712-50 : EC-Council Certified CISO : Part 20

  1. Which of the following terms is used to describe countermeasures implemented to minimize risks to physical property, information, and computing systems?

    • Security frameworks
    • Security policies
    • Security awareness
    • Security controls
  2. Which of the following best describes an access control process that confirms the identity of the entity seeking access to a logical or physical area?

    • Identification
    • Authorization
    • Authentication
    • Accountability
  3. As the Chief Information Security Officer, you are performing an assessment of security posture to understand what your Defense-in-Depth capabilities are. Which network security technology examines network traffic flows to detect and actively stop vulnerability exploits and attacks?

    • Gigamon
    • Intrusion Prevention System
    • Port Security
    • Anti-virus
  4. Michael starts a new job and discovers that he has unnecessary access to a variety of systems. Which of the following best describes the problem he has encountered?

    • Rights collision
    • Excessive privileges
    • Privilege creep
    • Least privileges
  5. Which of the following best describes the sensors designed to project and detect a light beam across an area?

    • Smoke
    • Thermal
    • Air-aspirating
    • Photo electric
  6. As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with third parties outside the organization. What protocol provides the ability to extend the network perimeter with the use of encapsulation and encryption?

    • File Transfer Protocol (FTP)
    • Virtual Local Area Network (VLAN)
    • Simple Mail Transfer Protocol
    • Virtual Private Network (VPN)
  7. As the CISO, you have been tasked with the execution of the company’s key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?

    • Dual Control
    • Separation of Duties
    • Split Knowledge
    • Least Privilege
  8. What is one key difference between Capital expenditures and Operating expenditures?

    • Operating expense cannot be written off while Capital expense can
    • Operating expenses can be depreciated over time and Capital expenses cannot
    • Capital expenses cannot include salaries and Operating expenses can
    • Capital expenditures allow for the cost to be depreciated over time and Operating does not
  9. Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?

    • Segmentation controls.
    • Shadow applications.
    • Deception technology.
    • Vulnerability management.
  10. Which of the following is an accurate description of a balance sheet?

    • The percentage of earnings that are retained by the organization for reinvestment in the business
    • The details of expenses and revenue over a long period of time
    • A summarized statement of all assets and liabilities at a specific point in time
    • A review of regulations and requirements impacting the business from a financial perspective
  11. A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

    • Moderate investment
    • Passive monitoring
    • Integrated security controls
    • Dynamic deception
  12. What is the difference between encryption and tokenization?

    • Tokenization combined with hashing is always better than encryption
    • Encryption can be mathematically reversed to provide the original information
    • The token contains the all original information
    • Tokenization can be mathematically reversed to provide the original information
  13. Which of the following information would MOST likely be reported at the board-level within an organization?

    • System scanning trends and results as they pertain to insider and external threat sources
    • The capabilities of a security program in terms of staffing support
    • Significant risks and security incidents that have been discovered since the last assembly of the membership
    • The numbers and types of cyberattacks experienced by the organization since the last assembly of the membership
  14. Which technology can provide a computing environment without requiring a dedicated hardware backend?

    • Mainframe server
    • Virtual Desktop
    • Thin client
    • Virtual Local Area Network
  15. What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization’s relationship with its shareholders?

    • Internal Audit
    • Corporate governance
    • Risk Oversight
    • Key Performance Indicators
  16. As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?

    • Recovery Point Objective (RPO)
    • Disaster Recovery Plan
    • Recovery Time Objective (RTO)
    • Business Continuity Plan
  17. What are the three hierarchically related aspects of strategic planning and in which order should they be done?

    • 1) Information technology strategic planning, 2) Enterprise strategic planning, 3) Cybersecurity or information security strategic planning
    • 1) Cybersecurity or information security strategic planning, 2) Enterprise strategic planning, 3) Information technology strategic planning
    • 1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or information security strategic planning
    • 1) Enterprise strategic planning, 2) Cybersecurity or information security strategic planning, 3) Information technology strategic planning
  18. Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

    • ITIL
    • Privacy Act
    • Sarbanes Oxley
    • PCI-DSS
  19. Which of the following would negatively impact a log analysis of a multinational organization?

    • Centralized log management
    • Encrypted log files in transit
    • Each node set to local time
    • Log aggregation agent each node
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments