ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 19

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 181

Report
Export
Collapse

Which business stakeholder is accountable for the integrity of a new information system?

A.
CISO
A.
CISO
Answers
B.
Compliance Officer
B.
Compliance Officer
Answers
C.
Project manager
C.
Project manager
Answers
D.
Board of directors
D.
Board of directors
Answers
Suggested answer: A

Question 182

Report
Export
Collapse

As the CISO for your company you are accountable for the protection of information resources commensurate with:

A.
Customer demand
A.
Customer demand
Answers
B.
Cost and time to replace
B.
Cost and time to replace
Answers
C.
Insurability tables
C.
Insurability tables
Answers
D.
Risk of exposure
D.
Risk of exposure
Answers
Suggested answer: D

Question 183

Report
Export
Collapse

A stakeholder is a person or group:

A.
Vested in the success and/or failure of a project or initiative regardless of budget implications.
A.
Vested in the success and/or failure of a project or initiative regardless of budget implications.
Answers
B.
Vested in the success and/or failure of a project or initiative and is tied to the project budget.
B.
Vested in the success and/or failure of a project or initiative and is tied to the project budget.
Answers
C.
That has budget authority.
C.
That has budget authority.
Answers
D.
That will ultimately use the system.
D.
That will ultimately use the system.
Answers
Suggested answer: A

Question 184

Report
Export
Collapse

Your company has a "no right to privacy" notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee's email account. What should you do? (choose the BEST answer):

A.
Grant her access, the employee has been adequately warned through the AUP.
A.
Grant her access, the employee has been adequately warned through the AUP.
Answers
B.
Assist her with the request, but only after her supervisor signs off on the action.
B.
Assist her with the request, but only after her supervisor signs off on the action.
Answers
C.
Reset the employee's password and give it to the supervisor.
C.
Reset the employee's password and give it to the supervisor.
Answers
D.
Deny the request citing national privacy laws.
D.
Deny the request citing national privacy laws.
Answers
Suggested answer: B

Question 185

Report
Export
Collapse

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

A.
low risk-tolerance
A.
low risk-tolerance
Answers
B.
high risk-tolerance
B.
high risk-tolerance
Answers
C.
moderate risk-tolerance
C.
moderate risk-tolerance
Answers
D.
medium-high risk-tolerance
D.
medium-high risk-tolerance
Answers
Suggested answer: A

Question 186

Report
Export
Collapse

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted.

Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

A.
Failed to identify all stakeholders and their needs
A.
Failed to identify all stakeholders and their needs
Answers
B.
Deployed the encryption solution in an inadequate manner
B.
Deployed the encryption solution in an inadequate manner
Answers
C.
Used 1024 bit encryption when 256 bit would have sufficed
C.
Used 1024 bit encryption when 256 bit would have sufficed
Answers
D.
Used hardware encryption instead of software encryption
D.
Used hardware encryption instead of software encryption
Answers
Suggested answer: A

Question 187

Report
Export
Collapse

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

A.
Type of data contained in the process/system
A.
Type of data contained in the process/system
Answers
B.
Type of connection/protocol used to transfer the data
B.
Type of connection/protocol used to transfer the data
Answers
C.
Type of encryption required for the data once it is at rest
C.
Type of encryption required for the data once it is at rest
Answers
D.
Type of computer the data is processed on
D.
Type of computer the data is processed on
Answers
Suggested answer: A

Question 188

Report
Export
Collapse

When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)

A.
The CISO should cut other essential programs to ensure the new solution's continued use
A.
The CISO should cut other essential programs to ensure the new solution's continued use
Answers
B.
Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
B.
Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
Answers
C.
Defer selection until the market improves and cash flow is positive
C.
Defer selection until the market improves and cash flow is positive
Answers
D.
Implement the solution and ask for the increased operating cost budget when it is time
D.
Implement the solution and ask for the increased operating cost budget when it is time
Answers
Suggested answer: B

Question 189

Report
Export
Collapse

Which of the following information may be found in table top exercises for incident response?

A.
Security budget augmentation
A.
Security budget augmentation
Answers
B.
Process improvements
B.
Process improvements
Answers
C.
Real-time to remediate
C.
Real-time to remediate
Answers
D.
Security control selection
D.
Security control selection
Answers
Suggested answer: B

Question 190

Report
Export
Collapse

Your incident response plan should include which of the following?

A.
Procedures for litigation
A.
Procedures for litigation
Answers
B.
Procedures for reclamation
B.
Procedures for reclamation
Answers
C.
Procedures for classification
C.
Procedures for classification
Answers
D.
Procedures for charge-back
D.
Procedures for charge-back
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms