Last Updated on July 24, 2021 by InfraExam
712-50 : EC-Council Certified CISO : Part 11
In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise.
Which of the following tools represents the BEST choice to achieve this awareness?
- Intrusion Detection System (IDS), firewall, switch, syslog
- Security Incident Event Management (SIEM), IDS, router, syslog
- VMware, router, switch, firewall, syslog, vulnerability management system (VMS)
- SIEM, IDS, firewall, VMS
Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed.
What can be done to ensure that security is addressed cost effectively?
- Launch an internal awareness campaign
- Installation of new firewalls and intrusion detection systems
- Integrate security requirements into project inception
- User awareness training for all employees
Which of the following is the BEST indicator of a successful project?
- it comes in at or below the expenditures planned for in the baseline budget
- it meets most of the specifications as outlined in the approved project definition
- it is completed on time or early as compared to the baseline project plan
- the deliverables are accepted by the key stakeholders
Which of the following is the MOST important component of any change management process?
- Outage planning
- Approval tracking
- Back-out procedures
When selecting a security solution with reoccurring maintenance costs after the first year
- Implement the solution and ask for the increased operating cost budget when it is time
- Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use
- Defer selection until the market improves and cash flow is positive
- The CISO should cut other essential programs to ensure the new solution’s continued use
What oversight should the information security team have in the change management process for application security?
- Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
- Information security should be aware of all application changes and work with developers before changes and deployed in production
- Information security should be informed of changes to applications only
- Development team should tell the information security team about any application security flaws
An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application.
Which of the following is MOST likely the reason for this recurring issue?
- Lack of version/source controls
- Lack of change management controls
- Ineffective configuration management controls
- High turnover in the application development department
In effort to save your company money which of the following methods of training results in the lowest cost for the organization?
- One-One Training
- Self-Study (noncomputerized)
- Distance learning/Web seminars
- Formal Class
When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?
- Prior to signing the agreement and before any security services are being performed
- Once the agreement has been signed and the security vendor states that they will need access to the network
- Once the vendor is on premise and before they perform security services
- At the time the security services are being performed and the vendor needs access to the network
Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?
- Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data
- Ensure business units are involved in the creation of controls and defining conditions under which they must be applied
- Provide the business units with control mandates and schedules of audits for compliance validation
- Create separate controls for the business based on the types of business and functions they perform
Risk appetite is typically determined by which of the following organizational functions?
- Business units
- Board of Directors
- Audit and compliance
How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability.
What would be the BEST approach for the CISO to reassure the IT group?
- Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility
- Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact
- Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic
- Explain to the IT group that the IPS won’t cause any network impact because it will fail open
Which of the following represents the BEST method of ensuring security program alignment to business needs?
- Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role
- Create a comprehensive security awareness program and provide success metrics to business units
- Create security consortiums, such as strategic security planning groups, that include business unit participation
- Ensure security implementations include business unit testing and functional validation prior to production rollout
A stakeholder is a person or group:
- Vested in the success and/or failure of a project or initiative regardless of budget implications.
- That will ultimately use the system.
- That has budget authority.
- Vested in the success and/or failure of a project or initiative and is tied to the project budget.
Which of the following is considered one of the most frequent failures in project management?
- Overly restrictive management
- Insufficient resources
- Excessive personnel on project
- Failure to meet project deadlines
A recommended method to document the respective roles of groups and individuals for a given process is to:
- Develop a detailed internal organization chart
- Develop an isolinear response matrix with cost benefit analysis projections
- Develop a Responsible, Accountable, Consulted, Informed (RACI) chart
- Develop a telephone call tree for emergency response
Which of the following refers to the quantity or quality of project deliverables expanding from the original project plan?
- Scope creep
- Deadline extension
- Deliverable expansion
- Scope modification
You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority.
Which of the following BEST describes this organization?
- Risk conditional
- Risk minimal
- Risk tolerant
- Risk averse
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data, it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. The help desk is then flooded with complaints about the slow performance of the laptops and users are upset.
Which of the following best describes what the CISO did wrong?
- Failed to identify all stakeholders and their needs
- Deployed the encryption solution in an inadequate manner
- Used 1024 bit encryption when 256 bit would have sufficed
- Used hardware encryption instead of software encryption