It is more faster and easier to pass the 712-50 Study Guides by using 712-50 Exam Questions. Immediate access to the 712-50 Exam Questions and find the same core area 712-50 Exam Dumps with professionally verified answers, then PASS your exam with a high score now.
EC-Council 712-50 Free Dumps Questions Online, Read and Test Now.
NEW QUESTION 1
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
- A. Need to comply with breach disclosure laws
- B. Need to transfer the risk associated with hosting PII data
- C. Need to better understand the risk associated with using PII data
- D. Fiduciary responsibility to safeguard credit card information
NEW QUESTION 2
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Using the best business practices for project management, you determine that the project
correctly aligns with the organization goals. What should be verified next?
- A. Scope
- B. Budget
- C. Resources
- D. Constraints
NEW QUESTION 3
Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?
- A. Destroy the repository of stolen data
- B. Contact your local law enforcement agency
- C. Consult with other C-Level executives to develop an action plan
- D. Contract with a credit reporting company for paid monitoring services for affected customers
NEW QUESTION 4
Which of the following is a symmetric encryption algorithm?
- A. 3DES
- B. MD5
- C. ECC
- D. RSA
NEW QUESTION 5
Which of the following is critical in creating a security program aligned with an organization’s goals?
- A. Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements
- B. Develop a culture in which users, managers and IT professionals all make good decisions about information risk
- C. Provide clear communication of security program support requirements and audit schedules
- D. Create security awareness programs that include clear definition of security program goals and charters
NEW QUESTION 6
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
- A. Use within an organization to formulate security requirements and objectives
- B. Implementation of business-enabling information security
- C. Use within an organization to ensure compliance with laws and regulations
- D. To enable organizations that adopt it to obtain certifications
NEW QUESTION 7
Which of the following most commonly falls within the scope of an information security
governance steering committee?
- A. Approving access to critical financial systems
- B. Developing content for security awareness programs
- C. Interviewing candidates for information security specialist positions
- D. Vetting information security policies
NEW QUESTION 8
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?
- A. Professional user education on phishing conducted by a reputable vendor
- B. Multi-factor authentication employing hard tokens
- C. Forcing password changes every 90 days
- D. Decreasing the number of employees with administrator privileges
NEW QUESTION 9
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
- A. ISO 27001
- B. PRINCE2
- C. ISO 27004
- D. ITILv3
NEW QUESTION 10
The effectiveness of an audit is measured by?
- A. The number of actionable items in the recommendations
- B. How it exposes the risk tolerance of the company
- C. How the recommendations directly support the goals of the company
- D. The number of security controls the company has in use
NEW QUESTION 11
When should IT security project management be outsourced?
- A. When organizational resources are limited
- B. When the benefits of outsourcing outweigh the inherent risks of outsourcing
- C. On new, enterprise-wide security initiatives
- D. On projects not forecasted in the yearly budget
NEW QUESTION 12
Which of the following information may be found in table top exercises for incident response?
- A. Security budget augmentation
- B. Process improvements
- C. Real-time to remediate
- D. Security control selection
NEW QUESTION 13
Which of the following illustrates an operational control process:
- A. Classifying an information system as part of a risk assessment
- B. Installing an appropriate fire suppression system in the data center
- C. Conducting an audit of the configuration management process
- D. Establishing procurement standards for cloud vendors
NEW QUESTION 14
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
- A. Execute
- B. Read
- C. Administrator
- D. Public
NEW QUESTION 15
The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?
- A. Number of callers who report security issues.
- B. Number of callers who report a lack of customer service from the call center
- C. Number of successful social engineering attempts on the call center
- D. Number of callers who abandon the call before speaking with a representative
NEW QUESTION 16
The total cost of security controls should:
- A. Be equal to the value of the information resource being protected
- B. Be greater than the value of the information resource being protected
- C. Be less than the value of the information resource being protected
- D. Should not matter, as long as the information resource is protected
100% Valid and Newest Version 712-50 Questions & Answers shared by Certleader, Get Full Dumps HERE: https://www.certleader.com/712-50-dumps.html (New 343 Q&As)