Refresh EC-Council Certified CISO (CCISO) 712-50 Exam

NEW QUESTION 1

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

• A. Risk Tolerance
• B. Qualitative risk analysis
• C. Risk Appetite
• D. Quantitative risk analysis

Answer: D

NEW QUESTION 2

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

• A. tell him to shut down the server
• B. tell him to call the police
• C. tell him to invoke the incident response process
• D. tell him to analyze the problem, preserve the evidence and provide a full analysis and report

Answer: C

NEW QUESTION 3

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

• A. Failed to identify all stakeholders and their needs
• B. Deployed the encryption solution in an inadequate manner
• C. Used 1024 bit encryption when 256 bit would have sufficed
• D. Used hardware encryption instead of software encryption

Answer: A

NEW QUESTION 4

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

• A. Contract a third party to perform a security risk assessment
• B. Define formal roles and responsibilities for Internal audit functions
• C. Define formal roles and responsibilities for Information Security
• D. Create an executive security steering committee

Answer: C

NEW QUESTION 5

Who should be involved in the development of an internal campaign to address email phishing?

• A. Business unit leaders, CIO, CEO
• B. Business Unite Leaders, CISO, CIO and CEO
• C. All employees
• D. CFO, CEO, CIO

Answer: B

NEW QUESTION 6

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

• A. International encryption restrictions
• B. Compliance to Payment Card Industry (PCI) data security standards
• C. Compliance with local government privacy laws
• D. Adherence to local data breach notification laws

Answer: B

NEW QUESTION 7

Which of the following has the GREATEST impact on the implementation of an information security governance model?

• A. Organizational budget
• B. Distance between physical locations
• C. Number of employees
• D. Complexity of organizational structure

Answer: D

NEW QUESTION 8

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.
Which is the BEST type of risk that defines this event?

• A. Compliance Risk
• B. Reputation Risk
• C. Operational Risk
• D. Strategic Risk

Answer: B

NEW QUESTION 9

Credit card information, medical data, and government records are all examples of:

• A. Confidential/Protected Information
• B. Bodily Information
• C. Territorial Information
• D. Communications Information

Answer: A

NEW QUESTION 10

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

• A. Data breach disclosure
• B. Consumer right disclosure
• C. Security incident disclosure
• D. Special circumstance disclosure

Answer: A

NEW QUESTION 11

The exposure factor of a threat to your organization is defined by?

• A. Asset value times exposure factor
• B. Annual rate of occurrence
• C. Annual loss expectancy minus current cost of controls
• D. Percentage of loss experienced due to a realized threat event

Answer: D

NEW QUESTION 12

Which of the following best describes the sensors designed to project and detect a light beam across an area?

• A. Smoke
• B. Thermal
• C. Air-aspirating
• D. Photo electric

Answer: D

Explanation:
Reference: https://en.wikipedia.org/wiki/Photoelectric_sensor

NEW QUESTION 13

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

• A. low risk-tolerance
• B. high risk-tolerance
• C. moderate risk-tolerance
• D. medium-high risk-tolerance

Answer: A

NEW QUESTION 14

Which of the following is a benefit of information security governance?

• A. Questioning the trust in vendor relationships.
• B. Increasing the risk of decisions based on incomplete management information.
• C. Direct involvement of senior management in developing control processes
• D. Reduction of the potential for civil and legal liability

Answer: D

NEW QUESTION 15

The Information Security Governance program MUST:

• A. integrate with other organizational governance processes
• B. support user choice for Bring Your Own Device (BYOD)
• C. integrate with other organizational governance processes
• D. show a return on investment for the organization

Answer: A

NEW QUESTION 16

Which of the following is an accurate statement regarding capital expenses?

• A. They are easily reduced through the elimination of usage, such as reducing power for lighting of work areas during off-hours
• B. Capital expenses can never be replaced by operational expenses
• C. Capital expenses are typically long-term investments with value being realized through their use
• D. The organization is typically able to regain the initial cost by selling this type of asset

Answer: A

NEW QUESTION 17

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

• A. Your public key
• B. The recipient's private key
• C. The recipient's public key
• D. Certificate authority key

Answer: C

NEW QUESTION 18

Which of the following backup sites takes the longest recovery time?

• A. Cold site
• B. Hot site
• C. Warm site
• D. Mobile backup site

Answer: A

NEW QUESTION 19

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization. How would you prevent such type of attacks?

• A. Conduct thorough background checks before you engage them
• B. Hire the people through third-party job agencies who will vet them for you
• C. Investigate their social networking profiles
• D. It is impossible to block these attacks

Answer: A

NEW QUESTION 20
......