ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 191

Report
Export
Collapse

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll.

Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

A.
Deploy a SEIM solution and have current staff review incidents first thing in the morning
A.
Deploy a SEIM solution and have current staff review incidents first thing in the morning
Answers
B.
Contract with a managed security provider and have current staff on recall for incident response
B.
Contract with a managed security provider and have current staff on recall for incident response
Answers
C.
Configure your syslog to send SMS messages to current staff when target events are triggered
C.
Configure your syslog to send SMS messages to current staff when target events are triggered
Answers
D.
Employ an assumption of breach protocol and defend only essential information resources
D.
Employ an assumption of breach protocol and defend only essential information resources
Answers
Suggested answer: B

Question 192

Report
Export
Collapse

To get an Information Security project back on schedule, which of the following will provide the MOST help?

A.
Upper management support
A.
Upper management support
Answers
B.
More frequent project milestone meetings
B.
More frequent project milestone meetings
Answers
C.
Stakeholder support
C.
Stakeholder support
Answers
D.
Extend work hours
D.
Extend work hours
Answers
Suggested answer: A

Question 193

Report
Export
Collapse

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

A.
Quarterly
A.
Quarterly
Answers
B.
Semi-annually
B.
Semi-annually
Answers
C.
Bi-annually
C.
Bi-annually
Answers
D.
Annually
D.
Annually
Answers
Suggested answer: D

Question 194

Report
Export
Collapse

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

A.
User awareness training for all employees
A.
User awareness training for all employees
Answers
B.
Installation of new firewalls and intrusion detection systems
B.
Installation of new firewalls and intrusion detection systems
Answers
C.
Launch an internal awareness campaign
C.
Launch an internal awareness campaign
Answers
D.
Integrate security requirements into project inception
D.
Integrate security requirements into project inception
Answers
Suggested answer: D

Question 195

Report
Export
Collapse

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

A.
Ineffective configuration management controls
A.
Ineffective configuration management controls
Answers
B.
Lack of change management controls
B.
Lack of change management controls
Answers
C.
Lack of version/source controls
C.
Lack of version/source controls
Answers
D.
High turnover in the application development department
D.
High turnover in the application development department
Answers
Suggested answer: C

Question 196

Report
Export
Collapse

Which of the following is the MOST important component of any change management process?

A.
Scheduling
A.
Scheduling
Answers
B.
Back-out procedures
B.
Back-out procedures
Answers
C.
Outage planning
C.
Outage planning
Answers
D.
Management approval
D.
Management approval
Answers
Suggested answer: D

Question 197

Report
Export
Collapse

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

A.
Terms and Conditions
A.
Terms and Conditions
Answers
B.
Service Level Agreements (SLA)
B.
Service Level Agreements (SLA)
Answers
C.
Statement of Work
C.
Statement of Work
Answers
D.
Key Performance Indicators (KPI)
D.
Key Performance Indicators (KPI)
Answers
Suggested answer: B

Question 198

Report
Export
Collapse

The company decides to release the application without remediating the high-risk vulnerabilities.

Which of the following is the MOST likely reason for the company to release the application?

A.
The company lacks a risk management process
A.
The company lacks a risk management process
Answers
B.
The company does not believe the security vulnerabilities to be real
B.
The company does not believe the security vulnerabilities to be real
Answers
C.
The company has a high risk tolerance
C.
The company has a high risk tolerance
Answers
D.
The company lacks the tools to perform a vulnerability assessment
D.
The company lacks the tools to perform a vulnerability assessment
Answers
Suggested answer: C

Question 199

Report
Export
Collapse

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?

A.
Provide developer security training
A.
Provide developer security training
Answers
B.
Deploy Intrusion Detection Systems
B.
Deploy Intrusion Detection Systems
Answers
C.
Provide security testing tools
C.
Provide security testing tools
Answers
D.
Implement Compensating Controls
D.
Implement Compensating Controls
Answers
Suggested answer: D

Question 200

Report
Export
Collapse

Which of the following can the company implement in order to avoid this type of security issue in the future?

A.
Network based intrusion detection systems
A.
Network based intrusion detection systems
Answers
B.
A security training program for developers
B.
A security training program for developers
Answers
C.
A risk management process
C.
A risk management process
Answers
D.
A audit management process
D.
A audit management process
Answers
Suggested answer: B
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms