ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 16

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 151

Report
Export
Collapse

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

A.
Management Control
A.
Management Control
Answers
B.
Technical Control
B.
Technical Control
Answers
C.
Training Control
C.
Training Control
Answers
D.
Operational Control
D.
Operational Control
Answers
Suggested answer: D

Question 152

Report
Export
Collapse

Which of the following illustrates an operational control process:

A.
Classifying an information system as part of a risk assessment
A.
Classifying an information system as part of a risk assessment
Answers
B.
Installing an appropriate fire suppression system in the data center
B.
Installing an appropriate fire suppression system in the data center
Answers
C.
Conducting an audit of the configuration management process
C.
Conducting an audit of the configuration management process
Answers
D.
Establishing procurement standards for cloud vendors
D.
Establishing procurement standards for cloud vendors
Answers
Suggested answer: B

Question 153

Report
Export
Collapse

With respect to the audit management process, management response serves what function?

A.
placing underperforming units on notice for failing to meet standards
A.
placing underperforming units on notice for failing to meet standards
Answers
B.
determining whether or not resources will be allocated to remediate a finding
B.
determining whether or not resources will be allocated to remediate a finding
Answers
C.
adding controls to ensure that proper oversight is achieved by management
C.
adding controls to ensure that proper oversight is achieved by management
Answers
D.
revealing the "root cause" of the process failure and mitigating for all internal and external units
D.
revealing the "root cause" of the process failure and mitigating for all internal and external units
Answers
Suggested answer: B

Question 154

Report
Export
Collapse

Which of the following are primary concerns for management with regard to assessing internal control objectives?

A.
Confidentiality, Availability, Integrity
A.
Confidentiality, Availability, Integrity
Answers
B.
Compliance, Effectiveness, Efficiency
B.
Compliance, Effectiveness, Efficiency
Answers
C.
Communication, Reliability, Cost
C.
Communication, Reliability, Cost
Answers
D.
Confidentiality, Compliance, Cost
D.
Confidentiality, Compliance, Cost
Answers
Suggested answer: B

Question 155

Report
Export
Collapse

Which of the following are necessary to formulate responses to external audit findings?

A.
Internal Audit, Management, and Technical Staff
A.
Internal Audit, Management, and Technical Staff
Answers
B.
Internal Audit, Budget Authority, Management
B.
Internal Audit, Budget Authority, Management
Answers
C.
Technical Staff, Budget Authority, Management
C.
Technical Staff, Budget Authority, Management
Answers
D.
Technical Staff, Internal Audit, Budget Authority
D.
Technical Staff, Internal Audit, Budget Authority
Answers
Suggested answer: C

Question 156

Report
Export
Collapse

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

A.
Number of callers who report security issues.
A.
Number of callers who report security issues.
Answers
B.
Number of callers who report a lack of customer service from the call center
B.
Number of callers who report a lack of customer service from the call center
Answers
C.
Number of successful social engineering attempts on the call center
C.
Number of successful social engineering attempts on the call center
Answers
D.
Number of callers who abandon the call before speaking with a representative
D.
Number of callers who abandon the call before speaking with a representative
Answers
Suggested answer: C

Question 157

Report
Export
Collapse

Creating a secondary authentication process for network access would be an example of?

A.
Nonlinearities in physical security performance metrics
A.
Nonlinearities in physical security performance metrics
Answers
B.
Defense in depth cost enumerated costs
B.
Defense in depth cost enumerated costs
Answers
C.
System hardening and patching requirements
C.
System hardening and patching requirements
Answers
D.
Anti-virus for mobile devices
D.
Anti-virus for mobile devices
Answers
Suggested answer: A

Question 158

Report
Export
Collapse

Which of the following activities is the MAIN purpose of the risk assessment process?

A.
Creating an inventory of information assets
A.
Creating an inventory of information assets
Answers
B.
Classifying and organizing information assets into meaningful groups
B.
Classifying and organizing information assets into meaningful groups
Answers
C.
Assigning value to each information asset
C.
Assigning value to each information asset
Answers
D.
Calculating the risks to which assets are exposed in their current setting
D.
Calculating the risks to which assets are exposed in their current setting
Answers
Suggested answer: D

Question 159

Report
Export
Collapse

Which of the following activities must be completed BEFORE you can calculate risk?

A.
Determining the likelihood that vulnerable systems will be attacked by specific threats
A.
Determining the likelihood that vulnerable systems will be attacked by specific threats
Answers
B.
Calculating the risks to which assets are exposed in their current setting
B.
Calculating the risks to which assets are exposed in their current setting
Answers
C.
Assigning a value to each information asset
C.
Assigning a value to each information asset
Answers
D.
Assessing the relative risk facing the organization's information assets
D.
Assessing the relative risk facing the organization's information assets
Answers
Suggested answer: C

Question 160

Report
Export
Collapse

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

A.
Incident response plan
A.
Incident response plan
Answers
B.
Business Continuity plan
B.
Business Continuity plan
Answers
C.
Disaster recovery plan
C.
Disaster recovery plan
Answers
D.
Damage control plan
D.
Damage control plan
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms