Which of the following is the MOST important goal of risk management?

A.
Identifying the risk
A.
Identifying the risk
Answers
B.
Finding economic balance between the impact of the risk and the cost of the control
B.
Finding economic balance between the impact of the risk and the cost of the control
Answers
C.
Identifying the victim of any potential exploits.
C.
Identifying the victim of any potential exploits.
Answers
D.
Assessing the impact of potential threats
D.
Assessing the impact of potential threats
Answers
Suggested answer: B

Question 113

Report
Export
Collapse

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

A.
Qualitative analysis
A.
Qualitative analysis
Answers
B.
Quantitative analysis
B.
Quantitative analysis
Answers
C.
Risk mitigation
C.
Risk mitigation
Answers
D.
Estimate activity duration
D.
Estimate activity duration
Answers
Suggested answer: A

Question 114

Report
Export
Collapse

Which of the following activities results in change requests?

A.
Preventive actions
A.
Preventive actions
Answers
B.
Inspection
B.
Inspection
Answers
C.
Defect repair
C.
Defect repair
Answers
D.
Corrective actions
D.
Corrective actions
Answers
Suggested answer: C

Question 115

Report
Export
Collapse

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

A.
Single Loss Expectancy (SLE)
A.
Single Loss Expectancy (SLE)
Answers
B.
Exposure Factor (EF)
B.
Exposure Factor (EF)
Answers
C.
Annualized Rate of Occurrence (ARO)
C.
Annualized Rate of Occurrence (ARO)
Answers
D.
Temporal Probability (TP)
D.
Temporal Probability (TP)
Answers
Suggested answer: C

Question 116

Report
Export
Collapse

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

A.
A substantive test of program library controls
A.
A substantive test of program library controls
Answers
B.
A compliance test of program library controls
B.
A compliance test of program library controls
Answers
C.
A compliance test of the program compiler controls
C.
A compliance test of the program compiler controls
Answers
D.
A substantive test of the program compiler controls
D.
A substantive test of the program compiler controls
Answers
Suggested answer: B

Question 117

Report
Export
Collapse

Creating a secondary authentication process for network access would be an example of?

A.
An administrator with too much time on their hands.
A.
An administrator with too much time on their hands.
Answers
B.
Putting undue time commitment on the system administrator.
B.
Putting undue time commitment on the system administrator.
Answers
C.
Supporting the concept of layered security
C.
Supporting the concept of layered security
Answers
D.
Network segmentation.
D.
Network segmentation.
Answers
Suggested answer: C

Question 118

Report
Export
Collapse

The patching and monitoring of systems on a consistent schedule is required by?

A.
Local privacy laws
A.
Local privacy laws
Answers
B.
Industry best practices
B.
Industry best practices
Answers
C.
Risk Management frameworks
C.
Risk Management frameworks
Answers
D.
Audit best practices
D.
Audit best practices
Answers
Suggested answer: C

Question 119

Report
Export
Collapse

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

A.
Executive summary
A.
Executive summary
Answers
B.
Penetration test agreement
B.
Penetration test agreement
Answers
C.
Names and phone numbers of those who conducted the audit
C.
Names and phone numbers of those who conducted the audit
Answers
D.
Business charter
D.
Business charter
Answers
Suggested answer: A

Question 120

Report
Export
Collapse

As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader.

What should you do?

A.
Nothing, this falls outside your area of influence.
A.
Nothing, this falls outside your area of influence.
Answers
B.
Close and chain the door shut and send a company-wide memo banning the practice.
B.
Close and chain the door shut and send a company-wide memo banning the practice.
Answers
C.
Have a risk assessment performed.
C.
Have a risk assessment performed.
Answers
D.
Post a guard at the door to maintain physical security
D.
Post a guard at the door to maintain physical security
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms