Last Updated on July 23, 2021 by Admin 2

712-50 : EC-Council Certified CISO : Part 06

  1. Which of the following activities results in change requests?

    • Corrective actions
    • Defect repair
    • Preventive actions
    • Inspection
  2. What is the MAIN reason for conflicts between Information Technology and Information Security programs?

    • The effective implementation of security controls can be viewed as an inhibitor to rapid Information technology implementations.
    • Technology Governance is focused on process risks whereas Security Governance is focused on business risk.
    • Technology governance defines technology policies and standards while security governance does not.
    • Security governance defines technology best practices and Information Technology governance does not.
  3. Which of the following is the MOST important for a CISO to understand when identifying threats?

    • How the security operations team will behave to reported incidents
    • How vulnerabilities can potentially be exploited in systems that impact the organization
    • How the firewall and other security devices are configured to prevent attacks
    • How the incident management team prepares to handle an attack
  4. Who is responsible for securing networks during a security incident?

    • Security Operations Center (SOC)
    • Chief Information Security Officer (CISO)
    • Disaster Recovery (DR) manager
    • Incident response Team (IRT)
  5. What is the BEST way to achieve on-going compliance monitoring in an organization?

    • Outsource compliance to a 3rd party vendor and let them manage the program.
    • Have Compliance Direct Information Security to fix issues after the auditor’s report.
    • Only check compliance right before the auditors are scheduled to arrive onsite.
    • Have Compliance and Information Security partner to correct issues as they arise.
  6. The success of the Chief Information Security Officer is MOST dependent upon:

    • following the recommendations of consultants and contractors
    • raising awareness of security issues with end users
    • favorable audit findings
    • development of relationships with organization executives
  7. During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

    • Identify and assess the risk assessment process used by management.
    • Identify and evaluate existing controls.
    • Identify information assets and the underlying systems.
    • Disclose the threats and impacts to management.
  8. Which of the following is a fundamental component of an audit record?

    • Originating IP-Address
    • Date and time of the event
    • Failure of the event
    • Authentication type
  9. What is the main purpose of the Incident Response Team?

    • Communicate details of information security incidents
    • Create effective policies detailing program activities
    • Ensure efficient recovery and reinstate repaired systems
    • Provide effective employee awareness programs
  10. Risk appetite directly affects what part of a vulnerability management program?

    • Scope
    • Schedule
    • Staff
    • Scan tools
  11. Creating a secondary authentication process for network access would be an example of?

    • An administrator with too much time on their hands
    • Supporting the concept of layered security
    • Network segmentation
    • Putting undue time commitment on the system administrator
  12. According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

    • Decide how to manage risk
    • Define Information Security Policy
    • Identify threats, risks, impacts and vulnerabilities
    • Define the budget of the Information Security Management System
  13. Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

    • Human Resources and Budget
    • Audit and Legal
    • Budget and Compliance
    • Legal and Human Resources
  14. The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

    • Technical control
    • Management control
    • Procedural control
    • Organization control
  15. Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

    • Temporal Probability (TP)
    • Annualized Rate of Occurrence (ARO)
    • Single Loss Expectancy (SLE)
    • Exposure Factor (EF)
  16. A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure.

    What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

    • Decrease the vulnerabilities within the scan tool settings
    • Scan a representative sample of systems
    • Filter the scan output so only pertinent data is analyzed
    • Perform the scans only during off-business hours
  17. What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

    • Conduct a Disaster Recovery (DR) exercise every year to test the plan
    • Conduct periodic tabletop exercises to refine the BC plan
    • Test every three years to ensure that the BC plan is valid
    • Define the Recovery Point Objective (RPO)
  18. According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

    • Susceptibility to attack, expected duration of attack, and mitigation availability
    • Attack vectors, controls cost, and investigation staffing needs
    • Susceptibility to attack, mitigation response time, and cost
    • Vulnerability exploitation, attack recovery, and mean time to repair
  19. When deploying an Intrusion Prevention System (IPS), the BEST way to get maximum protection from the system is to deploy it___________

    • In-line and turn on alert mode to stop malicious traffic.
    • In promiscuous mode and block malicious traffic.
    • In promiscuous mode and only detect malicious traffic.
    • In-line and turn on blocking mode to stop malicious traffic in-line.
  20. Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

    • Vulnerability
    • Threat
    • Exploitation
    • Attack vector