ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 31

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 301

Report
Export
Collapse

When creating contractual agreements and procurement processes why should security requirements be included?

A.
To make sure they are added on after the process is completed
A.
To make sure they are added on after the process is completed
Answers
B.
To make sure the costs of security is included and understood
B.
To make sure the costs of security is included and understood
Answers
C.
To make sure the security process aligns with the vendor's security process
C.
To make sure the security process aligns with the vendor's security process
Answers
D.
To make sure the patching process is included with the costs
D.
To make sure the patching process is included with the costs
Answers
Suggested answer: B

Explanation:

Scenario1

Question 302

Report
Export
Collapse

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

A.
Conduct background checks on individuals before hiring them
A.
Conduct background checks on individuals before hiring them
Answers
B.
Develop an Information Security Awareness program
B.
Develop an Information Security Awareness program
Answers
C.
Monitor employee browsing and surfing habits
C.
Monitor employee browsing and surfing habits
Answers
D.
Set your firewall permissions aggressively and monitor logs regularly.
D.
Set your firewall permissions aggressively and monitor logs regularly.
Answers
Suggested answer: A

Question 303

Report
Export
Collapse

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:

A.
Controlled spear phishing campaigns
A.
Controlled spear phishing campaigns
Answers
B.
Password changes
B.
Password changes
Answers
C.
Baselining of computer systems
C.
Baselining of computer systems
Answers
D.
Scanning for viruses
D.
Scanning for viruses
Answers
Suggested answer: A

Question 304

Report
Export
Collapse

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

What is one proven method to account for common elements found within separate regulations and/or standards?

A.
Hire a GRC expert
A.
Hire a GRC expert
Answers
B.
Use the Find function of your word processor
B.
Use the Find function of your word processor
Answers
C.
Design your program to meet the strictest government standards
C.
Design your program to meet the strictest government standards
Answers
D.
Develop a crosswalk
D.
Develop a crosswalk
Answers
Suggested answer: D

Question 305

Report
Export
Collapse

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

When multiple regulations or standards apply to your industry you should set controls to meet the:

A.
Easiest regulation or standard to implement
A.
Easiest regulation or standard to implement
Answers
B.
Stricter regulation or standard
B.
Stricter regulation or standard
Answers
C.
Most complex standard to implement
C.
Most complex standard to implement
Answers
D.
Recommendations of your Legal Staff
D.
Recommendations of your Legal Staff
Answers
Suggested answer: C

Question 306

Report
Export
Collapse

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Your Corporate Information Security Policy should include which of the following?

A.
Information security theory
A.
Information security theory
Answers
B.
Roles and responsibilities
B.
Roles and responsibilities
Answers
C.
Incident response contacts
C.
Incident response contacts
Answers
D.
Desktop configuration standards
D.
Desktop configuration standards
Answers
Suggested answer: B

Question 307

Report
Export
Collapse

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

A.
National Institute of Standards and Technology (NIST) Special Publication 800-53
A.
National Institute of Standards and Technology (NIST) Special Publication 800-53
Answers
B.
Payment Card Industry Digital Security Standard (PCI DSS)
B.
Payment Card Industry Digital Security Standard (PCI DSS)
Answers
C.
International Organization for Standardization – ISO 27001/2
C.
International Organization for Standardization – ISO 27001/2
Answers
D.
British Standard 7799 (BS7799)
D.
British Standard 7799 (BS7799)
Answers
Suggested answer: C

Explanation:

Scenario2

Question 308

Report
Export
Collapse

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

A.
NIST and Privacy Regulations
A.
NIST and Privacy Regulations
Answers
B.
ISO 27000 and Payment Card Industry Data Security Standards
B.
ISO 27000 and Payment Card Industry Data Security Standards
Answers
C.
NIST and data breach notification laws
C.
NIST and data breach notification laws
Answers
D.
ISO 27000 and Human resources best practices
D.
ISO 27000 and Human resources best practices
Answers
Suggested answer: B

Question 309

Report
Export
Collapse

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

A.
Contract a third party to perform a security risk assessment
A.
Contract a third party to perform a security risk assessment
Answers
B.
Define formal roles and responsibilities for Internal audit functions
B.
Define formal roles and responsibilities for Internal audit functions
Answers
C.
Define formal roles and responsibilities for Information Security
C.
Define formal roles and responsibilities for Information Security
Answers
D.
Create an executive security steering committee
D.
Create an executive security steering committee
Answers
Suggested answer: C

Question 310

Report
Export
Collapse

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

A.
International encryption restrictions
A.
International encryption restrictions
Answers
B.
Compliance to Payment Card Industry (PCI) data security standards
B.
Compliance to Payment Card Industry (PCI) data security standards
Answers
C.
Compliance with local government privacy laws
C.
Compliance with local government privacy laws
Answers
D.
Adherence to local data breach notification laws
D.
Adherence to local data breach notification laws
Answers
Suggested answer: B
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms