ExamGecko
Search Search Login
Home Home / ECCouncil / 712-50

ECCouncil 712-50 Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity. The performance quality audit activity is done in what project management process group?
To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation. Which of the following is NOT documented in the SSP?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
When managing the security architecture for your company you must consider:
A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage. What Security Operations Center (SOC) model does this BEST describe?

Question 81

Report
Export
Collapse

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

A.
The asset owner
A.
The asset owner
Answers
B.
The asset manager
B.
The asset manager
Answers
C.
The data custodian
C.
The data custodian
Answers
D.
The project manager
D.
The project manager
Answers
Suggested answer: A

Question 82

Report
Export
Collapse

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

A.
Audit and Legal
A.
Audit and Legal
Answers
B.
Budget and Compliance
B.
Budget and Compliance
Answers
C.
Human Resources and Budget
C.
Human Resources and Budget
Answers
D.
Legal and Human Resources
D.
Legal and Human Resources
Answers
Suggested answer: A

Question 83

Report
Export
Collapse

Risk appetite directly affects what part of a vulnerability management program?

A.
Staff
A.
Staff
Answers
B.
Scope
B.
Scope
Answers
C.
Schedule
C.
Schedule
Answers
D.
Scan tools
D.
Scan tools
Answers
Suggested answer: B

Question 84

Report
Export
Collapse

When choosing a risk mitigation method what is the MOST important factor?

A.
Approval from the board of directors
A.
Approval from the board of directors
Answers
B.
Cost of the mitigation is less than the risk
B.
Cost of the mitigation is less than the risk
Answers
C.
Metrics of mitigation method success
C.
Metrics of mitigation method success
Answers
D.
Mitigation method complies with PCI regulations
D.
Mitigation method complies with PCI regulations
Answers
Suggested answer: B

Question 85

Report
Export
Collapse

Payment Card Industry (PCI) compliance requirements are based on what criteria?

A.
The types of cardholder data retained
A.
The types of cardholder data retained
Answers
B.
The duration card holder data is retained
B.
The duration card holder data is retained
Answers
C.
The size of the organization processing credit card data
C.
The size of the organization processing credit card data
Answers
D.
The number of transactions performed per year by an organization
D.
The number of transactions performed per year by an organization
Answers
Suggested answer: D

Question 86

Report
Export
Collapse

Which of the following provides an audit framework?

A.
Control Objectives for IT (COBIT)
A.
Control Objectives for IT (COBIT)
Answers
B.
Payment Card Industry-Data Security Standard (PCI-DSS)
B.
Payment Card Industry-Data Security Standard (PCI-DSS)
Answers
C.
International Organization Standard (ISO) 27002
C.
International Organization Standard (ISO) 27002
Answers
D.
National Institute of Standards and Technology (NIST) SP 800-30
D.
National Institute of Standards and Technology (NIST) SP 800-30
Answers
Suggested answer: A

Question 87

Report
Export
Collapse

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

A.
Awareness
A.
Awareness
Answers
B.
Compliance
B.
Compliance
Answers
C.
Governance
C.
Governance
Answers
D.
Management
D.
Management
Answers
Suggested answer: C

Question 88

Report
Export
Collapse

Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

A.
Reduction of budget
A.
Reduction of budget
Answers
B.
Decreased security awareness
B.
Decreased security awareness
Answers
C.
Improper use of information resources
C.
Improper use of information resources
Answers
D.
Fines for regulatory non-compliance
D.
Fines for regulatory non-compliance
Answers
Suggested answer: D

Question 89

Report
Export
Collapse

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

A.
Confidentiality, Integrity and Availability
A.
Confidentiality, Integrity and Availability
Answers
B.
Assurance, Compliance and Availability
B.
Assurance, Compliance and Availability
Answers
C.
International Compliance
C.
International Compliance
Answers
D.
Integrity and Availability
D.
Integrity and Availability
Answers
Suggested answer: A

Question 90

Report
Export
Collapse

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

A.
In promiscuous mode and only detect malicious traffic.
A.
In promiscuous mode and only detect malicious traffic.
Answers
B.
In-line and turn on blocking mode to stop malicious traffic.
B.
In-line and turn on blocking mode to stop malicious traffic.
Answers
C.
In promiscuous mode and block malicious traffic.
C.
In promiscuous mode and block malicious traffic.
Answers
D.
In-line and turn on alert mode to stop malicious traffic.
D.
In-line and turn on alert mode to stop malicious traffic.
Answers
Suggested answer: B
Total 460 questions
Go to page: of 46
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms