CCISO 712-50 Passing Score

EC-Council Certified CISO (CCISO) Questions and Answers

Question 9

What is a difference from the list below between quantitative and qualitative Risk Assessment?

Quantitative risk assessments result in an exact number (in monetary terms)

Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Qualitative risk assessments map to business objectives

Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Question 10

Which of the following is a critical operational component of an Incident Response Program (IRP)?

Weekly program budget reviews to ensure the percentage of program funding remains constant.

Annual review of program charters, policies, procedures and organizational agreements.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Question 11

An organization's Information Security Policy is of MOST importance because

it communicates management’s commitment to protecting information resources

it is formally acknowledged by all employees and vendors

it defines a process to meet compliance requirements

it establishes a framework to protect confidential information

Question 12

Which of the following is MOST likely to be discretionary?

Policies

Procedures

Guidelines

Standards