New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

712-50 Reviews Questions

Page: 6 / 35
Total 460 questions

EC-Council Certified CISO (CCISO) Questions and Answers

Question 21

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

Options:

A.

An independent Governance, Risk and Compliance organization

B.

Alignment of security goals with business goals

C.

Compliance with local privacy regulations

D.

Support from Legal and HR teams

Question 22

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

Options:

A.

International Organization for Standardizations – 27004 (ISO-27004)

B.

Payment Card Industry Data Security Standards (PCI-DSS)

C.

Control Objectives for Information Technology (COBIT)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Question 23

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

Options:

A.

Confidentiality, Integrity and Availability

B.

Assurance, Compliance and Availability

C.

International Compliance

D.

Integrity and Availability

Question 24

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

Options:

A.

Professional user education on phishing conducted by a reputable vendor

B.

Multi-factor authentication employing hard tokens

C.

Forcing password changes every 90 days

D.

Decreasing the number of employees with administrator privileges

Page: 6 / 35
Total 460 questions