Last Updated on July 24, 2021 by InfraExam

712-50 : EC-Council Certified CISO : Part 12

  1. An example of professional unethical behavior is:

    • Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material
    • Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes
    • Storing client lists and other sensitive corporate internal documents on a removable thumb drive
    • Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation
  2. When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

    • Vendor uses their own laptop and logins using two factor authentication with their own unique credentials
    • Vendor uses a company supplied laptop and logins using two factor authentication wit same admin credentials your security team uses
    • Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
    • Vendors uses their own laptop and logins with same admin credentials your security team uses
  3. Which of the following is critical in creating a security program aligned with an organization’s goals?

    • Develop a culture in which users, managers and IT professionals all make good decisions about information risk
    • Provide clear communication of security program support requirements and audit schedules
    • Create security awareness programs that include clear definition of security program goals and charters
    • Ensure security budgets enable technical acquisition and resource allocation based in internal compliance requirements
  4. An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions.

    Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

    • Audit and Compliance
    • The CFO
    • The CISO
    • The business owner
  5. A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization.

    Which of the following represents the MOST likely reason for this situation?

    • The project was initiated without an effort to get support from impacted business units in the organization
    • The security officer should allow time for the organization to get accustomed to her presence before initiating security projects
    • The software is out of date and does not provide for a scalable solution across the enterprise
    • The software license expiration is probably out of synchronization with other software licenses
  6. The company decides to release the application without remediating the high-risk vulnerabilities.

    Which of the following is the MOST likely reason for the company to release the application?

    • The company does not believe the security vulnerabilities to be real
    • The company lacks the tools to perform a vulnerability assessment
    • The company lacks a risk management process
    • The company has a high risk tolerance
  7. Which of the following best summarizes the primary goal of a security program?

    • Provide security reporting to all levels of an organization
    • Manage risk within the organization
    • Create effective security awareness to employees
    • Assure regulatory compliance
  8. Which of the following is a strong post designed to stop a car?

    • Fence
    • Bollard
    • Reinforced rebar
    • Gate
  9. Which of the following items of a computer system will an anti-virus program scan for viruses?

    • Boot Sector
    • Password Protected Files
    • Windows Process List
    • Deleted Files
  10. A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach.

    Which of the following is a foundational requirement in order to initiate this type of program?

    • A complete inventory of Information technology assets including infrastructure, networks, applications and data
    • A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
    • A clear set of security policies and procedures that are more concept-based than controls-based than controls-based
    • A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
  11. Which of the following is considered a project versus a managed process?

    • ongoing risk assessment of routine operations
    • continuous vulnerability assessment and vulnerability repair
    • monitoring external and internal environment during incident response
    • installation of a new firewall system
  12. A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets.

    This demonstrates which of the following principles?

    • Increased security program presence
    • Regulatory compliance effectiveness
    • Security organizational policy enforcement
    • Proper organizational policy enforcement
  13. Which of the following methodologies references the recommended industry standard that all project managers should follow?

    • The Security Systems Development Life Cycle
    • Project Management System Methodology
    • Project Management Body of Knowledge
    • The Security Project and Management Methodology
  14. Which of the following can the company implement in order to avoid this type of security issue in the future?

    • Network based intrusion detection systems
    • An audit management process
    • A security training program for developers
    • A risk management process
  15. Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

    • Cost benefit
    • Risk appetite
    • Business continuity
    • Likelihood of impact
  16. Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

    • Terms and Conditions
    • Statements of Work
    • Service Level Agreements (SLA)
    • Key Performance Indicators (KPI)
  17. A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes.

    Which of the following represents the MOST LIKELY cause of this situation?

    • Poor audit support for the security program
    • Poor alignment of the security program to business needs
    • This is normal since business units typically resist security requirements
    • A lack of executive presence within the security program
  18. Which of the following functions evaluates patches used to close software vulnerabilities and perform validation of new systems to assure compliance with security?

    • Incident response
    • Risk management
    • System security administration
    • System testing
  19. Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

    • Risk Assessment
    • Risk Management
    • Incident Response
    • Network Security administration
  20. Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

    • Collaborate security projects
    • Review project charters
    • Define the risk appetite
    • Determine budget constraints