EC-Council 712-50 Free Practice Questions

NEW QUESTION 1

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

• A. Identify threats, risks, impacts and vulnerabilities
• B. Decide how to manage risk
• C. Define the budget of the Information Security Management System
• D. Define Information Security Policy

Answer: D

NEW QUESTION 2

Human resource planning for security professionals in your organization is a:

• A. Simple and easy task because the threats are getting easier to find and correct.
• B. Training requirement that is met through once every year user training.
• C. Training requirement that is on-going and always changing.
• D. Not needed because automation and anti-virus software has eliminated the threats.

Answer: C

NEW QUESTION 3

Your incident response plan should include which of the following?

• A. Procedures for litigation
• B. Procedures for reclamation
• C. Procedures for classification
• D. Procedures for charge-back

Answer: C

NEW QUESTION 4

To have accurate and effective information security policies how often should the CISO review the organization policies?

• A. Every 6 months
• B. Quarterly
• C. Before an audit
• D. At least once a year

Answer: D

NEW QUESTION 5

Which of the following is considered a project versus a managed process?

• A. monitoring external and internal environment during incident response
• B. ongoing risk assessments of routine operations
• C. continuous vulnerability assessment and vulnerability repair
• D. installation of a new firewall system

Answer: D

NEW QUESTION 6

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

• A. Upper management support
• B. More frequent project milestone meetings
• C. More training of staff members
• D. Involve internal audit

Answer: A

NEW QUESTION 7

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

• A. The software license expiration is probably out of synchronization with other software licenses
• B. The project was initiated without an effort to get support from impacted business units in the organization
• C. The software is out of date and does not provide for a scalable solution across the enterprise
• D. The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Answer: B

NEW QUESTION 8

Which of the following best summarizes the primary goal of a security program?

• A. Provide security reporting to all levels of an organization
• B. Create effective security awareness to employees
• C. Manage risk within the organization
• D. Assure regulatory compliance

Answer: C

NEW QUESTION 9

Which of the following statements about Encapsulating Security Payload (ESP) is true?

• A. It is an IPSec protocol.
• B. It is a text-based communication protocol.
• C. It uses TCP port 22 as the default port and operates at the application layer.
• D. It uses UDP port 22

Answer: A

NEW QUESTION 10

Physical security measures typically include which of the following components?

• A. Physical, Technical, Operational
• B. Technical, Strong Password, Operational
• C. Operational, Biometric, Physical
• D. Strong password, Biometric, Common Access Card

Answer: A

NEW QUESTION 11

Which of the following is the MOST important goal of risk management?

• A. Identifying the risk
• B. Finding economic balance between the impact of the risk and the cost of the control
• C. Identifying the victim of any potential exploits.
• D. Assessing the impact of potential threats

Answer: B

NEW QUESTION 12

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

• A. Validate the effectiveness of current controls
• B. Create detailed remediation funding and staffing plans
• C. Report the audit findings and remediation status to business stake holders
• D. Review security procedures to determine if they need modified according to findings

Answer: C

NEW QUESTION 13

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

• A. Quarterly
• B. Semi-annually
• C. Bi-annually
• D. Annually

Answer: D

NEW QUESTION 14

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

• A. Risk Assessment
• B. Incident Response
• C. Risk Management
• D. Network Security administration

Answer: C

NEW QUESTION 15

The single most important consideration to make when developing your security program, policies, and processes is:

• A. Budgeting for unforeseen data compromises
• B. Streamlining for efficiency
• C. Alignment with the business
• D. Establishing your authority as the Security Executive

Answer: C

NEW QUESTION 16

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

• A. Use within an organization to formulate security requirements and objectives
• B. Implementation of business-enabling information security
• C. Use within an organization to ensure compliance with laws and regulations
• D. To enable organizations that adopt it to obtain certifications

Answer: B

NEW QUESTION 17

What is a difference from the list below between quantitative and qualitative Risk Assessment?

• A. Quantitative risk assessments result in an exact number (in monetary terms)
• B. Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
• C. Qualitative risk assessments map to business objectives
• D. Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Answer: A

NEW QUESTION 18

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

• A. The company lacks a risk management process
• B. The company does not believe the security vulnerabilities to be real
• C. The company has a high risk tolerance
• D. The company lacks the tools to perform a vulnerability assessment

Answer: C

NEW QUESTION 19

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

• A. Get approval from the board of directors
• B. Screen potential vendor solutions
• C. Verify that the cost of mitigation is less than the risk
• D. Create a risk metrics for all unmitigated risks

Answer: C

NEW QUESTION 20

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

• A. To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.
• B. To provide a common basis for developing organizational security standards
• C. To provide effective security management practice and to provide confidence in inter- organizational dealings
• D. To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Answer: D

NEW QUESTION 21

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
Which group of people should be consulted when developing your security program?

• A. Peers
• B. End Users
• C. Executive Management
• D. All of the above

Answer: :D

NEW QUESTION 22

Which of the following is considered one of the most frequent failures in project management?

• A. Overly restrictive management
• B. Excessive personnel on project
• C. Failure to meet project deadlines
• D. Insufficient resources

Answer: C

NEW QUESTION 23

What role should the CISO play in properly scoping a PCI environment?

• A. Validate the business units’ suggestions as to what should be included in the scoping process
• B. Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment
• C. Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data
• D. Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

Answer: :C

NEW QUESTION 24

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

• A. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
• B. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.
• C. If the findings impact regulatory compliance, remediate the high findings as quickly as possible.
• D. If the findings do not impact regulatory compliance, review current security controls.

Answer: C

NEW QUESTION 25

One of the MAIN goals of a Business Continuity Plan is to

• A. Ensure all infrastructure and applications are available in the event of a disaster
• B. Allow all technical first-responders to understand their roles in the event of a disaster
• C. Provide step by step plans to recover business processes in the event of a disaster
• D. Assign responsibilities to the technical teams responsible for the recovery of all data.

Answer: C

NEW QUESTION 26

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

• A. Daily
• B. Hourly
• C. Weekly
• D. Monthly

Answer: A

NEW QUESTION 27

Risk appetite directly affects what part of a vulnerability management program?

• A. Staff
• B. Scope
• C. Schedule
• D. Scan tools

Answer: B

NEW QUESTION 28
......