ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 23

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 221

Report
Export
Collapse

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

A.
Security alignment to business goals
A.
Security alignment to business goals
Answers
B.
Regulatory compliance effectiveness
B.
Regulatory compliance effectiveness
Answers
C.
Increased security program presence
C.
Increased security program presence
Answers
D.
Proper organizational policy enforcement
D.
Proper organizational policy enforcement
Answers
Suggested answer: A

Question 222

Report
Export
Collapse

Which of the following is critical in creating a security program aligned with an organization's goals?

A.
Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements
A.
Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements
Answers
B.
Develop a culture in which users, managers and IT professionals all make good decisions about information risk
B.
Develop a culture in which users, managers and IT professionals all make good decisions about information risk
Answers
C.
Provide clear communication of security program support requirements and audit schedules
C.
Provide clear communication of security program support requirements and audit schedules
Answers
D.
Create security awareness programs that include clear definition of security program goals and charters
D.
Create security awareness programs that include clear definition of security program goals and charters
Answers
Suggested answer: B

Question 223

Report
Export
Collapse

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

A.
Alignment with the business
A.
Alignment with the business
Answers
B.
Effective use of existing technologies
B.
Effective use of existing technologies
Answers
C.
Leveraging existing implementations
C.
Leveraging existing implementations
Answers
D.
Proper budget management
D.
Proper budget management
Answers
Suggested answer: A

Question 224

Report
Export
Collapse

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

A.
Alignment with the business
A.
Alignment with the business
Answers
B.
Effective use of existing technologies
B.
Effective use of existing technologies
Answers
C.
Leveraging existing implementations
C.
Leveraging existing implementations
Answers
D.
Proper budget management
D.
Proper budget management
Answers
Suggested answer: A

Question 225

Report
Export
Collapse

Which of the following represents the BEST method of ensuring security program alignment to business needs?

A.
Create a comprehensive security awareness program and provide success metrics to business units
A.
Create a comprehensive security awareness program and provide success metrics to business units
Answers
B.
Create security consortiums, such as strategic security planning groups, that include business unit participation
B.
Create security consortiums, such as strategic security planning groups, that include business unit participation
Answers
C.
Ensure security implementations include business unit testing and functional validation prior to production rollout
C.
Ensure security implementations include business unit testing and functional validation prior to production rollout
Answers
D.
Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role
D.
Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role
Answers
Suggested answer: B

Question 226

Report
Export
Collapse

A newly appointed security officer finds data leakage software licenses that had never been used.

The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

A.
The software license expiration is probably out of synchronization with other software licenses
A.
The software license expiration is probably out of synchronization with other software licenses
Answers
B.
The project was initiated without an effort to get support from impacted business units in the organization
B.
The project was initiated without an effort to get support from impacted business units in the organization
Answers
C.
The software is out of date and does not provide for a scalable solution across the enterprise
C.
The software is out of date and does not provide for a scalable solution across the enterprise
Answers
D.
The security officer should allow time for the organization to get accustomed to her presence before initiating security projects
D.
The security officer should allow time for the organization to get accustomed to her presence before initiating security projects
Answers
Suggested answer: B

Question 227

Report
Export
Collapse

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

A.
Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data
A.
Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data
Answers
B.
Create separate controls for the business units based on the types of business and functions they perform
B.
Create separate controls for the business units based on the types of business and functions they perform
Answers
C.
Ensure business units are involved in the creation of controls and defining conditions under which they must be applied
C.
Ensure business units are involved in the creation of controls and defining conditions under which they must be applied
Answers
D.
Provide the business units with control mandates and schedules of audits for compliance validation
D.
Provide the business units with control mandates and schedules of audits for compliance validation
Answers
Suggested answer: C

Question 228

Report
Export
Collapse

An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

A.
The CISO
A.
The CISO
Answers
B.
Audit and Compliance
B.
Audit and Compliance
Answers
C.
The CFO
C.
The CFO
Answers
D.
The business owner
D.
The business owner
Answers
Suggested answer: D

Question 229

Report
Export
Collapse

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

A.
A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
A.
A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
Answers
B.
A clear set of security policies and procedures that are more concept-based than controls-based
B.
A clear set of security policies and procedures that are more concept-based than controls-based
Answers
C.
A complete inventory of Information Technology assets including infrastructure, networks, applications and data
C.
A complete inventory of Information Technology assets including infrastructure, networks, applications and data
Answers
D.
A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
D.
A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
Answers
Suggested answer: D

Question 230

Report
Export
Collapse

Risk appetite is typically determined by which of the following organizational functions?

A.
Security
A.
Security
Answers
B.
Business units
B.
Business units
Answers
C.
Board of Directors
C.
Board of Directors
Answers
D.
Audit and compliance
D.
Audit and compliance
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms