ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 21

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 201

Report
Export
Collapse

Which of the following is considered a project versus a managed process?

A.
monitoring external and internal environment during incident response
A.
monitoring external and internal environment during incident response
Answers
B.
ongoing risk assessments of routine operations
B.
ongoing risk assessments of routine operations
Answers
C.
continuous vulnerability assessment and vulnerability repair
C.
continuous vulnerability assessment and vulnerability repair
Answers
D.
installation of a new firewall system
D.
installation of a new firewall system
Answers
Suggested answer: D

Question 202

Report
Export
Collapse

Which of the following is the BEST indicator of a successful project?

A.
it is completed on time or early as compared to the baseline project plan
A.
it is completed on time or early as compared to the baseline project plan
Answers
B.
it meets most of the specifications as outlined in the approved project definition
B.
it meets most of the specifications as outlined in the approved project definition
Answers
C.
it comes in at or below the expenditures planned for in the baseline budget
C.
it comes in at or below the expenditures planned for in the baseline budget
Answers
D.
the deliverables are accepted by the key stakeholders
D.
the deliverables are accepted by the key stakeholders
Answers
Suggested answer: D

Question 203

Report
Export
Collapse

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

A.
The Security Systems Development Life Cycle
A.
The Security Systems Development Life Cycle
Answers
B.
The Security Project And Management Methodology
B.
The Security Project And Management Methodology
Answers
C.
Project Management System Methodology
C.
Project Management System Methodology
Answers
D.
Project Management Body of Knowledge
D.
Project Management Body of Knowledge
Answers
Suggested answer: D

Question 204

Report
Export
Collapse

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

A.
Scope creep
A.
Scope creep
Answers
B.
Deadline extension
B.
Deadline extension
Answers
C.
Scope modification
C.
Scope modification
Answers
D.
Deliverable expansion
D.
Deliverable expansion
Answers
Suggested answer: A

Question 205

Report
Export
Collapse

Which of the following is considered one of the most frequent failures in project management?

A.
Overly restrictive management
A.
Overly restrictive management
Answers
B.
Excessive personnel on project
B.
Excessive personnel on project
Answers
C.
Failure to meet project deadlines
C.
Failure to meet project deadlines
Answers
D.
Insufficient resources
D.
Insufficient resources
Answers
Suggested answer: C

Question 206

Report
Export
Collapse

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

A.
Vendors uses their own laptop and logins with same admin credentials your security team uses
A.
Vendors uses their own laptop and logins with same admin credentials your security team uses
Answers
B.
Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses
B.
Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses
Answers
C.
Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
C.
Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
Answers
D.
Vendor uses their own laptop and logins using two factor authentication with their own unique credentials
D.
Vendor uses their own laptop and logins using two factor authentication with their own unique credentials
Answers
Suggested answer: C

Question 207

Report
Export
Collapse

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

A.
At the time the security services are being performed and the vendor needs access to the network
A.
At the time the security services are being performed and the vendor needs access to the network
Answers
B.
Once the agreement has been signed and the security vendor states that they will need access to the network
B.
Once the agreement has been signed and the security vendor states that they will need access to the network
Answers
C.
Once the vendor is on premise and before they perform security services
C.
Once the vendor is on premise and before they perform security services
Answers
D.
Prior to signing the agreement and before any security services are being performed
D.
Prior to signing the agreement and before any security services are being performed
Answers
Suggested answer: D

Question 208

Report
Export
Collapse

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

A.
Download open source security tools and deploy them on your production network
A.
Download open source security tools and deploy them on your production network
Answers
B.
Download trial versions of commercially available security tools and deploy on your production network
B.
Download trial versions of commercially available security tools and deploy on your production network
Answers
C.
Download open source security tools from a trusted site, test, and then deploy on production network
C.
Download open source security tools from a trusted site, test, and then deploy on production network
Answers
D.
Download security tools from a trusted source and deploy to production network
D.
Download security tools from a trusted source and deploy to production network
Answers
Suggested answer: C

Question 209

Report
Export
Collapse

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

A.
Work with the IT group and tell them to put IPS in-line and say it won't cause any network impact
A.
Work with the IT group and tell them to put IPS in-line and say it won't cause any network impact
Answers
B.
Explain to the IT group that the IPS won't cause any network impact because it will fail open
B.
Explain to the IT group that the IPS won't cause any network impact because it will fail open
Answers
C.
Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility
C.
Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility
Answers
D.
Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn't block any legitimate traffic
D.
Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn't block any legitimate traffic
Answers
Suggested answer: D

Question 210

Report
Export
Collapse

What oversight should the information security team have in the change management process for application security?

A.
Information security should be informed of changes to applications only
A.
Information security should be informed of changes to applications only
Answers
B.
Development team should tell the information security team about any application security flaws
B.
Development team should tell the information security team about any application security flaws
Answers
C.
Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
C.
Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
Answers
D.
Information security should be aware of all application changes and work with developers before changes are deployed in production
D.
Information security should be aware of all application changes and work with developers before changes are deployed in production
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms