ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 121

Report
Export
Collapse

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

A.
Detective Controls
A.
Detective Controls
Answers
B.
Proactive Controls
B.
Proactive Controls
Answers
C.
Preemptive Controls
C.
Preemptive Controls
Answers
D.
Organizational Controls
D.
Organizational Controls
Answers
Suggested answer: D

Question 122

Report
Export
Collapse

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team.

This is consider a bad practice MAINLY because

A.
The IT team is not familiar in IT audit practices
A.
The IT team is not familiar in IT audit practices
Answers
B.
This represents a bad implementation of the Least Privilege principle
B.
This represents a bad implementation of the Least Privilege principle
Answers
C.
This represents a conflict of interest
C.
This represents a conflict of interest
Answers
D.
The IT team is not certified to perform audits
D.
The IT team is not certified to perform audits
Answers
Suggested answer: C

Question 123

Report
Export
Collapse

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

A.
Penetration testers
A.
Penetration testers
Answers
B.
External Audit
B.
External Audit
Answers
C.
Internal Audit
C.
Internal Audit
Answers
D.
Forensic experts
D.
Forensic experts
Answers
Suggested answer: B

Question 124

Report
Export
Collapse

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization's IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

A.
Number of change orders rejected
A.
Number of change orders rejected
Answers
B.
Number and length of planned outages
B.
Number and length of planned outages
Answers
C.
Number of unplanned outages
C.
Number of unplanned outages
Answers
D.
Number of change orders processed
D.
Number of change orders processed
Answers
Suggested answer: C

Question 125

Report
Export
Collapse

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

A.
Perform a vulnerability scan of the network
A.
Perform a vulnerability scan of the network
Answers
B.
External penetration testing by a qualified third party
B.
External penetration testing by a qualified third party
Answers
C.
Internal Firewall ruleset reviews
C.
Internal Firewall ruleset reviews
Answers
D.
Implement network intrusion prevention systems
D.
Implement network intrusion prevention systems
Answers
Suggested answer: B

Question 126

Report
Export
Collapse

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

A.
Security Administrators
A.
Security Administrators
Answers
B.
Internal/External Audit
B.
Internal/External Audit
Answers
C.
Risk Management
C.
Risk Management
Answers
D.
Security Operations
D.
Security Operations
Answers
Suggested answer: B

Question 127

Report
Export
Collapse

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

A.
The auditors have not followed proper auditing processes
A.
The auditors have not followed proper auditing processes
Answers
B.
The CIO of the organization disagrees with the finding
B.
The CIO of the organization disagrees with the finding
Answers
C.
The risk tolerance of the organization permits this risk
C.
The risk tolerance of the organization permits this risk
Answers
D.
The organization has purchased cyber insurance
D.
The organization has purchased cyber insurance
Answers
Suggested answer: C

Question 128

Report
Export
Collapse

The remediation of a specific audit finding is deemed too expensive and will not be implemented.

Which of the following is a TRUE statement?

A.
The asset is more expensive than the remediation
A.
The asset is more expensive than the remediation
Answers
B.
The audit finding is incorrect
B.
The audit finding is incorrect
Answers
C.
The asset being protected is less valuable than the remediation costs
C.
The asset being protected is less valuable than the remediation costs
Answers
D.
The remediation costs are irrelevant; it must be implemented regardless of cost.
D.
The remediation costs are irrelevant; it must be implemented regardless of cost.
Answers
Suggested answer: C

Question 129

Report
Export
Collapse

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

A.
Perform an audit to measure the control formally
A.
Perform an audit to measure the control formally
Answers
B.
Escalate the issue to the IT organization
B.
Escalate the issue to the IT organization
Answers
C.
Perform a risk assessment to measure risk
C.
Perform a risk assessment to measure risk
Answers
D.
Establish Key Risk Indicators
D.
Establish Key Risk Indicators
Answers
Suggested answer: C

Question 130

Report
Export
Collapse

The risk found after a control has been fully implemented is called:

A.
Residual Risk
A.
Residual Risk
Answers
B.
Total Risk
B.
Total Risk
Answers
C.
Post implementation risk
C.
Post implementation risk
Answers
D.
Transferred risk
D.
Transferred risk
Answers
Suggested answer: A
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms