
2021 712-50 Premium Files Test pdf - Free Dumps Collection
Get ready to pass the 712-50 Exam right now using our CCISO Exam Package
NEW QUESTION 95
What is the main purpose of the Incident Response Team?
- A. Provide current employee awareness programs
- B. Ensure efficient recovery and reinstate repaired systems
- C. Create effective policies detailing program activities
- D. Communicate details of information security incidents
Answer: B
NEW QUESTION 96
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.
- A. Technical control
- B. Procedural control
- C. Administrative control
- D. Management control
Answer: D
NEW QUESTION 97
To have accurate and effective information security policies how often should the CISO review the organization policies?
- A. Every 6 months
- B. At least once a year
- C. Quarterly
- D. Before an audit
Answer: B
NEW QUESTION 98
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?
- A. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.
- B. When there is a variety of technologies deployed in the infrastructure.
- C. When there is a need to develop a more unified incident response capability.
- D. When it results in an overall lower cost of operating the security program.
Answer: A
Explanation:
ECCouncil 712-50 : Practice Test
NEW QUESTION 99
One of the MAIN goals of a Business Continuity Plan is to_______________.
- A. Allow all technical first-responders to understand their roles in the event of a disaster.
- B. Assign responsibilities to the technical teams responsible for the recovery of all data
- C. Provide step by step plans to recover business processes in the event of a disaster
- D. Ensure all infrastructure and applications are available in the event of a disaster
Answer: C
NEW QUESTION 100
Which of the following is true regarding expenditures?
- A. Operating expenditures are for acquiring assets, capital expenditures are for support costs of that asset
- B. Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that asset
- C. Capital expenditures are used to define depreciation tables of intangible assets
- D. Capital expenditures are never taxable
Answer: B
NEW QUESTION 101
John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do.
What can John do in this instance?
- A. Review the Request for proposal (RFP) for guidance.
- B. Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
- C. refer to the contract agreement for direction.
- D. Withhold the vendor's payments until the issue is resolved.
Answer: C
Explanation:
Explanation
NEW QUESTION 102
An organization has a stated requirement to block certain traffic on networks. The
implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?
- A. The business owner
- B. The CISO
- C. The CFO
- D. Audit and Compliance
Answer: A
NEW QUESTION 103
As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?
- A. Have a risk assessment performed.
- B. Nothing, this falls outside your area of influence.
- C. Close and chain the door shut and send a company-wide memo banning the practice.
- D. Post a guard at the door to maintain physical security
Answer: A
NEW QUESTION 104
You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll.
Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff?
- A. Employ an assumption of breach protocol and defend only essential information resources.
- B. Deploy a SEIM solution and have current staff review incidents first in the morning
- C. Configure your syslog to send SMS messages to current staff when target events are triggered.
- D. Contract with a managed security provider and have current staff on recall for incident response
Answer: D
NEW QUESTION 105
A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:
- A. Vendor provided reference from an existing reputable client detailing their implementation
- B. Vendor's client list of reputable organizations currently using their solution
- C. Vendor provided internal risk assessment and security control documentation
- D. Vendor provided attestation of the detailed security controls from a reputable accounting firm
Answer: D
NEW QUESTION 106
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?
- A. All employees and users
- B. Senior Executives
- C. Office of the Auditor
- D. Office of the General Counsel
Answer: B
NEW QUESTION 107
Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country.
Your team now has full access to the data on the foreign server. Your defenses did not hold up to the test as originally thought. As you investigate how the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time.
Which technology or solution could you deploy to prevent employees from removing corporate data from your network?
- A. Rigorous syslog reviews
- B. Data Loss Prevention (DLP)
- C. Security Guards posted outside the Data Center
- D. Intrusion Detection Systems (IDS)
Answer: B
NEW QUESTION 108
Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?
- A. Vulnerability Assessment
- B. Risk Management
- C. Risk Assessment
- D. System Testing
Answer: C
NEW QUESTION 109
The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?
- A. The company lacks the tools to perform a vulnerability assessment
- B. The company does not believe the security vulnerabilities to be real
- C. The company lacks a risk management process
- D. The company has a high risk tolerance
Answer: D
NEW QUESTION 110
An organization's Information Security Policy is of MOST importance because
- A. it establishes a framework to protect confidential information
- B. it is formally acknowledged by all employees and vendors
- C. it defines a process to meet compliance requirements
- D. it communicates management's commitment to protecting information resources
Answer: D
NEW QUESTION 111
What is the relationship between information protection and regulatory compliance?
- A. There is no relationship between the two.
- B. That all information in an organization must be protected equally.
- C. That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.
- D. The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.
Answer: C
NEW QUESTION 112
File Integrity Monitoring (FIM) is considered a
- A. Network based security preventative control
- B. Software segmentation control
- C. Security detective control
- D. User segmentation control
Answer: C
NEW QUESTION 113
......
Master 2021 Latest The Questions CCISO and Pass 712-50 Real Exam!: https://www.lead2passexam.com/EC-COUNCIL/valid-712-50-exam-dumps.html
A fully updated 2021 712-50 Exam Dumps exam guide from training expert Lead2PassExam: https://drive.google.com/open?id=1HM6QtDCRDMe0YE2_YoTVgtUTQinv33zD