Last Updated on July 24, 2021 by InfraExam

712-50 : EC-Council Certified CISO : Part 19

  1. Which of the following is the MOST effective method for discovering common technical vulnerabilities within the IT environment?

    • Reviewing system administrator logs
    • Auditing configuration templates
    • Checking vendor product releases
    • Performing system scans
  2. When project costs continually increase throughout implementation due to large or rapid changes in customer or user requirements, this is commonly known as:

    • Cost/benefit adjustments
    • Scope creep
    • Prototype issues
    • Expectations management
  3. During the 3rd quarter of a budget cycle, the CISO noticed she spent more than was originally planned in her annual budget. What is the condition of her current budgetary posture?

    • The budget is in a temporary state of imbalance
    • The budget is operating at a deficit
    • She can realign the budget through moderate capital expense (CAPEX) allocation
    • She has a surplus of operational expenses (OPEX)
  4. The primary purpose of a risk register is to:

    • Maintain a log of discovered risks
    • Track individual risk assessments
    • Develop plans for mitigating identified risks
    • Coordinate the timing of scheduled risk assessments
  5. If a Virtual Machine’s (VM) data is being replicated and that data is corrupted, this corruption will automatically be replicated to the other machine(s). What would be the BEST control to safeguard data integrity?

    • Backup to tape
    • Maintain separate VM backups
    • Backup to a remote location
    • Increase VM replication frequency
  6. Which of the following best describes a portfolio?

    • The portfolio is used to manage and track individual projects
    • The portfolio is used to manage incidents and events
    • A portfolio typically consists of several programs
    • A portfolio delivers one specific service or program to the business
  7. What is meant by password aging?

    • An expiration date set for passwords
    • A Single Sign-On requirement
    • Time in seconds a user is allocated to change a password
    • The amount of time it takes for a password to activate
  8. An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network (WAN). Which of the following would BEST ensure network continuity?

    • Third-party emergency repair contract
    • Pre-built servers and routers
    • Permanent alternative routing
    • Full off-site backup of every server
  9. Which of the following is a common technology for visual monitoring?

    • Closed circuit television
    • Open circuit television
    • Blocked video
    • Local video
  10. Which of the following is an accurate statement regarding capital expenses?

    • They are easily reduced through the elimination of usage, such as reducing power for lighting of work areas during off-hours
    • Capital expenses can never be replaced by operational expenses
    • Capital expenses are typically long-term investments with value being realized through their use
    • The organization is typically able to regain the initial cost by selling this type of asset
  11. A newly-hired CISO needs to understand the organization’s financial management standards for business units and operations. Which of the following would be the best source of this information?

    • The internal accounting department
    • The Chief Financial Officer (CFO)
    • The external financial audit service
    • The managers of the accounts payables and accounts receivables teams
  12. A large number of accounts in a hardened system were suddenly compromised to an external party. Which of the following is the MOST probable threat actor involved in this incident?

    • Poorly configured firewalls
    • Malware
    • Advanced Persistent Threat (APT)
    • An insider
  13. Which of the following defines the boundaries and scope of a risk assessment?

    • The risk assessment schedule
    • The risk assessment framework
    • The risk assessment charter
    • The assessment context
  14. Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company’s website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

    • They need to use Nessus.
    • They can implement Wireshark.
    • Snort is the best tool for their situation.
    • They could use Tripwire.
  15. Which of the following is true regarding expenditures?

    • Capital expenditures are never taxable
    • Operating expenditures are for acquiring assets, capital expenditures are for support costs of that asset
    • Capital expenditures are used to define depreciation tables of intangible assets
    • Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that asset
  16. At what level of governance are individual projects monitored and managed?

    • Program
    • Milestone
    • Enterprise
    • Portfolio
  17. A digital signature addresses which of the following concerns?

    • Message alteration
    • Message copying
    • Message theft
    • Unauthorized reading
  18. What are the three stages of an identity and access management system?

    • Authentication, Authorize, Validation
    • Provision, Administration, Enforcement
    • Administration, Validation, Protect
    • Provision, Administration, Authentication
  19. During the last decade, what trend has caused the MOST serious issues in relation to physical security?

    • Data is more portable due to the increased use of smartphones and tablets
    • The move from centralized computing to decentralized computing
    • Camera systems have become more economical and expanded in their use
    • The internet of Things allows easy compromise of cloud-based systems
  20. Which of the following is the MOST important reason for performing assessments of the security portfolio?

    • To assure that the portfolio is aligned to the needs of the broader organization
    • To create executive support of the portfolio
    • To discover new technologies and processes for implementation within the portfolio
    • To provide independent 3rd party reviews of security effectiveness