712-50 : EC-Council Certified CISO : Part 16

 

Last Updated on July 24, 2021 by InfraExam

712-50 : EC-Council Certified CISO : Part 16

  1. When analyzing and forecasting an operating expense budget what are not included?

    • New datacenter to operate from
    • Network connectivity costs
    • Software and hardware license fees
    • Utilities and power costs

  2. Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

    When formulating the remediation plan, what is a required input?

    • Board of directors
    • Latest virus definitions file
    • Patching history
    • Risk assessment

  3. Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

    Your Corporate Information Security Policy should include which of the following?

    • Roles and responsibilities
    • Information security theory
    • Incident response contacts
    • Desktop configuration standards

  4. Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

    What is one proven method to account for common elements found within separate regulations and/or standards?

    • Design your program to meet the strictest government standards
    • Develop a crosswalk
    • Hire a GRC expert
    • Use the Find function of your word processor

  5. Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first.

    How can you minimize risk to your most sensitive information before granting access?

    • Set your firewall permissions aggressively and monitor logs regularly.
    • Develop an Information Security Awareness program
    • Conduct background checks on individuals before hiring them
    • Monitor employee drowsing and surfing habits

  6. Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning.

    Which of the following is the MOST logical next step?

    • Create detailed remediation funding and staffing plans
    • Report the audit findings and remediation status to business stake holders
    • Validate the effectiveness of current controls
    • Review security procedures to determine if they need modified according to findings

  7. Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

    An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:

    • Baseline of computer systems
    • Password changes
    • Controlled spear phishing campaigns
    • Scanning for viruses

  8. Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

    What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

    • Cite corporate policy and insist on compliance with audit findings
    • Draw from your experience and recount stories of how other companies have been compromised
    • Understand the business and focus your efforts on enabling operations securely
    • Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance

  9. Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

    Which of the following is the FIRST action the CISO will perform after receiving the audit report?

    • Inform peer executives of the audit results
    • Validate gaps and accepts or dispute the audit findings
    • Create remediation plans to address program gaps
    • Determine if security policies and procedures are adequate

  10. Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

    Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

    • NIST and Privacy Regulations
    • NIST and Data Breach Notification Laws
    • ISO 27000 and Payment Card Industry Data Security Standards
    • ISO 27000 and Human resources best practices

  11. Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed, and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

    What is the MOST logical course of action the CISO should take?

    • Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements
    • Review the original solution set to determine if another system would fit the organization’s risk appetite and budget regulatory compliance requirements
    • Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor.
    • Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be proved when needed

  12. Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements.

    During your investigation of the rumored compromise, you discover that data has been breached and that the repository of stolen data is on a server located in a foreign country. Your team now has full access to the data on the foreign server.

    What action should you take FIRST?

    • Consult with other executives to develop an action plan
    • Contract with a credit reporting company for paid monitoring services for affected customers
    • Contact your local law enforcement agency
    • Destroy the repository of stolen data

  13. Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information.

    All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. The organization wants a more permanent solution to the threat to user credential compromise through phishing.

    What technical solution would BEST address this issue?

    • Multi-factor authentication employing hard tokens
    • Forcing password changes every 90 days
    • Decreasing the number of employees with administrator privileges
    • Professional user education on phishing conducted by a reputable vendor

  14. Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country.

    Your team now has full access to the data on the foreign server. Your defenses did not hold up to the test as originally thought. As you investigate how the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time.

    Which technology or solution could you deploy to prevent employees from removing corporate data from your network?

    • Rigorous syslog reviews
    • Intrusion Detection Systems (IDS)
    • Security Guards posted outside the Data Center
    • Data Loss Prevention (DLP)

  15. Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

    Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

    • Payment Card Industry Digital Security Standard (PCI DSS)
    • National Institute of Standards and Technology (NIST) Special Publication 800-53
    • International Organization for Standardization – ISO 27001/2
    • British Standard 7799 (BS7799)

  16. Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings, you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.

    To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

    • Business continuity plan
    • Security roadmap
    • Business impact analysis
    • Annual report to shareholders

  17. Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable
    to advance the IT security centric agenda.

    From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

    • IT security centric agenda
    • Lack of risk management process
    • Lack of risk management process
    • Compliance centric agenda

  18. Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

    Once supervisors and data owners have approved requests, information system administrators will implement:

    • Management control(s)
    • Technical control(s)
    • Operational control(s)
    • Policy controls(s)

  19. Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant, but it is expected to grow to a global customer base of many millions of customers in just a few years. The organization has already been subject to a significant amount of credit card fraud.

    Which of the following is the MOST likely reason for this fraud?

    • Lack of compliance to the Payment Card Industry (PCI) standards
    • Ineffective security awareness program
    • Lack of technical controls when dealing with credit card data
    • Security practices not in alignment with ISO 27000 frameworks

  20. Scenario: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team. During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions.

    What is the MOST critical aspect of the team’s activities?

    • Regular communication of incident status to executives
    • Preservation of information
    • Eradication of malware and system restoration
    • Determination of the attack source