Last Updated on July 24, 2021 by InfraExam

712-50 : EC-Council Certified CISO : Part 13

  1. As the CISO for your company you are accountable for the protection of information resources commensurate with:

    • Risk of exposure
    • Cost and time to replace
    • Insurability tables
    • Customer demand
  2. The process of identifying and classifying assets is typically included in the________________.

    • Threat analysis process
    • Business Impact Analysis
    • Asset configuration management process
    • Disaster Recovery plan
  3. File Integrity Monitoring (FIM) is considered a________________________.

    • Network-based security preventative control
    • Software segmentation control
    • User segmentation control
    • Security detective control
  4. What are the primary reasons for the development of a business case for a security project?

    • To forecast usage and cost per software licensing
    • To understand the attack vectors and attack sources
    • To communicate risk and forecast resource needs
    • To estimate risk and negate liability to the company
  5. John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they’ve already completed the project work they were contracted to do.

    What can John do in this instance?

    • Withhold the vendor’s payments until the issue is resolved.
    • refer to the contract agreement for direction.
    • Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
    • Review the Request for proposal (RFP) for guidance.
  6. One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient.

    Which of the following keys should be used to encrypt the message?

    • Certificate authority key
    • The recipient’s private key
    • The recipient’s public key
    • Your public key
  7. When dealing with risk, the information security practitioner may choose to:

    • acknowledge
    • transfer
    • assign
    • defer
  8. The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

    • Single Loss Expectancy
    • Life Cycle Loss Expectancy
    • Safeguard Value
    • Cost Benefit Analysis
  9. Human resource planning for security professionals in your organization is a:

    • Training requirement that is on-going and always changing.
    • Simple and easy task because the threats are getting easier to find and correct.
    • Training requirement that is met through once every year user training.
    • Not needed because automation and anti-virus software has eliminated the threats.
  10. Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand.

    You should:

    • Create a detailed technical executive summary
    • Create timelines for mitigation
    • Calculate annual loss expectancy
    • Develop a cost-benefit analysis
  11. What is the BEST reason for having a formal request for proposal process?

    • Creates a timeline for purchasing and budgeting
    • Informs suppliers a company is going to make a purchase
    • Clearly identifies risks and benefits before funding is spent
    • Allows small companies to compete with larger companies
  12. You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults.

    Which of the following is a default community string?

    • Public
    • Administrator
    • Execute
    • Read
  13. As the CISO, you need to create an IT security strategy.

    Which of the following is the MOST important thing to review before you start writing the plan?

    • The existing IT environment
    • Other corporate technology trends
    • The company business plan
    • The present IT budget
  14. The rate of change in technology increases the importance of:

    • Hiring personnel with leading edge skills.
    • Understanding user requirements.
    • Outsourcing the IT functions.
    • Implementing and enforcing good processes.
  15. Acceptable levels of information security risk tolerance in an organization should be determined by?

    • Corporate compliance committee
    • CEO and board of director
    • CISO with reference to the company goals
    • Corporate legal counsel
  16. Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

    • Provide IP and MAC address
    • Disable SSID Broadcast and enable MAC address filtering on all wireless access points.
    • Install a firewall software on each wireless access point.
    • Configure logging on each access point
  17. The total cost of security controls should:

    • Be equal to the value information resource being protected
    • Should not matter, as long as the information resource is protected
    • Be greater than the value of the information resource being protected
    • Be less than the value of the information resource being protected
  18. Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

    • Data classification
    • Security regulations
    • Information security policy
    • Asset classification
  19. Which of the following is the MAIN security concern for public cloud computing?

    • Unable to control physical access to the servers
    • Unable to patch systems as needed
    • Unable to run anti-virus scans
    • Unable to track log on activity
  20. When updating the security strategic planning document what two items must be included?

    • Alignment with the business goals and the vision of the CIO
    • The risk tolerance of the company and the company mission statement
    • The alignment with the business goals and the risk tolerance
    • The executive summary and vision of the board of directors