ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 141

Report
Export
Collapse

An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.

A.
Install software patch, Operate system, Maintain system
A.
Install software patch, Operate system, Maintain system
Answers
B.
Discover software, Remove affected software, Apply software patch
B.
Discover software, Remove affected software, Apply software patch
Answers
C.
Install software patch, configuration adjustment, Software Removal
C.
Install software patch, configuration adjustment, Software Removal
Answers
D.
Software removal, install software patch, maintain system
D.
Software removal, install software patch, maintain system
Answers
Suggested answer: C

Question 142

Report
Export
Collapse

When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

A.
Threat Level, Risk of Compromise, and Consequences of Compromise
A.
Threat Level, Risk of Compromise, and Consequences of Compromise
Answers
B.
Risk Avoidance, Threat Level, and Consequences of Compromise
B.
Risk Avoidance, Threat Level, and Consequences of Compromise
Answers
C.
Risk Transfer, Reputational Impact, and Consequences of Compromise
C.
Risk Transfer, Reputational Impact, and Consequences of Compromise
Answers
D.
Reputational Impact, Financial Impact, and Risk of Compromise
D.
Reputational Impact, Financial Impact, and Risk of Compromise
Answers
Suggested answer: A

Question 143

Report
Export
Collapse

The effectiveness of an audit is measured by?

A.
The number of actionable items in the recommendations
A.
The number of actionable items in the recommendations
Answers
B.
How it exposes the risk tolerance of the company
B.
How it exposes the risk tolerance of the company
Answers
C.
How the recommendations directly support the goals of the company
C.
How the recommendations directly support the goals of the company
Answers
D.
The number of security controls the company has in use
D.
The number of security controls the company has in use
Answers
Suggested answer: C

Question 144

Report
Export
Collapse

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

A.
Have internal audit conduct another audit to see what has changed.
A.
Have internal audit conduct another audit to see what has changed.
Answers
B.
Contract with an external audit company to conduct an unbiased audit
B.
Contract with an external audit company to conduct an unbiased audit
Answers
C.
Review the recommendations and follow up to see if audit implemented the changes
C.
Review the recommendations and follow up to see if audit implemented the changes
Answers
D.
Meet with audit team to determine a timeline for corrections
D.
Meet with audit team to determine a timeline for corrections
Answers
Suggested answer: C

Question 145

Report
Export
Collapse

You have implemented the new controls. What is the next step?

A.
Document the process for the stakeholders
A.
Document the process for the stakeholders
Answers
B.
Monitor the effectiveness of the controls
B.
Monitor the effectiveness of the controls
Answers
C.
Update the audit findings report
C.
Update the audit findings report
Answers
D.
Perform a risk assessment
D.
Perform a risk assessment
Answers
Suggested answer: B

Question 146

Report
Export
Collapse

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the

NEXT step?

A.
Determine the annual loss expectancy (ALE)
A.
Determine the annual loss expectancy (ALE)
Answers
B.
Create a crisis management plan
B.
Create a crisis management plan
Answers
C.
Create technology recovery plans
C.
Create technology recovery plans
Answers
D.
Build a secondary hot site
D.
Build a secondary hot site
Answers
Suggested answer: C

Question 147

Report
Export
Collapse

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

A.
Control Objective for Information Technology (COBIT)
A.
Control Objective for Information Technology (COBIT)
Answers
B.
Committee of Sponsoring Organizations (COSO)
B.
Committee of Sponsoring Organizations (COSO)
Answers
C.
Payment Card Industry (PCI)
C.
Payment Card Industry (PCI)
Answers
D.
Information Technology Infrastructure Library (ITIL)
D.
Information Technology Infrastructure Library (ITIL)
Answers
Suggested answer: A

Question 148

Report
Export
Collapse

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

A.
Plan-Check-Do-Act
A.
Plan-Check-Do-Act
Answers
B.
Plan-Do-Check-Act
B.
Plan-Do-Check-Act
Answers
C.
Plan-Select-Implement-Evaluate
C.
Plan-Select-Implement-Evaluate
Answers
D.
SCORE (Security Consensus Operational Readiness Evaluation)
D.
SCORE (Security Consensus Operational Readiness Evaluation)
Answers
Suggested answer: B

Question 149

Report
Export
Collapse

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

A.
To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.
A.
To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.
Answers
B.
To provide a common basis for developing organizational security standards
B.
To provide a common basis for developing organizational security standards
Answers
C.
To provide effective security management practice and to provide confidence in interorganizational dealings
C.
To provide effective security management practice and to provide confidence in interorganizational dealings
Answers
D.
To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization
D.
To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization
Answers
Suggested answer: D

Question 150

Report
Export
Collapse

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

A.
Senior Executives
A.
Senior Executives
Answers
B.
Office of the Auditor
B.
Office of the Auditor
Answers
C.
Office of the General Counsel
C.
Office of the General Counsel
Answers
D.
All employees and users
D.
All employees and users
Answers
Suggested answer: A
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms