It is impossible to pass EC-Council 712-50 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed EC-Council 712-50 practice questions. You will get a surprising result by our Leading EC-Council Certified CISO (CCISO) practice guides.
Q151. - (Topic 1)
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the
A. Controlled mitigation effort
B. Risk impact comparison
C. Relative likelihood of event
D. Comparative threat analysis
Answer: C
Q152. - (Topic 4)
Which of the following backup sites takes the longest recovery time?
A. Cold site
B. Hot site
C. Warm site
D. Mobile backup site
Answer: A
Q153. - (Topic 4)
Your penetration testing team installs an in-line hardware key logger onto one of your
network machines. Which of the following is of major concern to the security organization?
A. In-line hardware keyloggers don’t require physical access
B. In-line hardware keyloggers don’t comply to industry regulations
C. In-line hardware keyloggers are undetectable by software
D. In-line hardware keyloggers are relatively inexpensive
Answer: C
Q154. - (Topic 5)
A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered
A. Zero-day attack mitigation
B. Preventive detection control
C. Corrective security control
D. Dynamic blocking control
Answer: C
Q155. - (Topic 2)
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?
A. Plan-Check-Do-Act
B. Plan-Do-Check-Act
C. Plan-Select-Implement-Evaluate
A. D. SCORE (Security Consensus Operational Readiness Evaluation)
Answer: B
Q156. - (Topic 1)
What two methods are used to assess risk impact?
A. Cost and annual rate of expectance
B. Subjective and Objective
C. Qualitative and percent of loss realized
D. Quantitative and qualitative
Answer: D
Q157. - (Topic 1)
Risk appetite directly affects what part of a vulnerability management program?
A. Staff
B. Scope
C. Schedule
D. Scan tools
Answer: B
Q158. - (Topic 3)
Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?
A. Terms and Conditions
B. Service Level Agreements (SLA)
C. Statement of Work
D. Key Performance Indicators (KPI)
Answer: B
Q159. - (Topic 1)
A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?
A. Information Technology Infrastructure Library (ITIL)
B. International Organization for Standardization (ISO) standards
C. Payment Card Industry Data Security Standards (PCI-DSS)
D. National Institute for Standards and Technology (NIST) standard
Answer: C
Q160. - (Topic 5)
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?
A. The CISO does not report directly to the CEO of the organization
B. The CISO reports to the IT organization
C. The CISO has not implemented a policy management framework
D. The CISO has not implemented a security awareness program
Answer: B
Q161. - (Topic 2)
An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.
A. Install software patch, Operate system, Maintain system
B. Discover software, Remove affected software, Apply software patch
C. Install software patch, configuration adjustment, Software Removal
D. Software removal, install software patch, maintain system
Answer: C
Q162. - (Topic 1)
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of
A. Risk Tolerance
B. Qualitative risk analysis
C. Risk Appetite
D. Quantitative risk analysis
Answer: D
Q163. - (Topic 3)
Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?
A. Security administrators
B. Security mangers
C. Security technicians
D. Security analysts
Answer:: B
Q164. - (Topic 1)
Which of the following is MOST likely to be discretionary?
A. Policies
B. Procedures
C. Guidelines
D. Standards
Answer: C
Q165. - (Topic 5)
File Integrity Monitoring (FIM) is considered a
A. Network based security preventative control
B. Software segmentation control
A. C. Security detective control
D. User segmentation control
Answer: C