ExamGecko
Login
Home / ECCouncil / 712-50 / List of questions
Ask Question

ECCouncil 712-50 Practice Test - Questions Answers, Page 7

Add to Whishlist

List of questions

Question 61

Report Export Collapse

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

Compliance to the Payment Card Industry (PCI) regulations.
Compliance to the Payment Card Industry (PCI) regulations.
Alignment with financial reporting regulations for each country where they operate.
Alignment with financial reporting regulations for each country where they operate.
Alignment with International Organization for Standardization (ISO) standards.
Alignment with International Organization for Standardization (ISO) standards.
Compliance with patient data protection regulations for each country where they operate.
Compliance with patient data protection regulations for each country where they operate.
Suggested answer: D
asked 18/09/2024
Samer Chaar
31 questions

Question 62

Report Export Collapse

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

The organization uses exclusively a quantitative process to measure risk
The organization uses exclusively a quantitative process to measure risk
The organization uses exclusively a qualitative process to measure risk
The organization uses exclusively a qualitative process to measure risk
The organization's risk tolerance is high
The organization's risk tolerance is high
The organization's risk tolerance is lo
The organization's risk tolerance is lo
Suggested answer: C
asked 18/09/2024
Ellee Chen
48 questions

Question 63

Report Export Collapse

The exposure factor of a threat to your organization is defined by?

Asset value times exposure factor
Asset value times exposure factor
Annual rate of occurrence
Annual rate of occurrence
Annual loss expectancy minus current cost of controls
Annual loss expectancy minus current cost of controls
Percentage of loss experienced due to a realized threat event
Percentage of loss experienced due to a realized threat event
Suggested answer: D
asked 18/09/2024
Borja Arranz Palenzuela
47 questions

Question 64

Report Export Collapse

Risk is defined as:

Threat times vulnerability divided by control
Threat times vulnerability divided by control
Advisory plus capability plus vulnerability
Advisory plus capability plus vulnerability
Asset loss times likelihood of event
Asset loss times likelihood of event
Quantitative plus qualitative impact
Quantitative plus qualitative impact
Suggested answer: A
asked 18/09/2024
saharat pinsaran
51 questions

Question 65

Report Export Collapse

What two methods are used to assess risk impact?

Cost and annual rate of expectance
Cost and annual rate of expectance
Subjective and Objective
Subjective and Objective
Qualitative and percent of loss realized
Qualitative and percent of loss realized
Quantitative and qualitative
Quantitative and qualitative
Suggested answer: D
asked 18/09/2024
Gufran Dalwai
52 questions

Question 66

Report Export Collapse

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

Identify threats, risks, impacts and vulnerabilities
Identify threats, risks, impacts and vulnerabilities
Decide how to manage risk
Decide how to manage risk
Define the budget of the Information Security Management System
Define the budget of the Information Security Management System
Define Information Security Policy
Define Information Security Policy
Suggested answer: D
asked 18/09/2024
Barry Higgins
42 questions

Question 67

Report Export Collapse

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

Chief Information Security Officer
Chief Information Security Officer
Chief Executive Officer
Chief Executive Officer
Chief Information Officer
Chief Information Officer
Chief Legal Counsel
Chief Legal Counsel
Suggested answer: B
asked 18/09/2024
bebo here
50 questions

Question 68

Report Export Collapse

The success of the Chief Information Security Officer is MOST dependent upon:

favorable audit findings
favorable audit findings
following the recommendations of consultants and contractors
following the recommendations of consultants and contractors
development of relationships with organization executives
development of relationships with organization executives
raising awareness of security issues with end users
raising awareness of security issues with end users
Suggested answer: C
asked 18/09/2024
Peter Avino
40 questions

Question 69

Report Export Collapse

An organization information security policy serves to

establish budgetary input in order to meet compliance requirements
establish budgetary input in order to meet compliance requirements
establish acceptable systems and user behavior
establish acceptable systems and user behavior
define security configurations for systems
define security configurations for systems
define relationships with external law enforcement agencies
define relationships with external law enforcement agencies
Suggested answer: B
asked 18/09/2024
Siphiwe Soldat
39 questions

Question 70

Report Export Collapse

Information security policies should be reviewed:

by stakeholders at least annually
by stakeholders at least annually
by the CISO when new systems are brought online
by the CISO when new systems are brought online
by the Incident Response team after an audit
by the Incident Response team after an audit
by internal audit semiannually
by internal audit semiannually
Suggested answer: A
asked 18/09/2024
Vanildo Pedro
49 questions
Total 460 questions
Go to page: of 46
Open VPLUS File
Convert VPLUS to PDF

Related questions

To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the
Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18 members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit team, the project manager is convinced to add a quality professional to lead to test team at additional cost to the project. The project manager is aware of the importance of communication for the success of the project and takes the step of introducing additional communication channels, making it more complex, in order to assure quality levels of the project. What will be the first project management document that Smith should change in order to accommodate additional communication channels?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?
The alerting, monitoring, and lifecycle management of security-related events are typically managed by the:
A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO) receives impact data in financial terms to use as input to select the proper level of coverage in a new cybersecurity insurance policy. What is the MOST effective method of risk analysis to provide the CFO with the information required?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?