ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Question 311

Report
Export
Collapse

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

A.
Lack of compliance to the Payment Card Industry (PCI) standards
A.
Lack of compliance to the Payment Card Industry (PCI) standards
Answers
B.
Ineffective security awareness program
B.
Ineffective security awareness program
Answers
C.
Security practices not in alignment with ISO 27000 frameworks
C.
Security practices not in alignment with ISO 27000 frameworks
Answers
D.
Lack of technical controls when dealing with credit card data
D.
Lack of technical controls when dealing with credit card data
Answers
Suggested answer: A

Explanation:

Scenario3

Question 312

Report
Export
Collapse

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

What phase of the response provides measures to reduce the likelihood of an incident from recurring?

A.
Response
A.
Response
Answers
B.
Investigation
B.
Investigation
Answers
C.
Recovery
C.
Recovery
Answers
D.
Follow-up
D.
Follow-up
Answers
Suggested answer: D

Question 313

Report
Export
Collapse

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team's activities?

A.
Regular communication of incident status to executives
A.
Regular communication of incident status to executives
Answers
B.
Eradication of malware and system restoration
B.
Eradication of malware and system restoration
Answers
C.
Determination of the attack source
C.
Determination of the attack source
Answers
D.
Preservation of information
D.
Preservation of information
Answers
Suggested answer: D

Question 314

Report
Export
Collapse

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

A.
Response
A.
Response
Answers
B.
Investigation
B.
Investigation
Answers
C.
Recovery
C.
Recovery
Answers
D.
Follow-up
D.
Follow-up
Answers
Suggested answer: B

Explanation:

Scenario4

Question 315

Report
Export
Collapse

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

A.
Inform peer executives of the audit results
A.
Inform peer executives of the audit results
Answers
B.
Validate gaps and accept or dispute the audit findings
B.
Validate gaps and accept or dispute the audit findings
Answers
C.
Create remediation plans to address program gaps
C.
Create remediation plans to address program gaps
Answers
D.
Determine if security policies and procedures are adequate
D.
Determine if security policies and procedures are adequate
Answers
Suggested answer: B

Question 316

Report
Export
Collapse

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

A.
Begin initial gap remediation analyses
A.
Begin initial gap remediation analyses
Answers
B.
Review the security organization's charter
B.
Review the security organization's charter
Answers
C.
Validate gaps with the Information Technology team
C.
Validate gaps with the Information Technology team
Answers
D.
Create a briefing of the findings for executive management
D.
Create a briefing of the findings for executive management
Answers
Suggested answer: A

Question 317

Report
Export
Collapse

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

A.
Validate the effectiveness of current controls
A.
Validate the effectiveness of current controls
Answers
B.
Create detailed remediation funding and staffing plans
B.
Create detailed remediation funding and staffing plans
Answers
C.
Report the audit findings and remediation status to business stake holders
C.
Report the audit findings and remediation status to business stake holders
Answers
D.
Review security procedures to determine if they need modified according to findings
D.
Review security procedures to determine if they need modified according to findings
Answers
Suggested answer: C

Question 318

Report
Export
Collapse

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

A.
Validate the effectiveness of applied controls
A.
Validate the effectiveness of applied controls
Answers
B.
Validate security program resource requirements
B.
Validate security program resource requirements
Answers
C.
Report the audit findings and remediation status to business stake holders
C.
Report the audit findings and remediation status to business stake holders
Answers
D.
Review security procedures to determine if they need modified according to findings
D.
Review security procedures to determine if they need modified according to findings
Answers
Suggested answer: A

Explanation:

Scenario5

Question 319

Report
Export
Collapse

Scenario: You are the CISO and have just completed your first risk assessment for your organization.

You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

A.
Annually
A.
Annually
Answers
B.
Semi-annually
B.
Semi-annually
Answers
C.
Quarterly
C.
Quarterly
Answers
D.
Never
D.
Never
Answers
Suggested answer: D

Question 320

Report
Export
Collapse

Scenario: You are the CISO and have just completed your first risk assessment for your organization.

You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

A.
Get approval from the board of directors
A.
Get approval from the board of directors
Answers
B.
Screen potential vendor solutions
B.
Screen potential vendor solutions
Answers
C.
Verify that the cost of mitigation is less than the risk
C.
Verify that the cost of mitigation is less than the risk
Answers
D.
Create a risk metrics for all unmitigated risks
D.
Create a risk metrics for all unmitigated risks
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms