EC-Council 712-50 Exam Questions 2021

NEW QUESTION 1
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

• A. low risk-tolerance
• B. high risk-tolerance
• C. moderate risk-tolerance
• D. medium-high risk-tolerance

Answer: A

NEW QUESTION 2
Which of the following is considered to be an IT governance framework and a supporting
toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

• A. Control Objective for Information Technology (COBIT)
• B. Committee of Sponsoring Organizations (COSO)
• C. Payment Card Industry (PCI)
• D. Information Technology Infrastructure Library (ITIL)

Answer: A

NEW QUESTION 3
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

• A. When there is a need to develop a more unified incident response capability.
• B. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.
• C. When there is a variety of technologies deployed in the infrastructure.
• D. When it results in an overall lower cost of operating the security program.

Answer: B

NEW QUESTION 4
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

• A. All vulnerabilities found on servers and desktops
• B. Only critical and high vulnerabilities on servers and desktops
• C. Only critical and high vulnerabilities that impact important production servers
• D. All vulnerabilities that impact important production servers

Answer: C

NEW QUESTION 5
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems
addressing low, moderate, and high levels of concern for

• A. Confidentiality, Integrity and Availability
• B. Assurance, Compliance and Availability
• C. International Compliance
• D. Integrity and Availability

Answer: A

NEW QUESTION 6
What two methods are used to assess risk impact?

• A. Cost and annual rate of expectance
• B. Subjective and Objective
• C. Qualitative and percent of loss realized
• D. Quantitative and qualitative

Answer: D

NEW QUESTION 7
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

• A. Well established and defined digital forensics process
• B. Establishing Enterprise-owned Botnets for preemptive attacks
• C. Be able to retaliate under the framework of Active Defense
• D. Collaboration with law enforcement

Answer: A

NEW QUESTION 8
Which of the following international standards can be BEST used to define a Risk Management process in an organization?

• A. National Institute for Standards and Technology 800-50 (NIST 800-50)
• B. International Organization for Standardizations – 27005 (ISO-27005)
• C. Payment Card Industry Data Security Standards (PCI-DSS)
• D. International Organization for Standardizations – 27004 (ISO-27004)

Answer: B

NEW QUESTION 9
A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

• A. The auditors have not followed proper auditing processes
• B. The CIO of the organization disagrees with the finding
• C. The risk tolerance of the organization permits this risk
• D. The organization has purchased cyber insurance

Answer: C

NEW QUESTION 10
What is the FIRST step in developing the vulnerability management program?

• A. Baseline the Environment
• B. Maintain and Monitor
• C. Organization Vulnerability
• D. Define Policy

Answer: A

Explanation: Topic 5, Strategic Planning & Finance.

NEW QUESTION 11
When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

• A. Daily
• B. Hourly
• C. Weekly
• D. Monthly

Answer: A

NEW QUESTION 12
What are the primary reasons for the development of a business case for a security project?

• A. To estimate risk and negate liability to the company
• B. To understand the attack vectors and attack sources
• C. To communicate risk and forecast resource needs
• D. To forecast usage and cost per software licensing

Answer: C

NEW QUESTION 13
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:

• A. The number of unique communication links is large
• B. The volume of data being transmitted is small
• C. The speed of the encryption / deciphering process is essential
• D. The distance to the end node is farthest away

Answer: C

NEW QUESTION 14
When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

• A. Type of data contained in the process/system
• B. Type of connection/protocol used to transfer the data
• C. Type of encryption required for the data once it is at rest
• D. Type of computer the data is processed on

Answer: A

NEW QUESTION 15
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

• A. Failed to identify all stakeholders and their needs
• B. Deployed the encryption solution in an inadequate manner
• C. Used 1024 bit encryption when 256 bit would have sufficed
• D. Used hardware encryption instead of software encryption

Answer: A

NEW QUESTION 16
The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

• A. Contacting the Internet Service Provider for an IP scope
• B. Getting authority to operate the system from executive management
• C. Changing the default passwords
• D. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Answer: B