CertsTopics Logo

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium ECCouncil 712-50 Dumps Questions Answers

Page: 1 / 35
Total 460 questions
Get 712-50 Full Access Download 712-50 PDF

EC-Council Certified CISO (CCISO) Questions and Answers

Question 1

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

Options:

A.

Controlled mitigation effort

B.

Risk impact comparison

C.

Relative likelihood of event

D.

Comparative threat analysis

Buy Now
Question 2

Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:

Options:

A.

Risk management

B.

Security management

C.

Mitigation management

D.

Compliance management

Question 3

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

Options:

A.

Awareness

B.

Compliance

C.

Governance

D.

Management

Question 4

Who is responsible for securing networks during a security incident?

Options:

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Question 5

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Options:

A.

Need to comply with breach disclosure laws

B.

Need to transfer the risk associated with hosting PII data

C.

Need to better understand the risk associated with using PII data

D.

Fiduciary responsibility to safeguard credit card information

Question 6

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

Options:

A.

The organization uses exclusively a quantitative process to measure risk

B.

The organization uses exclusively a qualitative process to measure risk

C.

The organization’s risk tolerance is high

D.

The organization’s risk tolerance is lo

Question 7

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

Options:

A.

Data breach disclosure

B.

Consumer right disclosure

C.

Security incident disclosure

D.

Special circumstance disclosure

Question 8

Risk that remains after risk mitigation is known as

Options:

A.

Persistent risk

B.

Residual risk

C.

Accepted risk

D.

Non-tolerated risk

Question 9

What is a difference from the list below between quantitative and qualitative Risk Assessment?

Options:

A.

Quantitative risk assessments result in an exact number (in monetary terms)

B.

Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

C.

Qualitative risk assessments map to business objectives

D.

Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Question 10

Which of the following is a critical operational component of an Incident Response Program (IRP)?

Options:

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Question 11

An organization's Information Security Policy is of MOST importance because

Options:

A.

it communicates management’s commitment to protecting information resources

B.

it is formally acknowledged by all employees and vendors

C.

it defines a process to meet compliance requirements

D.

it establishes a framework to protect confidential information

Question 12

Which of the following is MOST likely to be discretionary?

Options:

A.

Policies

B.

Procedures

C.

Guidelines

D.

Standards

Question 13

From an information security perspective, information that no longer supports the main purpose of the business should be:

Options:

A.

assessed by a business impact analysis.

B.

protected under the information classification policy.

C.

analyzed under the data ownership policy.

D.

analyzed under the retention policy

Question 14

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

Options:

A.

Due Protection

B.

Due Care

C.

Due Compromise

D.

Due process

Question 15

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

Options:

A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

Question 16

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Options:

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Question 17

Which of the following is MOST important when dealing with an Information Security Steering committee:

Options:

A.

Include a mix of members from different departments and staff levels.

B.

Ensure that security policies and procedures have been vetted and approved.

C.

Review all past audit and compliance reports.

D.

Be briefed about new trends and products at each meeting by a vendor.

Question 18

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization’s products and services?

Options:

A.

Strong authentication technologies

B.

Financial reporting regulations

C.

Credit card compliance and regulations

D.

Local privacy laws

Question 19

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

Options:

A.

Poses a strong technical background

B.

Understand all regulations affecting the organization

C.

Understand the business goals of the organization

D.

Poses a strong auditing background

Question 20

The exposure factor of a threat to your organization is defined by?

Options:

A.

Asset value times exposure factor

B.

Annual rate of occurrence

C.

Annual loss expectancy minus current cost of controls

D.

Percentage of loss experienced due to a realized threat event

Question 21

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

Options:

A.

An independent Governance, Risk and Compliance organization

B.

Alignment of security goals with business goals

C.

Compliance with local privacy regulations

D.

Support from Legal and HR teams

Question 22

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

Options:

A.

International Organization for Standardizations – 27004 (ISO-27004)

B.

Payment Card Industry Data Security Standards (PCI-DSS)

C.

Control Objectives for Information Technology (COBIT)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Question 23

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

Options:

A.

Confidentiality, Integrity and Availability

B.

Assurance, Compliance and Availability

C.

International Compliance

D.

Integrity and Availability

Question 24

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

Options:

A.

Professional user education on phishing conducted by a reputable vendor

B.

Multi-factor authentication employing hard tokens

C.

Forcing password changes every 90 days

D.

Decreasing the number of employees with administrator privileges

Question 25

Which type of scan is used on the eye to measure the layer of blood vessels?

Options:

A.

Facial recognition scan

B.

Iris scan

C.

Signature kinetics scan

D.

