ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 17

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 161

Report
Export
Collapse

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

A.
ISO 27001
A.
ISO 27001
Answers
B.
ISO 27002
B.
ISO 27002
Answers
C.
ISO 27004
C.
ISO 27004
Answers
D.
ISO 27005
D.
ISO 27005
Answers
Suggested answer: D

Question 162

Report
Export
Collapse

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

A.
International Organization for Standardization 27001
A.
International Organization for Standardization 27001
Answers
B.
National Institute of Standards and Technology Special Publication SP 800-12
B.
National Institute of Standards and Technology Special Publication SP 800-12
Answers
C.
Request For Comment 2196
C.
Request For Comment 2196
Answers
D.
National Institute of Standards and Technology Special Publication SP 800-26
D.
National Institute of Standards and Technology Special Publication SP 800-26
Answers
Suggested answer: A

Question 163

Report
Export
Collapse

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

A.
Use within an organization to formulate security requirements and objectives
A.
Use within an organization to formulate security requirements and objectives
Answers
B.
Implementation of business-enabling information security
B.
Implementation of business-enabling information security
Answers
C.
Use within an organization to ensure compliance with laws and regulations
C.
Use within an organization to ensure compliance with laws and regulations
Answers
D.
To enable organizations that adopt it to obtain certifications
D.
To enable organizations that adopt it to obtain certifications
Answers
Suggested answer: B

Question 164

Report
Export
Collapse

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

A.
assign the responsibility to the information security team.
A.
assign the responsibility to the information security team.
Answers
B.
assign the responsibility to the team responsible for the management of the controls.
B.
assign the responsibility to the team responsible for the management of the controls.
Answers
C.
create operational reports on the effectiveness of the controls.
C.
create operational reports on the effectiveness of the controls.
Answers
D.
perform an independent audit of the security controls.
D.
perform an independent audit of the security controls.
Answers
Suggested answer: D

Question 165

Report
Export
Collapse

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

A.
Risk Management Program.
A.
Risk Management Program.
Answers
B.
Anti-Spam controls.
B.
Anti-Spam controls.
Answers
C.
Security Awareness Program.
C.
Security Awareness Program.
Answers
D.
Identity and Access Management Program.
D.
Identity and Access Management Program.
Answers
Suggested answer: C

Question 166

Report
Export
Collapse

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

A.
Meet regulatory compliance requirements
A.
Meet regulatory compliance requirements
Answers
B.
Better understand the threats and vulnerabilities affecting the environment
B.
Better understand the threats and vulnerabilities affecting the environment
Answers
C.
Better understand strengths and weaknesses of the program
C.
Better understand strengths and weaknesses of the program
Answers
D.
Meet legal requirements
D.
Meet legal requirements
Answers
Suggested answer: C

Question 167

Report
Export
Collapse

The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?

A.
Risk metrics
A.
Risk metrics
Answers
B.
Management metrics
B.
Management metrics
Answers
C.
Operational metrics
C.
Operational metrics
Answers
D.
Compliance metrics
D.
Compliance metrics
Answers
Suggested answer: C

Question 168

Report
Export
Collapse

When you develop your audit remediation plan what is the MOST important criteria?

A.
To remediate half of the findings before the next audit.
A.
To remediate half of the findings before the next audit.
Answers
B.
To remediate all of the findings before the next audit.
B.
To remediate all of the findings before the next audit.
Answers
C.
To validate that the cost of the remediation is less than the risk of the finding.
C.
To validate that the cost of the remediation is less than the risk of the finding.
Answers
D.
To validate the remediation process with the auditor.
D.
To validate the remediation process with the auditor.
Answers
Suggested answer: C

Question 169

Report
Export
Collapse

Control Objectives for Information and Related Technology (COBIT) is which of the following?

A.
An Information Security audit standard
A.
An Information Security audit standard
Answers
B.
An audit guideline for certifying secure systems and controls
B.
An audit guideline for certifying secure systems and controls
Answers
C.
A framework for Information Technology management and governance
C.
A framework for Information Technology management and governance
Answers
D.
A set of international regulations for Information Technology governance
D.
A set of international regulations for Information Technology governance
Answers
Suggested answer: C

Question 170

Report
Export
Collapse

A Chief Information Security Officer received a list of high, medium, and low impact audit findings.

Which of the following represents the BEST course of action?

A.
If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
A.
If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
Answers
B.
If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.
B.
If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.
Answers
C.
If the findings impact regulatory compliance, remediate the high findings as quickly as possible.
C.
If the findings impact regulatory compliance, remediate the high findings as quickly as possible.
Answers
D.
If the findings do not impact regulatory compliance, review current security controls.
D.
If the findings do not impact regulatory compliance, review current security controls.
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms