ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 8

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 71

Report
Export
Collapse

Who is responsible for securing networks during a security incident?

A.
Chief Information Security Officer (CISO)
A.
Chief Information Security Officer (CISO)
Answers
B.
Security Operations Center (SO
B.
Security Operations Center (SO
Answers
C.
Disaster Recovery (DR) manager
C.
Disaster Recovery (DR) manager
Answers
D.
Incident Response Team (IRT)
D.
Incident Response Team (IRT)
Answers
Suggested answer: D

Question 72

Report
Export
Collapse

Which of the following is a critical operational component of an Incident Response Program (IRP)?

A.
Weekly program budget reviews to ensure the percentage of program funding remains constant.
A.
Weekly program budget reviews to ensure the percentage of program funding remains constant.
Answers
B.
Annual review of program charters, policies, procedures and organizational agreements.
B.
Annual review of program charters, policies, procedures and organizational agreements.
Answers
C.
Daily monitoring of vulnerability advisories relating to your organization's deployed technologies.
C.
Daily monitoring of vulnerability advisories relating to your organization's deployed technologies.
Answers
D.
Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization
D.
Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization
Answers
Suggested answer: C

Question 73

Report
Export
Collapse

What is the first thing that needs to be completed in order to create a security program for your organization?

A.
Risk assessment
A.
Risk assessment
Answers
B.
Security program budget
B.
Security program budget
Answers
C.
Business continuity plan
C.
Business continuity plan
Answers
D.
Compliance and regulatory analysis
D.
Compliance and regulatory analysis
Answers
Suggested answer: A

Question 74

Report
Export
Collapse

What is the main purpose of the Incident Response Team?

A.
Ensure efficient recovery and reinstate repaired systems
A.
Ensure efficient recovery and reinstate repaired systems
Answers
B.
Create effective policies detailing program activities
B.
Create effective policies detailing program activities
Answers
C.
Communicate details of information security incidents
C.
Communicate details of information security incidents
Answers
D.
Provide current employee awareness programs
D.
Provide current employee awareness programs
Answers
Suggested answer: A

Question 75

Report
Export
Collapse

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

A.
Threat
A.
Threat
Answers
B.
Vulnerability
B.
Vulnerability
Answers
C.
Attack vector
C.
Attack vector
Answers
D.
Exploitation
D.
Exploitation
Answers
Suggested answer: B

Question 76

Report
Export
Collapse

Within an organization's vulnerability management program, who has the responsibility to implement remediation actions?

A.
Security officer
A.
Security officer
Answers
B.
Data owner
B.
Data owner
Answers
C.
Vulnerability engineer
C.
Vulnerability engineer
Answers
D.
System administrator
D.
System administrator
Answers
Suggested answer: D

Question 77

Report
Export
Collapse

The Information Security Management program MUST protect:

A.
all organizational assets
A.
all organizational assets
Answers
B.
critical business processes and /or revenue streams
B.
critical business processes and /or revenue streams
Answers
C.
intellectual property released into the public domain
C.
intellectual property released into the public domain
Answers
D.
against distributed denial of service attacks
D.
against distributed denial of service attacks
Answers
Suggested answer: B

Question 78

Report
Export
Collapse

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

A.
Technology governance defines technology policies and standards while security governance does not.
A.
Technology governance defines technology policies and standards while security governance does not.
Answers
B.
Security governance defines technology best practices and Information Technology governance does not.
B.
Security governance defines technology best practices and Information Technology governance does not.
Answers
C.
Technology Governance is focused on process risks whereas Security Governance is focused on business risk.
C.
Technology Governance is focused on process risks whereas Security Governance is focused on business risk.
Answers
D.
The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.
D.
The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.
Answers
Suggested answer: D

Question 79

Report
Export
Collapse

The Information Security Governance program MUST:

A.
integrate with other organizational governance processes
A.
integrate with other organizational governance processes
Answers
B.
support user choice for Bring Your Own Device (BYOD)
B.
support user choice for Bring Your Own Device (BYOD)
Answers
C.
integrate with other organizational governance processes
C.
integrate with other organizational governance processes
Answers
D.
show a return on investment for the organization
D.
show a return on investment for the organization
Answers
Suggested answer: A

Question 80

Report
Export
Collapse

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

A.
Scan a representative sample of systems
A.
Scan a representative sample of systems
Answers
B.
Perform the scans only during off-business hours
B.
Perform the scans only during off-business hours
Answers
C.
Decrease the vulnerabilities within the scan tool settings
C.
Decrease the vulnerabilities within the scan tool settings
Answers
D.
Filter the scan output so only pertinent data is analyzed
D.
Filter the scan output so only pertinent data is analyzed
Answers
Suggested answer: A
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms