Certbus > EC-COUNCIL > CCISO > 712-50 > 712-50 Online Practice Questions and Answers

712-50 Online Practice Questions and Answers

Questions 4

One of the MAIN goals of a Business Continuity Plan is to_______________.

A. Ensure all infrastructure and applications are available in the event of a disaster

B. Assign responsibilities to the technical teams responsible for the recovery of all data

C. Provide step by step plans to recover business processes in the event of a disaster

D. Allow all technical first-responders to understand their roles in the event of a disaster.

Browse 468 Q&As
Questions 5

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis.

Which one of the following approaches would you use?

A. Risk mitigation

B. Estimate activity duration

C. Quantitative analysis

D. Qualitative analysis

Browse 468 Q&As
Questions 6

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do.

What is the BEST approach to handle this situation?

A. Tune the sensors to help reduce false positives so the team can react better

B. Request additional resources to handle the workload

C. Tell the team to do their best and respond to each alert

D. Tell the team to only respond to the critical and high alerts

Browse 468 Q&As
Questions 7

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes.

Which of the following represents the MOST LIKELY cause of this situation?

A. Poor audit support for the security program

B. Poor alignment of the security program to business needs

C. This is normal since business units typically resist security requirements

D. A lack of executive presence within the security program

Browse 468 Q&As
Questions 8

File Integrity Monitoring (FIM) is considered a________________________.

A. Network-based security preventative control

B. Software segmentation control

C. User segmentation control

D. Security detective control

Browse 468 Q&As
Questions 9

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

A. The NPV of the project is negative

B. The return on Investment (ROI) is larger than 10 months

C. The Net Present value (NPV) of the project is positive

D. The ROI is lower than 10 months

Browse 468 Q&As
Questions 10

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

A. Establishing Enterprise-owned Botnets for preemptive attacks

B. Collaboration with law enforcement

C. Well established and defined and defined digital forensics process

D. Be able to retaliate under the framework of Active defense

Browse 468 Q&As
Questions 11

Who is responsible for securing networks during a security incident?

A. Security Operations Center (SOC)

B. Chief Information Security Officer (CISO)

C. Disaster Recovery (DR) manager

D. Incident response Team (IRT)

Browse 468 Q&As
Questions 12

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

A. Perform a vulnerability scan of the network

B. Internal Firewall ruleset reviews

C. Implement network intrusion prevention systems

D. External penetration testing by a qualified third party

Browse 468 Q&As
Questions 13

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

A. Information Security (IS) procedures often require augmentation with other standards

B. Implementation of it eases an organization's auditing and compliance burden

C. It provides for a consistent and repeatable staffing model for technology organizations

D. It allows executives to more effectively monitor IT implementation costs

Browse 468 Q&As
Questions 14

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

A. Perform an audit to measure the control formally

B. Escalate the issue to the IT organization

C. Perform a risk assessment to measure risk

D. Establish Key Risk Indicators

Browse 468 Q&As
Questions 15

Which of the following is a major benefit of applying risk levels?

A. Resources are not wasted on risks that are already managed to an acceptable level

B. Risk appetite increase within the organization once the levels are understood

C. Risk budgets are more easily managed due to fewer due to fewer identified risks as a result of using a methodology

D. Risk management governance becomes easier since most risks remain low once mitigated

Browse 468 Q&As
Questions 16

Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

A. Validate gaps with the Information Technology team

B. Begin initial gap remediation analyses

C. Review the security organization's charter

D. Create a briefing of the findings for executive management

Browse 468 Q&As
Questions 17

What is a key policy that should be part of the information security plan?

A. Account management policy

B. Training policy

C. Acceptable Use policy

D. Remote Access policy

Browse 468 Q&As
Questions 18

Devising controls for information security is a balance between?

A. Governance and compliance

B. Auditing and security

C. Budget and risk tolerance

D. Threats and vulnerabilities

Browse 468 Q&As
Exam Code: 712-50
Exam Name: EC-Council Certified CISO (CCISO)
Last Update: Mar 24, 2024
Questions: 468 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99