New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

ECCouncil 712-50 Actual Questions

Page: 28 / 35
Total 460 questions

EC-Council Certified CISO (CCISO) Questions and Answers

Question 109

Which of the following is a major benefit of applying risk levels?

Options:

A.

Risk management governance becomes easier since most risks remain low once mitigated

B.

Resources are not wasted on risks that are already managed to an acceptable level

C.

Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

D.

Risk appetite can increase within the organization once the levels are understood

Question 110

What oversight should the information security team have in the change management process for application security?

Options:

A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Question 111

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

Options:

A.

Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact

B.

Explain to the IT group that the IPS won’t cause any network impact because it will fail open

C.

Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

D.

Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

Question 112

Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

Options:

A.

Grant her access, the employee has been adequately warned through the AUP.

B.

Assist her with the request, but only after her supervisor signs off on the action.

C.

Reset the employee’s password and give it to the supervisor.

D.

Deny the request citing national privacy laws.

Page: 28 / 35
Total 460 questions