Retinal scan

Question 26

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Options:

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

Question 27

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

Options:

A.

Contract a third party to perform a security risk assessment

B.

Define formal roles and responsibilities for Internal audit functions

C.

Define formal roles and responsibilities for Information Security

D.

Create an executive security steering committee

Question 28

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?

Options:

A.

Scope

B.

Budget

C.

Resources

D.

Constraints

Question 29

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

Which group of people should be consulted when developing your security program?

Options:

A.

Peers

B.

End Users

C.

Executive Management

D.

All of the above

Question 30

Which of the following best describes an access control process that confirms the identity of the entity seeking

access to a logical or physical area?

Options:

A.

Identification

B.

Authorization

C.

Authentication

D.

Accountability

Question 31

Which of the following defines the boundaries and scope of a risk assessment?

Options:

A.

The risk assessment schedule

B.

The risk assessment framework

C.

The risk assessment charter

D.

The assessment context

Question 32

When analyzing and forecasting a capital expense budget what are not included?

Options:

A.

Network connectivity costs

B.

New datacenter to operate from

C.

Upgrade of mainframe

D.

Purchase of new mobile devices to improve operations

Question 33

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.

Which of the following needs to be performed NEXT?

Options:

A.

Verify the scope of the project

B.

Verify the regulatory requirements

C.

Verify technical resources

D.

Verify capacity constraints

Question 34

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When formulating the remediation plan, what is a required input?

Options:

A.

Board of directors

B.

Risk assessment

C.

Patching history

D.

Latest virus definitions file

Question 35

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

Options:

A.

Security Governance

B.

Compliance management

C.

Vendor management

D.

Disaster recovery

Question 36

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

Options:

A.

Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance

B.

Understand the business and focus your efforts on enabling operations securely

C.

Draw from your experience and recount stories of how other companies have been compromised

D.

Cite corporate policy and insist on compliance with audit findings

Question 37

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

Options:

A.

Internal Audit

B.

Corporate governance

C.

Risk Oversight

D.

Key Performance Indicators

Question 38

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Options:

A.

The Net Present Value (NPV) of the project is positive

B.

The NPV of the project is negative

C.

The Return on Investment (ROI) is larger than 10 months

D.

The ROI is lower than 10 months

Question 39

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

What is one proven method to account for common elements found within separate regulations and/or standards?

Options:

A.

Hire a GRC expert

B.

Use the Find function of your word processor

C.

Design your program to meet the strictest government standards

D.

Develop a crosswalk

Question 40

Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?

Options:

A.

Segmentation controls.

B.

Shadow applications.

C.

Deception technology.

D.

Vulnerability management.

Question 41

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

Options:

A.

Lack of risk management process

B.

Lack of sponsorship from executive management

C.

IT security centric agenda

D.

Compliance centric agenda

Question 42

Which of the following is the MOST logical method of deploying security controls within an organization?

Options:

A.

Obtain funding for all desired controls and then create project plans for implementation

B.

Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult and

costly controls

C.

Apply the least costly controls to demonstrate positive program activity

D.

Obtain business unit buy-in through close communication and coordination

Question 43

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?

Options:

A.

Review time schedules

B.

Verify budget

C.

Verify resources

D.

Verify constraints

Question 44

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

Options:

A.

International encryption restrictions

B.

Compliance to Payment Card Industry (PCI) data security standards

C.

Compliance with local government privacy laws

D.

Adherence to local data breach notification laws

Question 45

Where does bottom-up financial planning primarily gain information for creating budgets?

Options:

A.

By adding all capital and operational costs from the prior budgetary cycle, and determining potential

financial shortages

B.

By reviewing last year’s program-level costs and adding a percentage of expected additional portfolio costs

C.

By adding the cost of all known individual tasks and projects that are planned for the next budgetary cycle

D.

By adding all planned operational expenses per quarter then summarizing them in a budget request

Question 46

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

Options:

A.

Annually

B.

Semi-annually

C.

Quarterly

D.

Never

Question 47

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

Options:

A.

assign the responsibility to the information security team.

B.

assign the responsibility to the team responsible for the management of the controls.

C.

create operational reports on the effectiveness of the controls.

D.

perform an independent audit of the security controls.

Question 48

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

Options:

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

Question 49

How often should an environment be monitored for cyber threats, risks, and exposures?

Options:

A.

Weekly

B.

Monthly

C.

Quarterly

D.

Daily

Question 50

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

Options:

A.

Inform senior management of the risk involved.

B.

Agree to work with the security officer on these shifts as a form of preventative control.

C.

Develop a computer assisted audit technique to detect instances of abuses of the arrangement.

