ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 31

Report
Export
Collapse

Which of the following intellectual Property components is focused on maintaining brand recognition?

A.
Trademark
A.
Trademark
Answers
B.
Patent
B.
Patent
Answers
C.
Research Logs
C.
Research Logs
Answers
D.
Copyright
D.
Copyright
Answers
Suggested answer: A

Question 32

Report
Export
Collapse

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

A.
Due Protection
A.
Due Protection
Answers
B.
Due Care
B.
Due Care
Answers
C.
Due Compromise
C.
Due Compromise
Answers
D.
Due process
D.
Due process
Answers
Suggested answer: B

Question 33

Report
Export
Collapse

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

A.
How many credit card records are stored?
A.
How many credit card records are stored?
Answers
B.
How many servers do you have?
B.
How many servers do you have?
Answers
C.
What is the scope of the certification?
C.
What is the scope of the certification?
Answers
D.
What is the value of the assets at risk?
D.
What is the value of the assets at risk?
Answers
Suggested answer: C

Question 34

Report
Export
Collapse

What is a difference from the list below between quantitative and qualitative Risk Assessment?

A.
Quantitative risk assessments result in an exact number (in monetary terms)
A.
Quantitative risk assessments result in an exact number (in monetary terms)
Answers
B.
Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
B.
Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
Answers
C.
Qualitative risk assessments map to business objectives
C.
Qualitative risk assessments map to business objectives
Answers
D.
Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
D.
Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
Answers
Suggested answer: A

Question 35

Report
Export
Collapse

What is the definition of Risk in Information Security?

A.
Risk = Probability x Impact
A.
Risk = Probability x Impact
Answers
B.
Risk = Threat x Probability
B.
Risk = Threat x Probability
Answers
C.
Risk = Financial Impact x Probability
C.
Risk = Financial Impact x Probability
Answers
D.
Risk = Impact x Threat
D.
Risk = Impact x Threat
Answers
Suggested answer: A

Question 36

Report
Export
Collapse

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

A.
They are objective and can express risk / cost in real numbers
A.
They are objective and can express risk / cost in real numbers
Answers
B.
They are subjective and can be completed more quickly
B.
They are subjective and can be completed more quickly
Answers
C.
They are objective and express risk / cost in approximates
C.
They are objective and express risk / cost in approximates
Answers
D.
They are subjective and can express risk /cost in real numbers
D.
They are subjective and can express risk /cost in real numbers
Answers
Suggested answer: A

Question 37

Report
Export
Collapse

Which of the following is MOST important when dealing with an Information Security Steering committee:

A.
Include a mix of members from different departments and staff levels.
A.
Include a mix of members from different departments and staff levels.
Answers
B.
Ensure that security policies and procedures have been vetted and approved.
B.
Ensure that security policies and procedures have been vetted and approved.
Answers
C.
Review all past audit and compliance reports.
C.
Review all past audit and compliance reports.
Answers
D.
Be briefed about new trends and products at each meeting by a vendor.
D.
Be briefed about new trends and products at each meeting by a vendor.
Answers
Suggested answer: C

Question 38

Report
Export
Collapse

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

A.
Enforce the existing security standards and do not allow the deployment of the new technology.
A.
Enforce the existing security standards and do not allow the deployment of the new technology.
Answers
B.
Amend the standard to permit the deployment.
B.
Amend the standard to permit the deployment.
Answers
C.
If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
C.
If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
Answers
D.
Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
D.
Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
Answers
Suggested answer: C

Question 39

Report
Export
Collapse

The PRIMARY objective of security awareness is to:

A.
Ensure that security policies are read.
A.
Ensure that security policies are read.
Answers
B.
Encourage security-conscious employee behavior.
B.
Encourage security-conscious employee behavior.
Answers
C.
Meet legal and regulatory requirements.
C.
Meet legal and regulatory requirements.
Answers
D.
Put employees on notice in case follow-up action for noncompliance is necessary
D.
Put employees on notice in case follow-up action for noncompliance is necessary
Answers
Suggested answer: B

Question 40

Report
Export
Collapse

Which of the following is MOST likely to be discretionary?

A.
Policies
A.
Policies
Answers
B.
Procedures
B.
Procedures
Answers
C.
Guidelines
C.
Guidelines
Answers
D.
Standards
D.
Standards
Answers
Suggested answer: C
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms