ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 61

Report
Export
Collapse

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

A.
Compliance to the Payment Card Industry (PCI) regulations.
A.
Compliance to the Payment Card Industry (PCI) regulations.
Answers
B.
Alignment with financial reporting regulations for each country where they operate.
B.
Alignment with financial reporting regulations for each country where they operate.
Answers
C.
Alignment with International Organization for Standardization (ISO) standards.
C.
Alignment with International Organization for Standardization (ISO) standards.
Answers
D.
Compliance with patient data protection regulations for each country where they operate.
D.
Compliance with patient data protection regulations for each country where they operate.
Answers
Suggested answer: D

Question 62

Report
Export
Collapse

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

A.
The organization uses exclusively a quantitative process to measure risk
A.
The organization uses exclusively a quantitative process to measure risk
Answers
B.
The organization uses exclusively a qualitative process to measure risk
B.
The organization uses exclusively a qualitative process to measure risk
Answers
C.
The organization's risk tolerance is high
C.
The organization's risk tolerance is high
Answers
D.
The organization's risk tolerance is lo
D.
The organization's risk tolerance is lo
Answers
Suggested answer: C

Question 63

Report
Export
Collapse

The exposure factor of a threat to your organization is defined by?

A.
Asset value times exposure factor
A.
Asset value times exposure factor
Answers
B.
Annual rate of occurrence
B.
Annual rate of occurrence
Answers
C.
Annual loss expectancy minus current cost of controls
C.
Annual loss expectancy minus current cost of controls
Answers
D.
Percentage of loss experienced due to a realized threat event
D.
Percentage of loss experienced due to a realized threat event
Answers
Suggested answer: D

Question 64

Report
Export
Collapse

Risk is defined as:

A.
Threat times vulnerability divided by control
A.
Threat times vulnerability divided by control
Answers
B.
Advisory plus capability plus vulnerability
B.
Advisory plus capability plus vulnerability
Answers
C.
Asset loss times likelihood of event
C.
Asset loss times likelihood of event
Answers
D.
Quantitative plus qualitative impact
D.
Quantitative plus qualitative impact
Answers
Suggested answer: A

Question 65

Report
Export
Collapse

What two methods are used to assess risk impact?

A.
Cost and annual rate of expectance
A.
Cost and annual rate of expectance
Answers
B.
Subjective and Objective
B.
Subjective and Objective
Answers
C.
Qualitative and percent of loss realized
C.
Qualitative and percent of loss realized
Answers
D.
Quantitative and qualitative
D.
Quantitative and qualitative
Answers
Suggested answer: D

Question 66

Report
Export
Collapse

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

A.
Identify threats, risks, impacts and vulnerabilities
A.
Identify threats, risks, impacts and vulnerabilities
Answers
B.
Decide how to manage risk
B.
Decide how to manage risk
Answers
C.
Define the budget of the Information Security Management System
C.
Define the budget of the Information Security Management System
Answers
D.
Define Information Security Policy
D.
Define Information Security Policy
Answers
Suggested answer: D

Question 67

Report
Export
Collapse

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

A.
Chief Information Security Officer
A.
Chief Information Security Officer
Answers
B.
Chief Executive Officer
B.
Chief Executive Officer
Answers
C.
Chief Information Officer
C.
Chief Information Officer
Answers
D.
Chief Legal Counsel
D.
Chief Legal Counsel
Answers
Suggested answer: B

Question 68

Report
Export
Collapse

The success of the Chief Information Security Officer is MOST dependent upon:

A.
favorable audit findings
A.
favorable audit findings
Answers
B.
following the recommendations of consultants and contractors
B.
following the recommendations of consultants and contractors
Answers
C.
development of relationships with organization executives
C.
development of relationships with organization executives
Answers
D.
raising awareness of security issues with end users
D.
raising awareness of security issues with end users
Answers
Suggested answer: C

Question 69

Report
Export
Collapse

An organization information security policy serves to

A.
establish budgetary input in order to meet compliance requirements
A.
establish budgetary input in order to meet compliance requirements
Answers
B.
establish acceptable systems and user behavior
B.
establish acceptable systems and user behavior
Answers
C.
define security configurations for systems
C.
define security configurations for systems
Answers
D.
define relationships with external law enforcement agencies
D.
define relationships with external law enforcement agencies
Answers
Suggested answer: B

Question 70

Report
Export
Collapse

Information security policies should be reviewed:

A.
by stakeholders at least annually
A.
by stakeholders at least annually
Answers
B.
by the CISO when new systems are brought online
B.
by the CISO when new systems are brought online
Answers
C.
by the Incident Response team after an audit
C.
by the Incident Response team after an audit
Answers
D.
by internal audit semiannually
D.
by internal audit semiannually
Answers
Suggested answer: A
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms