Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

ECCouncil 712-50 Dumps

Page: 1 / 46
Total 460 questions
Get 712-50 Full Access Download 712-50 PDF

EC-Council Certified CISO (CCISO) Questions and Answers

Question 1

The Information Security Governance program MUST:

Options:

A.

integrate with other organizational governance processes

B.

support user choice for Bring Your Own Device (BYOD)

C.

integrate with other organizational governance processes

D.

show a return on investment for the organization

Question 2

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

Options:

A.

Confidentiality, Integrity and Availability

B.

Assurance, Compliance and Availability

C.

International Compliance

D.

Integrity and Availability

Question 3

Which of the following most commonly falls within the scope of an information security governance steering committee?

Options:

A.

Approving access to critical financial systems

B.

Developing content for security awareness programs

C.

Interviewing candidates for information security specialist positions

D.

Vetting information security policies

Question 4

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Options:

A.

Subscribe to vendor mailing list to get notification of system vulnerabilities

B.

Deploy Intrusion Detection System (IDS) and install anti-virus on systems

C.

Configure firewall, perimeter router and Intrusion Prevention System (IPS)

D.

Conduct security testing, vulnerability scanning, and penetration testing

Question 5

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

Options:

A.

Information Technology Infrastructure Library (ITIL)

B.

International Organization for Standardization (ISO) standards

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

National Institute for Standards and Technology (NIST) standard

Question 6

Which of the following should be determined while defining risk management strategies?

Options:

A.

Organizational objectives and risk tolerance

B.

Risk assessment criteria

C.

IT architecture complexity

D.

Enterprise disaster recovery plans

Question 7

The single most important consideration to make when developing your security program, policies, and processes is:

Options:

A.

Budgeting for unforeseen data compromises

B.

Streamlining for efficiency

C.

Alignment with the business

D.

Establishing your authority as the Security Executive

Question 8

Risk appetite directly affects what part of a vulnerability management program?

Options:

A.

Staff

B.

Scope

C.

Schedule

D.

Scan tools

Question 9

If your organization operates under a model of "assumption of breach", you should:

Options:

A.

Protect all information resource assets equally

B.

Establish active firewall monitoring protocols

C.

Purchase insurance for your compliance liability

D.

Focus your security efforts on high value assets

Question 10

The exposure factor of a threat to your organization is defined by?

Options:

A.

Asset value times exposure factor

B.

Annual rate of occurrence

C.

Annual loss expectancy minus current cost of controls

D.

Percentage of loss experienced due to a realized threat event

Question 11

A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the following qualifications and experience would be MOST desirable to find in a candidate?

Options:

A.

Multiple certifications, strong technical capabilities and lengthy resume

B.

Industry certifications, technical knowledge and program management skills

C.

College degree, audit capabilities and complex project management

D.

Multiple references, strong background check and industry certifications

Question 12

An organization information security policy serves to

Options:

A.

establish budgetary input in order to meet compliance requirements

B.

establish acceptable systems and user behavior

C.

define security configurations for systems

D.

define relationships with external law enforcement agencies

Question 13

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

Options:

A.

Contacting the Internet Service Provider for an IP scope

B.

Getting authority to operate the system from executive management

C.

Changing the default passwords

D.

Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Question 14

Who in the organization determines access to information?

Options:

A.

Legal department

B.

Compliance officer

C.

Data Owner

D.

Information security officer

Question 15

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

Options:

A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

Question 16

Which of the following is a critical operational component of an Incident Response Program (IRP)?

Options:

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Question 17

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

Options:

A.

Test every three years to ensure that things work as planned

B.

Conduct periodic tabletop exercises to refine the BC plan

C.

Outsource the creation and execution of the BC plan to a third party vendor

D.

Conduct a Disaster Recovery (DR) exercise every year to test the plan

Question 18

What is the BEST way to achieve on-going compliance monitoring in an organization?

Options:

A.

Only check compliance right before the auditors are scheduled to arrive onsite.

B.

Outsource compliance to a 3rd party vendor and let them manage the program.

C.

Have Compliance and Information Security partner to correct issues as they arise.

D.

Have Compliance direct Information Security to fix issues after the auditors report.

Question 19

Regulatory requirements typically force organizations to implement

Options:

A.

Mandatory controls

B.

Discretionary controls

C.

Optional controls

D.

Financial controls

Question 20

What is the definition of Risk in Information Security?

Options:

A.

Risk = Probability x Impact

B.

Risk = Threat x Probability

C.

Risk = Financial Impact x Probability

D.

Risk = Impact x Threat

Question 21

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Options:

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Question 22

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

Options:

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months

Question 23

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

Options:

A.

How many credit card records are stored?

B.

How many servers do you have?

C.

What is the scope of the certification?

D.

What is the value of the assets at risk?

Question 24

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

Options:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Question 25

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans.

Which control is MOST important to protect AI products?

Options:

A.

Hash datasets

B.

Sanitize datasets

C.

Delete datasets

D.

Encrypt datasets

Question 26

Which of the following provides the BEST approach to achieving positive outcomes while preserving savings?

Options:

A.

Business Impact Analysis

B.

Cost-benefit analysis

C.

Economic impact analysis

D.

Return on Investment

Question 27

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.

Which of the following compliance standard is the MOST important to the organization?

Options:

A.

The Federal Risk and Authorization Management Program (FedRAMP)

B.

ISO 27002

C.

NIST Cybersecurity Framework

D.

Payment Card Industry (PCI) Data Security Standard (DSS)

Question 28

XYZ is a publicly-traded software development company.

Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?

Options:

A.

Chief Financial Officer (CFO)

B.

Chief Software Architect (CIO)

C.

CISO

D.

Chief Executive Officer (CEO)

Question 29

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

Options:

A.

This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system

B.

Contracting rules typically require you to have conversations with two or more groups

C.

Discussing decisions with a very large group of people always provides a better outcome

D.

It helps to avoid regulatory or internal compliance issues

Question 30

What is the THIRD state of the Tuckman Stages of Group Development?

Options:

A.

Performing

B.

Norming

C.

Storming

D.

Forming

Question 31

You have been promoted to the CISO of a retail store. Which of the following compliance standards is the MOST important to the organization?

Options:

A.

Payment Card Industry (PCI) Data Security Standard (DSS)

B.

ISO 27002

C.

NIST Cybersecurity Framework

D.

The Federal Risk and Authorization Management Program (FedRAMP)

Question 32

What is the MOST critical output of the incident response process?

Options:

A.

A complete document of all involved team members and the support they provided

B.

Recovery of all data from affected systems

C.

Lessons learned from the incident, so they can be incorporated into the incident response processes

D.

Clearly defined documents detailing standard evidence collection and preservation processes

Question 33

What are the common data hiding techniques used by criminals?

Options:

A.

Unallocated space and masking

B.

Website defacement and log manipulation

C.

Disabled Logging and admin elevation

D.

Encryption, Steganography, and Changing Metadata/Timestamps

Question 34

When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:

Options:

A.

Patch management

B.

Network monitoring

C.

Ability to provide security services tailored to the business’ needs

D.

24/7 tollfree number

Question 35

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

Options:

A.

RAM and unallocated space

B.

Unallocated space and RAM

C.

Slack space and browser cache

D.

Persistent and volatile data

Question 36

What key technology can mitigate ransomware threats?

Options:

A.

Use immutable data storage

B.

Phishing exercises

C.

Application of multiple end point anti-malware solutions

D.

Blocking use of wireless networks

Question 37

When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

Options:

A.

SaaS provider’s website certifications and representations (certs and reps)

B.

SOC-2 Report

C.

Metasploit Audit Report

D.

Statement from SaaS provider attesting their ability to secure your data

Question 38

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

Options:

A.

Business Impact Analysis

B.

Economic Impact analysis

C.

Return on Investment

D.

Cost-benefit analysis

Question 39

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

Options:

A.

Public cloud

B.

Private cloud

C.

Community cloud

D.

Hybrid cloud

Question 40

To make sure that the actions of all employees, applications, and systems follow the organization’s rules and regulations can BEST be described as which of the following?

Options:

A.

Compliance management

B.

Asset management

C.

Risk management

D.

Security management

Question 41

Many successful cyber-attacks currently include:

Options:

A.

Phishing Attacks

B.

Misconfigurations

C.

Social engineering

D.

All of these

Question 42

What is the purpose of the statement of retained earnings of an organization?

Options:

A.

It represents the sum of all capital expenditures

B.

It represents the percentage of earnings that could in part be used to finance future security controls

C.

It represents the savings generated by the proper acquisition and implementation of security controls

D.

It has a direct correlation with the CISO’s budget

Question 43

Who is responsible for verifying that audit directives are implemented?

Options:

A.

IT Management

B.

Internal Audit

C.

IT Security

D.

BOD Audit Committee

Question 44

What organizational structure combines the functional and project structures to create a hybrid of the two?

Options:

A.

Traditional

B.

Composite

C.

Project

D.

Matrix

Question 45

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

Options:

A.

Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

B.

Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program

C.

Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

D.

Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Question 46

As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.

The performance quality audit activity is done in what project management process group?

Options:

A.

Executing

B.

Controlling

C.

Planning

D.

Closing

Question 47

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 48

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Question 49

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 50

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Question 51

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Question 52

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 53

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Question 54

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Question 55

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

Options:

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Question 56

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

Options:

A.

4, 2, 5, 3, 1

B.

2, 5, 3, 1, 4

C.

4, 5, 2, 3, 1

D.

4, 3, 5, 2, 1

Question 57

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 58

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options:

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Question 59

What type of attack requires the least amount of technical equipment and has the highest success rate?

Options:

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Question 60

An anonymity network is a series of?

Options:

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Question 61

The process of creating a system which divides documents based on their security level to manage access to private data is known as

Options:

A.

security coding

B.

data security system

C.

data classification

D.

privacy protection

Question 62

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 63

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Options:

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Question 64

What is the FIRST step in developing the vulnerability management program?

Options:

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Question 65

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Options:

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Question 66

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Options:

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Question 67

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Options:

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Question 68

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 69

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

Options:

A.

non-repudiation

B.

conflict resolution

C.

strong authentication

D.

digital rights management

Question 70

Which of the following information would MOST likely be reported at the board-level within an organization?

Options:

A.

System scanning trends and results as they pertain to insider and external threat sources

B.

The capabilities of a security program in terms of staffing support

C.

Significant risks and security incidents that have been discovered since the last assembly of the

membership

D.

The numbers and types of cyberattacks experienced by the organization since the last assembly of the

membership

Question 71

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Once supervisors and data owners have approved requests, information system administrators will implement

Options:

A.

Technical control(s)

B.

Management control(s)

C.

Policy control(s)

D.

Operational control(s)

Question 72

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

Options:

A.

The existing IT environment.

B.

The company business plan.

C.

The present IT budget.

D.

Other corporate technology trends.

Question 73

At what level of governance are individual projects monitored and managed?

Options:

A.

Program

B.

Milestone

C.

Enterprise

D.

Portfolio

Question 74

When updating the security strategic planning document what two items must be included?

Options:

A.

Alignment with the business goals and the vision of the CIO

B.

The risk tolerance of the company and the company mission statement

C.

The executive summary and vision of the board of directors

D.

The alignment with the business goals and the risk tolerance

Question 75

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Options:

A.

The Net Present Value (NPV) of the project is positive

B.

The NPV of the project is negative

C.

The Return on Investment (ROI) is larger than 10 months

D.

The ROI is lower than 10 months

Question 76

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

Options:

A.

Conduct background checks on individuals before hiring them

B.

Develop an Information Security Awareness program

C.

Monitor employee browsing and surfing habits

D.

Set your firewall permissions aggressively and monitor logs regularly.

Question 77

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

Options:

A.

Internal Audit

B.

Corporate governance

C.

Risk Oversight

D.

Key Performance Indicators

Question 78

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

Options:

A.

There is integration between IT security and business staffing.

B.

There is a clear definition of the IT security mission and vision.

C.

There is an auditing methodology in place.

D.

The plan requires return on investment for all security projects.

Question 79

Which of the following best describes a portfolio?

Options:

A.

The portfolio is used to manage and track individual projects

B.

The portfolio is used to manage incidents and events

C.

A portfolio typically consists of several programs

D.

A portfolio delivers one specific service or program to the business

Question 80

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

Options:

A.

NIST and Privacy Regulations

B.

ISO 27000 and Payment Card Industry Data Security Standards

C.

NIST and data breach notification laws

D.

ISO 27000 and Human resources best practices

Question 81

Simon had all his systems administrators implement hardware and software firewalls to ensure network

security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized

traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker

group was able to get into the network and modify files hosted on the company's website. After searching

through the firewall and server logs, no one could find how the attackers were able to get in. He decides that

the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts

administrators when a critical file is altered. What tool could Simon and his administrators implement to

accomplish this?

Options:

A.

They need to use Nessus.

B.

They can implement Wireshark.

C.

Snort is the best tool for their situation.

D.

They could use Tripwire.

Question 82

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how

hardware and software is implemented and managed within the organization. Which of the following principles

does this best demonstrate?

Options:

A.

Effective use of existing technologies

B.

Create a comprehensive security awareness program and provide success metrics to business units

C.

Proper budget management

D.

Leveraging existing implementations

Question 83

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

Options:

A.

Begin initial gap remediation analyses

B.

Review the security organization’s charter

C.

Validate gaps with the Information Technology team

D.

Create a briefing of the findings for executive management

Question 84

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

Options:

A.

Validate the effectiveness of current controls

B.

Create detailed remediation funding and staffing plans

C.

Report the audit findings and remediation status to business stake holders

D.

Review security procedures to determine if they need modified according to findings

Question 85

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

Options:

A.

Upper management support

B.

More frequent project milestone meetings

C.

More training of staff members

D.

Involve internal audit

Question 86

What are the primary reasons for the development of a business case for a security project?

Options:

A.

To estimate risk and negate liability to the company

B.

To understand the attack vectors and attack sources

C.

To communicate risk and forecast resource needs

D.

To forecast usage and cost per software licensing

Question 87

Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

Options:

A.

ITIL

B.

Privacy Act

C.

Sarbanes Oxley

D.

PCI-DSS

Question 88

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

Options:

A.

The CISO does not report directly to the CEO of the organization

B.

The CISO reports to the IT organization

C.

The CISO has not implemented a policy management framework

D.

The CISO has not implemented a security awareness program

Question 89

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

What type of control is being implemented by supervisors and data owners?

Options:

A.

Management

B.

Operational

C.

Technical

D.

Administrative

Question 90

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?

Options:

A.

Scope of the project

B.

Training of the personnel on the project

C.

Timeline of the project milestones

D.

Vendor for the project

Question 91

A newly-hired CISO needs to understand the organization’s financial management standards for business units

and operations. Which of the following would be the best source of this information?

Options:

A.

The internal accounting department

B.

The Chief Financial Officer (CFO)

C.

The external financial audit service

D.

The managers of the accounts payables and accounts receivables teams

Question 92

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

Options:

A.

Create new use cases for operational use of the solution

B.

Determine if sufficient mitigating controls can be applied

C.

Decide to accept the risk on behalf of the impacted business units

D.

Report the deficiency to the audit team and create process exceptions

Question 93

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Options:

A.

Validate that security awareness program content includes information about the potential vulnerability

B.

Conduct a thorough risk assessment against the current implementation to determine system functions

C.

Determine program ownership to implement compensating controls

D.

Send a report to executive peers and business unit owners detailing your suspicions

Question 94

The risk found after a control has been fully implemented is called:

Options:

A.

Residual Risk

B.

Total Risk

C.

Post implementation risk

D.

Transferred risk

Question 95

Which of the following reports should you as an IT auditor use to check on compliance with a service level agreement’s requirement for uptime?

Options:

A.

Systems logs

B.

Hardware error reports

C.

Utilization reports

D.

Availability reports

Question 96

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

Options:

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Question 97

Which of the following activities is the MAIN purpose of the risk assessment process?

Options:

A.

Creating an inventory of information assets

B.

Classifying and organizing information assets into meaningful groups

C.

Assigning value to each information asset

D.

Calculating the risks to which assets are exposed in their current setting

Question 98

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

Options:

A.

All vulnerabilities found on servers and desktops

B.

Only critical and high vulnerabilities on servers and desktops

C.

Only critical and high vulnerabilities that impact important production servers

D.

All vulnerabilities that impact important production servers

Question 99

Which of the following activities results in change requests?

Options:

A.

Preventive actions

B.

Inspection

C.

Defect repair

D.

Corrective actions

Question 100

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

Options:

A.

ISO 27001

B.

ISO 27002

C.

ISO 27004

D.

ISO 27005

Question 101

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

Options:

A.

Use within an organization to formulate security requirements and objectives

B.

Implementation of business-enabling information security

C.

Use within an organization to ensure compliance with laws and regulations

D.

To enable organizations that adopt it to obtain certifications

Question 102

Which of the following is the MOST important goal of risk management?

Options:

A.

Identifying the risk

B.

Finding economic balance between the impact of the risk and the cost of the control

C.

Identifying the victim of any potential exploits.

D.

Assessing the impact of potential threats

Question 103

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

Options:

A.

Have internal audit conduct another audit to see what has changed.

B.

Contract with an external audit company to conduct an unbiased audit

C.

Review the recommendations and follow up to see if audit implemented the changes

D.

Meet with audit team to determine a timeline for corrections

Question 104

Which of the following is a fundamental component of an audit record?

Options:

A.

Date and time of the event

B.

Failure of the event

C.

Originating IP-Address

D.

Authentication type

Question 105

As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?

Options:

A.

Nothing, this falls outside your area of influence.

B.

Close and chain the door shut and send a company-wide memo banning the practice.

C.

Have a risk assessment performed.

D.

Post a guard at the door to maintain physical security

Question 106

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

Options:

A.

Daily

B.

Hourly

C.

Weekly

D.

Monthly

Question 107

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

Options:

A.

Executive summary

B.

Penetration test agreement

C.

Names and phone numbers of those who conducted the audit

D.

Business charter

Question 108

The amount of risk an organization is willing to accept in pursuit of its mission is known as

Options:

A.

Risk mitigation

B.

Risk transfer

C.

Risk tolerance

D.

Risk acceptance

Question 109

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

Options:

A.

To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

B.

To provide a common basis for developing organizational security standards

C.

To provide effective security management practice and to provide confidence in inter-organizational dealings

D.

To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Question 110

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

Options:

A.

ISO 27001

B.

PRINCE2

C.

ISO 27004

D.

ITILv3

Question 111

The patching and monitoring of systems on a consistent schedule is required by?

Options:

A.

Local privacy laws

B.

Industry best practices

C.

Risk Management frameworks

D.

Audit best practices

Question 112

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

Options:

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

Question 113

Creating a secondary authentication process for network access would be an example of?

Options:

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Question 114

When you develop your audit remediation plan what is the MOST important criteria?

Options:

A.

To remediate half of the findings before the next audit.

B.

To remediate all of the findings before the next audit.

C.

To validate that the cost of the remediation is less than the risk of the finding.

D.

To validate the remediation process with the auditor.

Question 115

When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

Options:

A.

Threat Level, Risk of Compromise, and Consequences of Compromise

B.

Risk Avoidance, Threat Level, and Consequences of Compromise

C.

Risk Transfer, Reputational Impact, and Consequences of Compromise

D.

Reputational Impact, Financial Impact, and Risk of Compromise

Question 116

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

Options:

A.

User awareness training for all employees

B.

Installation of new firewalls and intrusion detection systems

C.

Launch an internal awareness campaign

D.

Integrate security requirements into project inception

Question 117

As the CISO for your company you are accountable for the protection of information resources commensurate with:

Options:

A.

Customer demand

B.

Cost and time to replace

C.

Insurability tables

D.

Risk of exposure

Question 118

Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Options:

A.

Upper management support

B.

More frequent project milestone meetings

C.

More training of staff members

D.

Involve internal audit

Question 119

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

Options:

A.

Failed to identify all stakeholders and their needs

B.

Deployed the encryption solution in an inadequate manner

C.

Used 1024 bit encryption when 256 bit would have sufficed

D.

Used hardware encryption instead of software encryption

Question 120

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

Options:

A.

Vendor’s client list of reputable organizations currently using their solution

B.

Vendor provided attestation of the detailed security controls from a reputable accounting firm

C.

Vendor provided reference from an existing reputable client detailing their implementation

D.

Vendor provided internal risk assessment and security control documentation

Question 121

Which of the following represents the BEST method of ensuring security program alignment to business needs?

Options:

A.

Create a comprehensive security awareness program and provide success metrics to business units

B.

Create security consortiums, such as strategic security planning groups, that include business unit participation

C.

Ensure security implementations include business unit testing and functional validation prior to production rollout

D.

Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role

Question 122

Which of the following is considered a project versus a managed process?

Options:

A.

monitoring external and internal environment during incident response

B.

ongoing risk assessments of routine operations

C.

continuous vulnerability assessment and vulnerability repair

D.

installation of a new firewall system

Question 123

Which of the following best summarizes the primary goal of a security program?

Options:

A.

Provide security reporting to all levels of an organization

B.

Create effective security awareness to employees

C.

Manage risk within the organization

D.

Assure regulatory compliance

Question 124

When managing the critical path of an IT security project, which of the following is MOST important?

Options:

A.

Knowing who all the stakeholders are.

B.

Knowing the people on the data center team.

C.

Knowing the threats to the organization.

D.

Knowing the milestones and timelines of deliverables.

Question 125

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Question 126

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

Options:

A.

Type of data contained in the process/system

B.

Type of connection/protocol used to transfer the data

C.

Type of encryption required for the data once it is at rest

D.

Type of computer the data is processed on

Question 127

Which business stakeholder is accountable for the integrity of a new information system?

Options:

A.

CISO

B.

Compliance Officer

C.

Project manager

D.

Board of directors

Question 128

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

Options:

A.

The company lacks a risk management process

B.

The company does not believe the security vulnerabilities to be real

C.

The company has a high risk tolerance

D.

The company lacks the tools to perform a vulnerability assessment

Question 129

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

Options:

A.

Poor audit support for the security program

B.

A lack of executive presence within the security program

C.

Poor alignment of the security program to business needs

D.

This is normal since business units typically resist security requirements

Question 130

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

Options:

A.

Quarterly

B.

Semi-annually

C.

Bi-annually

D.

Annually

Question 131

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

Options:

A.

low risk-tolerance

B.

high risk-tolerance

C.

moderate risk-tolerance

D.

medium-high risk-tolerance

Question 132

When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)

Options:

A.

The CISO should cut other essential programs to ensure the new solution’s continued use

B.

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

C.

Defer selection until the market improves and cash flow is positive

D.

Implement the solution and ask for the increased operating cost budget when it is time

Question 133

Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?

Options:

A.

Security administrators

B.

Security mangers

C.

Security technicians

D.

Security analysts

Question 134

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

Options:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

Question 135

You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

Options:

A.

Risk averse

B.

Risk tolerant

C.

Risk conditional

D.

Risk minimal

Question 136

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Options:

A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

Question 137

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

Options:

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Question 138

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

Options:

A.

Distance learning/Web seminars

B.

Formal Class

C.

One-One Training

D.

Self –Study (noncomputerized)

Load More 712-50 Questions
Page: 1 / 46
Total 460 questions
Get 712-50 Full Access Download 712-50 PDF