D.

Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Question 51

Which of the following activities results in change requests?

Options:

A.

Preventive actions

B.

Inspection

C.

Defect repair

D.

Corrective actions

Question 52

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

Options:

A.

Incident response plan

B.

Business Continuity plan

C.

Disaster recovery plan

D.

Damage control plan

Question 53

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

Options:

A.

Security Administrators

B.

Internal/External Audit

C.

Risk Management

D.

Security Operations

Question 54

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

Options:

A.

Servers, routers, switches, modem

B.

Firewall, exchange, web server, intrusion detection system (IDS)

C.

Firewall, anti-virus console, IDS, syslog

D.

IDS, syslog, router, switches

Question 55

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

Options:

A.

Internal Audit

B.

Database Administration

C.

Information Security

D.

Compliance

Question 56

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

Options:

A.

Executive summary

B.

Penetration test agreement

C.

Names and phone numbers of those who conducted the audit

D.

Business charter

Question 57

An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.

Options:

A.

Install software patch, Operate system, Maintain system

B.

Discover software, Remove affected software, Apply software patch

C.

Install software patch, configuration adjustment, Software Removal

D.

Software removal, install software patch, maintain system

Question 58

When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

Options:

A.

Threat Level, Risk of Compromise, and Consequences of Compromise

B.

Risk Avoidance, Threat Level, and Consequences of Compromise

C.

Risk Transfer, Reputational Impact, and Consequences of Compromise

D.

Reputational Impact, Financial Impact, and Risk of Compromise

Question 59

Which of the following are primary concerns for management with regard to assessing internal control objectives?

Options:

A.

Confidentiality, Availability, Integrity

B.

Compliance, Effectiveness, Efficiency

C.

Communication, Reliability, Cost

D.

Confidentiality, Compliance, Cost

Question 60

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

Options:

A.

Single loss expectancy multiplied by the annual rate of occurrence

B.

Total loss expectancy multiplied by the total loss frequency

C.

Value of the asset multiplied by the loss expectancy

D.

Replacement cost multiplied by the single loss expectancy

Question 61

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s

Options:

A.

Risk Management Program.

B.

Anti-Spam controls.

C.

Security Awareness Program.

D.

Identity and Access Management Program.

Question 62

The effectiveness of an audit is measured by?

Options:

A.

The number of actionable items in the recommendations

B.

How it exposes the risk tolerance of the company

C.

How the recommendations directly support the goals of the company

D.

The number of security controls the company has in use

Question 63

To have accurate and effective information security policies how often should the CISO review the organization policies?

Options:

A.

Every 6 months

B.

Quarterly

C.

Before an audit

D.

At least once a year

Question 64

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Options:

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Question 65

Control Objectives for Information and Related Technology (COBIT) is which of the following?

Options:

A.

An Information Security audit standard

B.

An audit guideline for certifying secure systems and controls

C.

A framework for Information Technology management and governance

D.

A set of international regulations for Information Technology governance

Question 66

Creating a secondary authentication process for network access would be an example of?

Options:

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Question 67

Which of the following illustrates an operational control process:

Options:

A.

Classifying an information system as part of a risk assessment

B.

Installing an appropriate fire suppression system in the data center

C.

Conducting an audit of the configuration management process

D.

Establishing procurement standards for cloud vendors

Question 68

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

Options:

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Question 69

Which of the following is a fundamental component of an audit record?

Options:

A.

Date and time of the event

B.

Failure of the event

C.

Originating IP-Address

D.

Authentication type

Question 70

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.

Which of the following compliance standard is the MOST important to the organization?

Options:

A.

The Federal Risk and Authorization Management Program (FedRAMP)

B.

ISO 27002

C.

NIST Cybersecurity Framework

D.

Payment Card Industry (PCI) Data Security Standard (DSS)

Question 71

Which of the following is the MOST important to share with an Information Security Steering Committee:

Options:

A.

Include a mix of members from different departments and staff levels

B.

Review audit and compliance reports

C.

Ensure that security policies and procedures have been vetted and approved

D.

Be briefed about new trends and products at each meeting by a vendor

Question 72

Which of the following is considered the MOST effective tool against social engineering?

Options:

A.

Anti-phishing tools

B.

Effective Security awareness program

C.

Anti-malware tools

D.

Effective Security Vulnerability Management Program

Question 73

Who should be involved in the development of an internal campaign to address email phishing?

Options:

A.

Business unit leaders, CIO, CEO

B.

Business Unite Leaders, CISO, CIO and CEO

C.

All employees

D.

CFO, CEO, CIO

Question 74

What is a Statement of Objectives (SOA)?

Options:

A.

A section of a contract that defines tasks to be performed under said contract

B.

An outline of what the military will do during war

C.

A document that outlines specific desired outcomes as part of a request for proposal

D.

Business guidance provided by the CEO

Question 75

What is a key policy that should be part of the information security plan?

Options:

A.

Account management policy

B.

Training policy

C.

Acceptable Use policy

D.

Remote Access policy

Question 76

What is the purpose of the statement of retained earnings of an organization?

Options:

A.

It represents the sum of all capital expenditures

B.

It represents the percentage of earnings that could in part be used to finance future security controls

C.

It represents the savings generated by the proper acquisition and implementation of security controls

D.

It has a direct correlation with the CISO’s budget

Question 77

Which of the following BEST mitigates ransomware threats?

Options:

A.

Phishing exercises

B.

Use immutable data storage

C.

Blocking use of wireless networks

D.

Application of multiple endpoint anti-malware solutions

Question 78

You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.

Which of the following is NOT documented in the SSP?

Options:

A.

The controls in place to secure the system

B.

Name of the connected system

C.

The results of a third-party audits and recommendations

D.

Type of information used in the system

Question 79

Devising controls for information security is a balance between?

Options:

A.

Governance and compliance

B.

Auditing and security

C.

Budget and risk tolerance

D.

Threats and vulnerabilities

Question 80

An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.

What should the auditor’s NEXT step be?

Options:

A.

Immediately notify the board of directors of the organization as to the finding

B.

Correct the classifications immediately based on the auditor’s knowledge of the proper classification

C.

Document the missing classifications

D.

Identify the owner of the asset and induce the owner to apply a proper classification

Question 81

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

Options:

A.

Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

B.

Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program

C.

Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

D.

Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Question 82

Which of the following provides the BEST approach to achieving positive outcomes while preserving savings?

Options:

A.

Business Impact Analysis

B.

Cost-benefit analysis

C.

Economic impact analysis

D.

Return on Investment

Question 83

A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).

In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?

Options:

A.

Recovery Point Objective (RPO)

B.

Mean Time to Delivery (MTD)

C.

Recovery Time Objective (RTO)

D.

Maximum Tolerable Downtime (MTD)

Question 84

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).

The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

Options:

A.

ISO 22318 Supply Chain Continuity

B.

ISO 27031 BCM Readiness

C.

ISO 22301 BCM Requirements

D.

ISO 22317 BIA

Question 85

The main purpose of the SOC is:

Options:

A.

An organization which provides Tier 1 support for technology issues and provides escalation when needed

B.

A distributed organization which provides intelligence to governments and private sectors on cyber-criminal activities

C.

The coordination of personnel, processes and technology to identify information security events and provide timely response and remediation

D.

A device which consolidates event logs and provides real-time analysis of security alerts generated by applications and network hardware

Question 86

In defining a strategic security plan for an organization, what should a CISO first analyze?

Options:

A.

Reach out to a business similar to yours and ask for their plan

B.

Set goals that are difficult to attain to drive more productivity

C.

Review business acquisitions for the past 3 years

D.

Analyze the broader organizational strategic plan

Question 87

What are the common data hiding techniques used by criminals?

Options:

A.

Unallocated space and masking

B.

Website defacement and log manipulation

C.

Disabled Logging and admin elevation

D.

Encryption, Steganography, and Changing Metadata/Timestamps

Question 88

Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?

Options:

A.

Purge

B.

Clear

C.

Mangle

D.

Destroy

Question 89

Which of the following statements below regarding Key Performance indicators (KPIs) are true?

Options:

A.

Development of KPI’s are most useful when done independently

B.

They are a strictly quantitative measure of success

C.

They should be standard throughout the organization versus domain-specific so they are more easily correlated

D.

They are a strictly qualitative measure of success

Question 90

To make sure that the actions of all employees, applications, and systems follow the organization’s rules and regulations can BEST be described as which of the following?

Options:

A.

Compliance management

B.

Asset management

C.

Risk management

D.

Security management

Question 91

Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?

Options:

A.

Virtual

B.

Dedicated

C.

Fusion

D.

Command

Question 92

Which of the following is the MOST effective method to counter phishing attacks?

Options:

A.

User awareness and training

B.

Host based Intrusion Detection System (IPS)

C.

Acceptable use guide signed by all system users

D.

Antispam solution

Question 93

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

Options:

A.

Type of data contained in the process/system

B.

Type of connection/protocol used to transfer the data

C.

Type of encryption required for the data once it is at rest

D.

Type of computer the data is processed on

Question 94

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

Options:

A.

