EC-Council 712-50 Free Practice Questions 2021

NEW QUESTION 1
The single most important consideration to make when developing your security program, policies, and processes is:

• A. Budgeting for unforeseen data compromises
• B. Streamlining for efficiency
• C. Alignment with the business
• D. Establishing your authority as the Security Executive

Answer: C

NEW QUESTION 2
What oversight should the information security team have in the change management process for application security?

• A. Information security should be informed of changes to applications only
• B. Development team should tell the information security team about any application security flaws
• C. Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
• D. Information security should be aware of all application changes and work with developers before changes are deployed in production

Answer: C

NEW QUESTION 3
Which of the following is MOST useful when developing a business case for security initiatives?

• A. Budget forecasts
• B. Request for proposals
• C. Cost/benefit analysis
• D. Vendor management

Answer: C

NEW QUESTION 4
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

• A. International Organization for Standardization 27001
• B. National Institute of Standards and Technology Special Publication SP 800-12
• C. Request For Comment 2196
• D. National Institute of Standards and Technology Special Publication SP 800-26

Answer: A

NEW QUESTION 5
Which of the following intellectual Property components is focused on maintaining brand recognition?

• A. Trademark
• B. Patent
• C. Research Logs
• D. Copyright

Answer: A

NEW QUESTION 6
What is the main purpose of the Incident Response Team?

• A. Ensure efficient recovery and reinstate repaired systems
• B. Create effective policies detailing program activities
• C. Communicate details of information security incidents
• D. Provide current employee awareness programs

Answer: A

NEW QUESTION 7
Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

• A. Incident response plan
• B. Business Continuity plan
• C. Disaster recovery plan
• D. Damage control plan

Answer: C

NEW QUESTION 8
To get an Information Security project back on schedule, which of the following will provide the MOST help?

• A. Upper management support
• B. More frequent project milestone meetings
• C. Stakeholder support
• D. Extend work hours

Answer: A

NEW QUESTION 9
When briefing senior management on the creation of a governance process, the MOST important aspect should be:

• A. information security metrics.
• B. knowledge required to analyze each issue.
• C. baseline against which metrics are evaluated.
• D. linkage to business area objectives.

Answer: D

NEW QUESTION 10
A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

• A. Compliance to the Payment Card Industry (PCI) regulations.
• B. Alignment with financial reporting regulations for each country where they operate.
• C. Alignment with International Organization for Standardization (ISO) standards.
• D. Compliance with patient data protection regulations for each country where they operate.

Answer: D

NEW QUESTION 11
A recommended method to document the respective roles of groups and individuals for a given process is to:

• A. Develop a detailed internal organization chart
• B. Develop a telephone call tree for emergency response
• C. Develop an isolinear response matrix with cost benefit analysis projections
• D. Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

Answer: D

NEW QUESTION 12
A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

• A. Security alignment to business goals
• B. Regulatory compliance effectiveness
• C. Increased security program presence
• D. Proper organizational policy enforcement

Answer: A

NEW QUESTION 13
Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

• A. Security regulations
• B. Asset classification
• C. Information security policy
• D. Data classification

Answer: C

NEW QUESTION 14
Your company has a “no right to privacy” notice on all logon screens for your information
systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

• A. Grant her access, the employee has been adequately warned through the AUP.
• B. Assist her with the request, but only after her supervisor signs off on the action.
• C. Reset the employee’s password and give it to the supervisor.
• D. Deny the request citing national privacy laws.

Answer: B

NEW QUESTION 15
A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

• A. Lack of asset management processes
• B. Lack of change management processes
• C. Lack of hardening standards
• D. Lack of proper access controls

Answer: B

NEW QUESTION 16
The exposure factor of a threat to your organization is defined by?

• A. Asset value times exposure factor
• B. Annual rate of occurrence
• C. Annual loss expectancy minus current cost of controls
• D. Percentage of loss experienced due to a realized threat event

Answer: D