ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 28

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 271

Report
Export
Collapse

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

A.
The Net Present Value (NPV) of the project is positive
A.
The Net Present Value (NPV) of the project is positive
Answers
B.
The NPV of the project is negative
B.
The NPV of the project is negative
Answers
C.
The Return on Investment (ROI) is larger than 10 months
C.
The Return on Investment (ROI) is larger than 10 months
Answers
D.
The ROI is lower than 10 months
D.
The ROI is lower than 10 months
Answers
Suggested answer: B

Question 272

Report
Export
Collapse

Which of the following is MOST useful when developing a business case for security initiatives?

A.
Budget forecasts
A.
Budget forecasts
Answers
B.
Request for proposals
B.
Request for proposals
Answers
C.
Cost/benefit analysis
C.
Cost/benefit analysis
Answers
D.
Vendor management
D.
Vendor management
Answers
Suggested answer: C

Question 273

Report
Export
Collapse

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

A.
Security Governance
A.
Security Governance
Answers
B.
Compliance management
B.
Compliance management
Answers
C.
Vendor management
C.
Vendor management
Answers
D.
Disaster recovery
D.
Disaster recovery
Answers
Suggested answer: C

Question 274

Report
Export
Collapse

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

A.
Security regulations
A.
Security regulations
Answers
B.
Asset classification
B.
Asset classification
Answers
C.
Information security policy
C.
Information security policy
Answers
D.
Data classification
D.
Data classification
Answers
Suggested answer: C

Question 275

Report
Export
Collapse

The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

A.
Security certification
A.
Security certification
Answers
B.
Security system analysis
B.
Security system analysis
Answers
C.
Security accreditation
C.
Security accreditation
Answers
D.
Alignment with business practices and goals.
D.
Alignment with business practices and goals.
Answers
Suggested answer: A

Question 276

Report
Export
Collapse

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

A.
Security certification
A.
Security certification
Answers
B.
Security system analysis
B.
Security system analysis
Answers
C.
Security accreditation
C.
Security accreditation
Answers
D.
Alignment with business practices and goals.
D.
Alignment with business practices and goals.
Answers
Suggested answer: C

Question 277

Report
Export
Collapse

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

A.
Network based security preventative controls
A.
Network based security preventative controls
Answers
B.
Software segmentation controls
B.
Software segmentation controls
Answers
C.
Network based security detective controls
C.
Network based security detective controls
Answers
D.
User segmentation controls
D.
User segmentation controls
Answers
Suggested answer: A

Question 278

Report
Export
Collapse

File Integrity Monitoring (FIM) is considered a

A.
Network based security preventative control
A.
Network based security preventative control
Answers
B.
Software segmentation control
B.
Software segmentation control
Answers
C.
Security detective control
C.
Security detective control
Answers
D.
User segmentation control
D.
User segmentation control
Answers
Suggested answer: C

Question 279

Report
Export
Collapse

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

A.
Zero-day attack mitigation
A.
Zero-day attack mitigation
Answers
B.
Preventive detection control
B.
Preventive detection control
Answers
C.
Corrective security control
C.
Corrective security control
Answers
D.
Dynamic blocking control
D.
Dynamic blocking control
Answers
Suggested answer: C

Question 280

Report
Export
Collapse

When dealing with risk, the information security practitioner may choose to:

A.
assign
A.
assign
Answers
B.
transfer
B.
transfer
Answers
C.
acknowledge
C.
acknowledge
Answers
D.
defer
D.
defer
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms