EC-Council 712-50 Free Practice Questions 2021

712-50

712-50 Study Guides for EC-Council certification, Real Success Guaranteed with Updated 712-50 Study Guides. 100% PASS 712-50 EC-Council Certified CISO (CCISO) exam Today!

Free 712-50 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

  • A. Poor audit support for the security program
  • B. A lack of executive presence within the security program
  • C. Poor alignment of the security program to business needs
  • D. This is normal since business units typically resist security requirements

Answer: C

NEW QUESTION 2
Which of the following is the BEST indicator of a successful project?

  • A. it is completed on time or early as compared to the baseline project plan
  • B. it meets most of the specifications as outlined in the approved project definition
  • C. it comes in at or below the expenditures planned for in the baseline budget
  • D. the deliverables are accepted by the key stakeholders

Answer: D

NEW QUESTION 3
When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

  • A. The CISO should cut other essential programs to ensure the new solution’s continued use
  • B. Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use
  • C. Defer selection until the market improves and cash flow is positive
  • D. Implement the solution and ask for the increased operating cost budget when it is time

Answer: B

NEW QUESTION 4
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?

  • A. Inform peer executives of the audit results
  • B. Validate gaps and accept or dispute the audit findings
  • C. Create remediation plans to address program gaps
  • D. Determine if security policies and procedures are adequate

Answer: B

NEW QUESTION 5
You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

  • A. Deploy a SEIM solution and have current staff review incidents first thing in the morning
  • B. Contract with a managed security provider and have current staff on recall for incident response
  • C. Configure your syslog to send SMS messages to current staff when target events are triggered
  • D. Employ an assumption of breach protocol and defend only essential information resources

Answer: B

NEW QUESTION 6
The PRIMARY objective of security awareness is to:

  • A. Ensure that security policies are read.
  • B. Encourage security-conscious employee behavior.
  • C. Meet legal and regulatory requirements.
  • D. Put employees on notice in case follow-up action for noncompliance is necessary

Answer: B

NEW QUESTION 7
Which of the following best summarizes the primary goal of a security program?

  • A. Provide security reporting to all levels of an organization
  • B. Create effective security awareness to employees
  • C. Manage risk within the organization
  • D. Assure regulatory compliance

Answer: C

NEW QUESTION 8
The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s

  • A. Risk Management Program.
  • B. Anti-Spam controls.
  • C. Security Awareness Program.
  • D. Identity and Access Management Program.

Answer: C

NEW QUESTION 9
The formal certification and accreditation process has four primary steps, what are they?

  • A. Evaluating, describing, testing and authorizing
  • B. Evaluating, purchasing, testing, authorizing
  • C. Auditing, documenting, verifying, certifying
  • D. Discovery, testing, authorizing, certifying

Answer: A

NEW QUESTION 10
As the CISO for your company you are accountable for the protection of information resources commensurate with:

  • A. Customer demand
  • B. Cost and time to replace
  • C. Insurability tables
  • D. Risk of exposure

Answer: D

NEW QUESTION 11
The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?

  • A. Risk metrics
  • B. Management metrics
  • C. Operational metrics
  • D. Compliance metrics

Answer: C

Explanation: Topic 3, Management – Projects and Operations (Projects, Technology & Operations)

NEW QUESTION 12
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your
employer?

  • A. Use asymmetric encryption for the automated distribution of the symmetric key
  • B. Use a self-generated key on both ends to eliminate the need for distribution
  • C. Use certificate authority to distribute private keys
  • D. Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it

Answer: A

NEW QUESTION 13
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

  • A. ISO 27001
  • B. ISO 27002
  • C. ISO 27004
  • D. ISO 27005

Answer: D

NEW QUESTION 14
Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

  • A. Perform a vulnerability scan of the network
  • B. External penetration testing by a qualified third party
  • C. Internal Firewall ruleset reviews
  • D. Implement network intrusion prevention systems

Answer: B

NEW QUESTION 15
Risk appetite is typically determined by which of the following organizational functions?

  • A. Security
  • B. Business units
  • C. Board of Directors
  • D. Audit and compliance

Answer: B

NEW QUESTION 16
A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

  • A. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
  • B. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.
  • C. If the findings impact regulatory compliance, remediate the high findings as quickly as possible.
  • D. If the findings do not impact regulatory compliance, review current security controls.

Answer: C

Thanks for reading the newest 712-50 exam dumps! We recommend you to try the PREMIUM Passcertsure 712-50 dumps in VCE and PDF here: https://www.passcertsure.com/712-50-test/ (343 Q&As Dumps)


Related 712-50 posts:

  1. EC-Council 712-50 Free Practice Questions 2021
  2. EC-Council 712-50 Exam Questions and Answers 2021
  3. EC-Council 712-50 Exam Questions and Answers 2021
  4. EC-Council 712-50 Exam Questions 2021
  5. Refresh EC-Council Certified CISO (CCISO) 712-50 Exam