ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 171

Report
Export
Collapse

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

A.
It allows executives to more effectively monitor IT implementation costs
A.
It allows executives to more effectively monitor IT implementation costs
Answers
B.
Implementation of it eases an organization's auditing and compliance burden
B.
Implementation of it eases an organization's auditing and compliance burden
Answers
C.
Information Security (IS) procedures often require augmentation with other standards
C.
Information Security (IS) procedures often require augmentation with other standards
Answers
D.
It provides for a consistent and repeatable staffing model for technology organizations
D.
It provides for a consistent and repeatable staffing model for technology organizations
Answers
Suggested answer: B

Question 172

Report
Export
Collapse

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

A.
Validate that security awareness program content includes information about the potential vulnerability
A.
Validate that security awareness program content includes information about the potential vulnerability
Answers
B.
Conduct a thorough risk assessment against the current implementation to determine system functions
B.
Conduct a thorough risk assessment against the current implementation to determine system functions
Answers
C.
Determine program ownership to implement compensating controls
C.
Determine program ownership to implement compensating controls
Answers
D.
Send a report to executive peers and business unit owners detailing your suspicions
D.
Send a report to executive peers and business unit owners detailing your suspicions
Answers
Suggested answer: B

Explanation:

Topic 3, Management – Projects and Operations (Projects, Technology & Operations)

Question 173

Report
Export
Collapse

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

A.
tell him to shut down the server
A.
tell him to shut down the server
Answers
B.
tell him to call the police
B.
tell him to call the police
Answers
C.
tell him to invoke the incident response process
C.
tell him to invoke the incident response process
Answers
D.
tell him to analyze the problem, preserve the evidence and provide a full analysis and report
D.
tell him to analyze the problem, preserve the evidence and provide a full analysis and report
Answers
Suggested answer: C

Question 174

Report
Export
Collapse

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a

MAJOR constraint for the project?

A.
Time zone differences
A.
Time zone differences
Answers
B.
Compliance to local hiring laws
B.
Compliance to local hiring laws
Answers
C.
Encryption import/export regulations
C.
Encryption import/export regulations
Answers
D.
Local customer privacy laws
D.
Local customer privacy laws
Answers
Suggested answer: C

Question 175

Report
Export
Collapse

A system was hardened at the Operating System level and placed into the production environment.

Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

A.
Lack of asset management processes
A.
Lack of asset management processes
Answers
B.
Lack of change management processes
B.
Lack of change management processes
Answers
C.
Lack of hardening standards
C.
Lack of hardening standards
Answers
D.
Lack of proper access controls
D.
Lack of proper access controls
Answers
Suggested answer: B

Question 176

Report
Export
Collapse

Which of the following are not stakeholders of IT security projects?

A.
Board of directors
A.
Board of directors
Answers
B.
Third party vendors
B.
Third party vendors
Answers
C.
CISO
C.
CISO
Answers
D.
Help Desk
D.
Help Desk
Answers
Suggested answer: B

Question 177

Report
Export
Collapse

The ultimate goal of an IT security projects is:

A.
Increase stock value
A.
Increase stock value
Answers
B.
Complete security
B.
Complete security
Answers
C.
Support business requirements
C.
Support business requirements
Answers
D.
Implement information security policies
D.
Implement information security policies
Answers
Suggested answer: C

Question 178

Report
Export
Collapse

When managing the critical path of an IT security project, which of the following is MOST important?

A.
Knowing who all the stakeholders are.
A.
Knowing who all the stakeholders are.
Answers
B.
Knowing the people on the data center team.
B.
Knowing the people on the data center team.
Answers
C.
Knowing the threats to the organization.
C.
Knowing the threats to the organization.
Answers
D.
Knowing the milestones and timelines of deliverables.
D.
Knowing the milestones and timelines of deliverables.
Answers
Suggested answer: D

Question 179

Report
Export
Collapse

When is an application security development project complete?

A.
When the application is retired.
A.
When the application is retired.
Answers
B.
When the application turned over to production.
B.
When the application turned over to production.
Answers
C.
When the application reaches the maintenance phase.
C.
When the application reaches the maintenance phase.
Answers
D.
After one year.
D.
After one year.
Answers
Suggested answer: A

Question 180

Report
Export
Collapse

When should IT security project management be outsourced?

A.
When organizational resources are limited
A.
When organizational resources are limited
Answers
B.
When the benefits of outsourcing outweigh the inherent risks of outsourcing
B.
When the benefits of outsourcing outweigh the inherent risks of outsourcing
Answers
C.
On new, enterprise-wide security initiatives
C.
On new, enterprise-wide security initiatives
Answers
D.
On projects not forecasted in the yearly budget
D.
On projects not forecasted in the yearly budget
Answers
Suggested answer: B
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms