Last Updated on July 24, 2021 by InfraExam

712-50 : EC-Council Certified CISO : Part 15

  1. What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

    • Deep-Packet inspection
    • Traffic Analysis
    • Heuristic analysis
    • Packet sampling
  2. Which wireless encryption technology makes use of temporal keys?

    • Wi-Fi Protected Access version 2 (WPA2)
    • Wireless Equivalence Protocol (WEP)
    • Wireless Application Protocol (WAP)
    • Extensible Authentication Protocol (EAP)
  3. The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called____________________.

    • Security certification
    • Security accreditation
    • Alignment with business practices and goals.
    • Security system analysis
  4. The ability to demand the implementation and management of security controls on third parties providing services to an organization is_________________________.

    • Disaster recovery
    • Security Governance
    • Vendor management
    • Compliance management
  5. Security related breaches are assessed and contained through which of the following?

    • The IT support team
    • A forensic analysis
    • Physical security team
    • Incident response
  6. Involvement of senior management is MOST important in the development of:

    • IT security procedures
    • IT security implementation plans
    • Standards and guidelines
    • IT security policies
  7. As a CISO you need to understand the steps that are used to perform an attack against a network.

    Put each step into the correct order.
    1.Covering tracks
    2.Scanning and enumeration
    3.Maintaining Access
    5.Gaining Access

    • 4, 3, 5, 2, 1
    • 4, 2, 5, 3, 1
    • 2, 5, 3, 1, 4
    • 4, 5, 2, 3, 1
  8. The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling.

    What is the most likely reason for such broad access?

    • The need to change accounting periods on a regular basis.
    • The need to create and modify the chart of accounts and its allocations.
    • The requirement to post entries for closed accounting period.
    • The lack of policies and procedures for the proper segregation of duties.
  9. Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

    • ISO27000 accreditation
    • Alignment with business goals
    • PCI attestation of compliance
    • Financial statements
  10. In terms of supporting a forensic investigation, it is now imperative that managers, firstresponders, etc., accomplish the following actions to the computer under investigation:

    • Immediately place hard drive and other components in an anti-static bag
    • Secure the area and attempt to maintain power until investigators arrive
    • Secure the area and shut down the computer until investigators arrive
    • Secure the area
  11. What type of attack requires the least amount of technical equipment and has the highest success rate?

    • Social engineering
    • Shrink wrap attacks
    • Operating system attacks
    • War driving
  12. The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

    • Establishing Enterprise-owned Botnets for preemptive attacks
    • Collaboration with law enforcement
    • Well established and defined and defined digital forensics process
    • Be able to retaliate under the framework of Active defense
  13. SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

    • NOPS
    • /../../../../
    • ‘O 1=1 – –
  14. When analyzing and forecasting a capital expense budget what are not included?

    • Purchase of new mobile devices to improve operations
    • New datacenter to operate from
    • Network connectivity costs
    • Upgrade of mainframe
  15. Which of the following is MOST useful when developing a business case for security initiatives?

    • Cost/benefit analysis
    • Budget forecasts
    • Vendor management
    • Request for proposals
  16. The process of creating a system which divides documents based on their security level to manage access to private data is known as ____________________.

    • security coding
    • Privacy protection
    • data security system
    • data classification
  17. What is the FIRST step in developing the vulnerability management program?

    • Baseline the Environment 
    • Define policy
    • Maintain and Monitor
    • Organization Vulnerability
  18. Which of the following statements about Encapsulating Security Payload (ESP) is true?

    • It is an IPSec protocol
    • it is a text-based communication protocol
    • It uses UDP port 22
    • It uses TCP port 22 as the default port and operates at the application layer
  19. Which of the following backup sites takes the longest recovery time?

    • Hot site
    • Cold site
    • Mobile backup site
    • Warm site
  20. Which of the following is a symmetric encryption algorithm?

    • 3DES
    • RSA
    • ECC
    • MD5