ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 41

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 401

Report
Export
Collapse

APLU Limited has recently suffered a security breach with customers' social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.

Which metric would meet the requirement?

A.
Number of times third parties access critical information systems
A.
Number of times third parties access critical information systems
Answers
B.
Number of systems with known vulnerabilities
B.
Number of systems with known vulnerabilities
Answers
C.
Number of users with elevated privileges
C.
Number of users with elevated privileges
Answers
D.
Number of websites with weak or misconfigured certificates
D.
Number of websites with weak or misconfigured certificates
Answers
Suggested answer: C

Question 402

Report
Export
Collapse

An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.

What is the MOST likely reason why the sensitive data was posted?

A.
The DLP Solution was not integrated with mobile device anti-malware
A.
The DLP Solution was not integrated with mobile device anti-malware
Answers
B.
Data classification was not properly performed on the assets
B.
Data classification was not properly performed on the assets
Answers
C.
The sensitive data was not encrypted while at rest
C.
The sensitive data was not encrypted while at rest
Answers
D.
A risk assessment was not performed after purchasing the DLP solution
D.
A risk assessment was not performed after purchasing the DLP solution
Answers
Suggested answer: D

Question 403

Report
Export
Collapse

The main purpose of the SOC is:

A.
An organization which provides Tier 1 support for technology issues and provides escalation when needed
A.
An organization which provides Tier 1 support for technology issues and provides escalation when needed
Answers
B.
A distributed organization which provides intelligence to governments and private sectors on cyber-criminal activities
B.
A distributed organization which provides intelligence to governments and private sectors on cyber-criminal activities
Answers
C.
The coordination of personnel, processes and technology to identify information security events and provide timely response and remediation
C.
The coordination of personnel, processes and technology to identify information security events and provide timely response and remediation
Answers
D.
A device which consolidates event logs and provides real-time analysis of security alerts generated by applications and network hardware
D.
A device which consolidates event logs and provides real-time analysis of security alerts generated by applications and network hardware
Answers
Suggested answer: C

Explanation:

Reference: https://www.eccouncil.org/what-is-soc/

Question 404

Report
Export
Collapse

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

A.
This makes sure the files you exchange aren't unnecessarily flagged by the Data Loss Prevention (DLP) system
A.
This makes sure the files you exchange aren't unnecessarily flagged by the Data Loss Prevention (DLP) system
Answers
B.
Contracting rules typically require you to have conversations with two or more groups
B.
Contracting rules typically require you to have conversations with two or more groups
Answers
C.
Discussing decisions with a very large group of people always provides a better outcome
C.
Discussing decisions with a very large group of people always provides a better outcome
Answers
D.
It helps to avoid regulatory or internal compliance issues
D.
It helps to avoid regulatory or internal compliance issues
Answers
Suggested answer: D

Explanation:

Reference: https://www.eccouncil.org/wp-content/uploads/2016/07/NICE-2.0-and-EC-Council-Cert-Mapping.pdf

Question 405

Report
Export
Collapse

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

A.
Public cloud
A.
Public cloud
Answers
B.
Private cloud
B.
Private cloud
Answers
C.
Community cloud
C.
Community cloud
Answers
D.
Hybrid cloud
D.
Hybrid cloud
Answers
Suggested answer: D

Explanation:

Reference: https://www.datacenters.com/services/cloudservices#:~:text=Hybrid%20clouds%20combine%20public%20and,flexibility%20and%20more%20deployment%20options

Question 406

Report
Export
Collapse

When reviewing a Solution as a Service (SaaS) provider's security health and posture, which key document should you review?

A.
SaaS provider's website certifications and representations (certs and reps)
A.
SaaS provider's website certifications and representations (certs and reps)
Answers
B.
SOC-2 Report
B.
SOC-2 Report
Answers
C.
Metasploit Audit Report
C.
Metasploit Audit Report
Answers
D.
Statement from SaaS provider attesting their ability to secure your data
D.
Statement from SaaS provider attesting their ability to secure your data
Answers
Suggested answer: B

Explanation:

Reference: https://www.threatstack.com/blog/how-saas-companies-can-build-a-complianceroadmap

Question 407

Report
Export
Collapse

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.

Which is the BEST type of risk that defines this event?

A.
Compliance Risk
A.
Compliance Risk
Answers
B.
Reputation Risk
B.
Reputation Risk
Answers
C.
Operational Risk
C.
Operational Risk
Answers
D.
Strategic Risk
D.
Strategic Risk
Answers
Suggested answer: B

Question 408

Report
Export
Collapse

What is a Statement of Objectives (SOA)?

A.
A section of a contract that defines tasks to be performed under said contract
A.
A section of a contract that defines tasks to be performed under said contract
Answers
B.
An outline of what the military will do during war
B.
An outline of what the military will do during war
Answers
C.
A document that outlines specific desired outcomes as part of a request for proposal
C.
A document that outlines specific desired outcomes as part of a request for proposal
Answers
D.
Business guidance provided by the CEO
D.
Business guidance provided by the CEO
Answers
Suggested answer: A

Question 409

Report
Export
Collapse

During a cyber incident, which non-security personnel might be needed to assist the security team?

A.
Threat analyst, IT auditor, forensic analyst
A.
Threat analyst, IT auditor, forensic analyst
Answers
B.
Network engineer, help desk technician, system administrator
B.
Network engineer, help desk technician, system administrator
Answers
C.
CIO, CFO, CSO
C.
CIO, CFO, CSO
Answers
D.
Financial analyst, payroll clerk, HR manager
D.
Financial analyst, payroll clerk, HR manager
Answers
Suggested answer: A

Question 410

Report
Export
Collapse

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

A.
Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors
A.
Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors
Answers
B.
Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program
B.
Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program
Answers
C.
Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness
C.
Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness
Answers
D.
Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program
D.
Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program
Answers
Suggested answer: C

Explanation:

Reference: https://nanopdf.com/download/information-security-governance-guidance-for-boardsof_pdf (9)

Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms