ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 29

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 281

Report
Export
Collapse

Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand.

You should:

A.
Create timelines for mitigation
A.
Create timelines for mitigation
Answers
B.
Develop a cost-benefit analysis
B.
Develop a cost-benefit analysis
Answers
C.
Calculate annual loss expectancy
C.
Calculate annual loss expectancy
Answers
D.
Create a detailed technical executive summary
D.
Create a detailed technical executive summary
Answers
Suggested answer: B

Question 282

Report
Export
Collapse

The total cost of security controls should:

A.
Be equal to the value of the information resource being protected
A.
Be equal to the value of the information resource being protected
Answers
B.
Be greater than the value of the information resource being protected
B.
Be greater than the value of the information resource being protected
Answers
C.
Be less than the value of the information resource being protected
C.
Be less than the value of the information resource being protected
Answers
D.
Should not matter, as long as the information resource is protected
D.
Should not matter, as long as the information resource is protected
Answers
Suggested answer: C

Question 283

Report
Export
Collapse

Annual Loss Expectancy is derived from the function of which two factors?

A.
Annual Rate of Occurrence and Asset Value
A.
Annual Rate of Occurrence and Asset Value
Answers
B.
Single Loss Expectancy and Exposure Factor
B.
Single Loss Expectancy and Exposure Factor
Answers
C.
Safeguard Value and Annual Rate of Occurrence
C.
Safeguard Value and Annual Rate of Occurrence
Answers
D.
Annual Rate of Occurrence and Single Loss Expectancy
D.
Annual Rate of Occurrence and Single Loss Expectancy
Answers
Suggested answer: D

Question 284

Report
Export
Collapse

The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

A.
Safeguard Value
A.
Safeguard Value
Answers
B.
Cost Benefit Analysis
B.
Cost Benefit Analysis
Answers
C.
Single Loss Expectancy
C.
Single Loss Expectancy
Answers
D.
Life Cycle Loss Expectancy
D.
Life Cycle Loss Expectancy
Answers
Suggested answer: B

Question 285

Report
Export
Collapse

Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?

A.
Alignment with business goals
A.
Alignment with business goals
Answers
B.
ISO27000 accreditation
B.
ISO27000 accreditation
Answers
C.
PCI attestation of compliance
C.
PCI attestation of compliance
Answers
D.
Financial statements
D.
Financial statements
Answers
Suggested answer: B

Question 286

Report
Export
Collapse

The rate of change in technology increases the importance of:

A.
Outsourcing the IT functions.
A.
Outsourcing the IT functions.
Answers
B.
Understanding user requirements.
B.
Understanding user requirements.
Answers
C.
Hiring personnel with leading edge skills.
C.
Hiring personnel with leading edge skills.
Answers
D.
Implementing and enforcing good processes.
D.
Implementing and enforcing good processes.
Answers
Suggested answer: D

Question 287

Report
Export
Collapse

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

A.
The existing IT environment.
A.
The existing IT environment.
Answers
B.
The company business plan.
B.
The company business plan.
Answers
C.
The present IT budget.
C.
The present IT budget.
Answers
D.
Other corporate technology trends.
D.
Other corporate technology trends.
Answers
Suggested answer: B

Question 288

Report
Export
Collapse

Involvement of senior management is MOST important in the development of:

A.
IT security implementation plans.
A.
IT security implementation plans.
Answers
B.
Standards and guidelines.
B.
Standards and guidelines.
Answers
C.
IT security policies.
C.
IT security policies.
Answers
D.
IT security procedures.
D.
IT security procedures.
Answers
Suggested answer: C

Question 289

Report
Export
Collapse

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

A.
There is integration between IT security and business staffing.
A.
There is integration between IT security and business staffing.
Answers
B.
There is a clear definition of the IT security mission and vision.
B.
There is a clear definition of the IT security mission and vision.
Answers
C.
There is an auditing methodology in place.
C.
There is an auditing methodology in place.
Answers
D.
The plan requires return on investment for all security projects.
D.
The plan requires return on investment for all security projects.
Answers
Suggested answer: B

Question 290

Report
Export
Collapse

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed.

The vendor is refusing to make the changes as they've already completed the project work they were contracted to do. What can John do in this instance?

A.
Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
A.
Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
Answers
B.
Review the Request for Proposal (RFP) for guidance.
B.
Review the Request for Proposal (RFP) for guidance.
Answers
C.
Withhold the vendor's payments until the issue is resolved.
C.
Withhold the vendor's payments until the issue is resolved.
Answers
D.
Refer to the contract agreement for direction.
D.
Refer to the contract agreement for direction.
Answers
Suggested answer: D
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms