EC-Council 712-50 Exam Questions and Answers 2021

NEW QUESTION 1
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

• A. Susceptibility to attack, mitigation response time, and cost
• B. Attack vectors, controls cost, and investigation staffing needs
• C. Vulnerability exploitation, attack recovery, and mean time to repair
• D. Susceptibility to attack, expected duration of attack, and mitigation availability

Answer: A

NEW QUESTION 2
When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

• A. Download open source security tools and deploy them on your production network
• B. Download trial versions of commercially available security tools and deploy on your production network
• C. Download open source security tools from a trusted site, test, and then deploy on production network
• D. Download security tools from a trusted source and deploy to production network

Answer: C

NEW QUESTION 3
An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

• A. Number of change orders rejected
• B. Number and length of planned outages
• C. Number of unplanned outages
• D. Number of change orders processed

Answer: C

NEW QUESTION 4
SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

• A. Create new use cases for operational use of the solution
• B. Determine if sufficient mitigating controls can be applied
• C. Decide to accept the risk on behalf of the impacted business units
• D. Report the deficiency to the audit team and create process exceptions

Answer: B

NEW QUESTION 5
When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

• A. Vendors uses their own laptop and logins with same admin credentials your security team uses
• B. Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses
• C. Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
• D. Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

Answer: C

NEW QUESTION 6
Which of the following is considered the MOST effective tool against social engineering?

• A. Anti-phishing tools
• B. Anti-malware tools
• C. Effective Security Vulnerability Management Program
• D. Effective Security awareness program

Answer: D

NEW QUESTION 7
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

• A. The organization uses exclusively a quantitative process to measure risk
• B. The organization uses exclusively a qualitative process to measure risk
• C. The organization’s risk tolerance is high
• D. The organization’s risk tolerance is lo

Answer: C

NEW QUESTION 8
An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the
project?

• A. Time zone differences
• B. Compliance to local hiring laws
• C. Encryption import/export regulations
• D. Local customer privacy laws

Answer: C

NEW QUESTION 9
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

• A. International encryption restrictions
• B. Compliance to Payment Card Industry (PCI) data security standards
• C. Compliance with local government privacy laws
• D. Adherence to local data breach notification laws

Answer: B

NEW QUESTION 10
Which of the following are primary concerns for management with regard to assessing internal control objectives?

• A. Confidentiality, Availability, Integrity
• B. Compliance, Effectiveness, Efficiency
• C. Communication, Reliability, Cost
• D. Confidentiality, Compliance, Cost

Answer: B

NEW QUESTION 11
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?

• A. Information security theory
• B. Roles and responsibilities
• C. Incident response contacts
• D. Desktop configuration standards

Answer: B

NEW QUESTION 12
A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the following qualifications and experience would be MOST desirable to find in a candidate?

• A. Multiple certifications, strong technical capabilities and lengthy resume
• B. Industry certifications, technical knowledge and program management skills
• C. College degree, audit capabilities and complex project management
• D. Multiple references, strong background check and industry certifications

Answer: B

NEW QUESTION 13
Information security policies should be reviewed:

• A. by stakeholders at least annually
• B. by the CISO when new systems are brought online
• C. by the Incident Response team after an audit
• D. by internal audit semiannually

Answer: A

NEW QUESTION 14
Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

• A. It allows executives to more effectively monitor IT implementation costs
• B. Implementation of it eases an organization’s auditing and compliance burden
• C. Information Security (IS) procedures often require augmentation with other standards
• D. It provides for a consistent and repeatable staffing model for technology organizations

Answer: B

NEW QUESTION 15
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

• A. The CISO does not report directly to the CEO of the organization
• B. The CISO reports to the IT organization
• C. The CISO has not implemented a policy management framework
• D. The CISO has not implemented a security awareness program

Answer: B

NEW QUESTION 16
When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

• A. The asset owner
• B. The asset manager
• C. The data custodian
• D. The project manager

Answer: A