Alignment with the business

B.

Effective use of existing technologies

C.

Leveraging existing implementations

D.

Proper budget management

Question 95

When managing the critical path of an IT security project, which of the following is MOST important?

Options:

A.

Knowing who all the stakeholders are.

B.

Knowing the people on the data center team.

C.

Knowing the threats to the organization.

D.

Knowing the milestones and timelines of deliverables.

Question 96

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

Options:

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Question 97

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

Options:

A.

Poor audit support for the security program

B.

A lack of executive presence within the security program

C.

Poor alignment of the security program to business needs

D.

This is normal since business units typically resist security requirements

Question 98

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

Options:

A.

Deploy a SEIM solution and have current staff review incidents first thing in the morning

B.

Contract with a managed security provider and have current staff on recall for incident response

C.

Configure your syslog to send SMS messages to current staff when target events are triggered

D.

Employ an assumption of breach protocol and defend only essential information resources

Question 99

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Question 100

Which of the following are not stakeholders of IT security projects?

Options:

A.

Board of directors

B.

Third party vendors

C.

CISO

D.

Help Desk

Question 101

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

Options:

A.

Failed to identify all stakeholders and their needs

B.

Deployed the encryption solution in an inadequate manner

C.

Used 1024 bit encryption when 256 bit would have sufficed

D.

Used hardware encryption instead of software encryption

Question 102

Which of the following is the BEST indicator of a successful project?

Options:

A.

it is completed on time or early as compared to the baseline project plan

B.

it meets most of the specifications as outlined in the approved project definition

C.

it comes in at or below the expenditures planned for in the baseline budget

D.

the deliverables are accepted by the key stakeholders

Question 103

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

Options:

A.

Vendors uses their own laptop and logins with same admin credentials your security team uses

B.

Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses

C.

Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials

D.

Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

Question 104

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

Options:

A.

Risk Assessment

B.

Incident Response

C.

Risk Management

D.

Network Security administration

Question 105

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

Options:

A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

Question 106

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

Options:

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Question 107

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

Options:

A.

Distance learning/Web seminars

B.

Formal Class

C.

One-One Training

D.

Self –Study (noncomputerized)

Question 108

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

Options:

A.

Tell the team to do their best and respond to each alert

B.

Tune the sensors to help reduce false positives so the team can react better

C.

Request additional resources to handle the workload

D.

Tell the team to only respond to the critical and high alerts

Question 109

Which of the following is a major benefit of applying risk levels?

Options:

A.

Risk management governance becomes easier since most risks remain low once mitigated

B.

Resources are not wasted on risks that are already managed to an acceptable level

C.

Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

D.

Risk appetite can increase within the organization once the levels are understood

Question 110

What oversight should the information security team have in the change management process for application security?

Options:

A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Question 111

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

Options:

A.

Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact

B.

Explain to the IT group that the IPS won’t cause any network impact because it will fail open

C.

Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

D.

Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

Question 112

Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

Options:

A.

Grant her access, the employee has been adequately warned through the AUP.

B.

Assist her with the request, but only after her supervisor signs off on the action.

C.

Reset the employee’s password and give it to the supervisor.

D.

Deny the request citing national privacy laws.

Question 113

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

Options:

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Question 114

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

Options:

A.

Lack of asset management processes

B.

Lack of change management processes

C.

Lack of hardening standards

D.

Lack of proper access controls

Question 115

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

Options:

A.

Alignment with the business

B.

Effective use of existing technologies

C.

Leveraging existing implementations

D.

Proper budget management

Question 116

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 117

An anonymity network is a series of?

Options:

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Question 118

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

Options:

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Question 119

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 120

What type of attack requires the least amount of technical equipment and has the highest success rate?

Options:

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Question 121

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Question 122

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Question 123

The process of identifying and classifying assets is typically included in the

Options:

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Question 124

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 125

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

Options:

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Question 126

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options:

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Question 127

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 128

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 129

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Options:

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Question 130

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Question 131

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Question 132

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Options:

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Question 133

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Options:

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Question 134

The process of creating a system which divides documents based on their security level to manage access to private data is known as

Options:

A.

security coding

B.

data security system

C.

data classification

D.

privacy protection

Question 135

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 136

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Options:

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Question 137

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 138

What is the FIRST step in developing the vulnerability management program?

Options:

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Exam Detail
Vendor: ECCouncil
Certification: CCISO
Exam Code: 712-50
Exam Name: EC-Council Certified CISO (CCISO)
Last Update: Nov 21, 2024
712-50 Question Answers
Page: 1 / 35
Total 460 questions
Get 712-50 Full Access Download 712-50 PDF