Top Rebirth 712-50 free practice questions Reviews!

Act now and download your EC-Council 712-50 test today! Do not waste time for the worthless EC-Council 712-50 tutorials. Download Renew EC-Council EC-Council Certified CISO (CCISO) exam with real questions and answers and begin to learn EC-Council 712-50 with a classic professional.

Q46.  - (Topic 1)

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

A. International Organization for Standardizations – 22301 (ISO-22301)

B. Information Technology Infrastructure Library (ITIL)

C. Payment Card Industry Data Security Standards (PCI-DSS)

D. International Organization for Standardizations – 27005 (ISO-27005)

Answer: A

Q47.  - (Topic 1)

The PRIMARY objective for information security program development should be:

A. Reducing the impact of the risk to the business.

B. Establishing strategic alignment with bunsiness continuity requirements

C. Establishing incident response programs.

D. Identifying and implementing the best security solutions.

Answer: A

Q48.  - (Topic 2)

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

A. Number of callers who report security issues.

B. Number of callers who report a lack of customer service from the call center

C. Number of successful social engineering attempts on the call center

D. Number of callers who abandon the call before speaking with a representative

Answer: C

Q49.  - (Topic 5)

When dealing with risk, the information security practitioner may choose to:

A. assign

B. transfer

C. acknowledge

D. defer

Answer: C

Q50.  - (Topic 2)

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

A. ISO 27001

B. PRINCE2

A. C. ISO 27004

D. ITILv3

Answer: C

Q51.  - (Topic 5)

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

A. Validate the effectiveness of applied controls

B. Validate security program resource requirements

C. Report the audit findings and remediation status to business stake holders

D. Review security procedures to determine if they need modified according to findings

Answer: A

Q52.  - (Topic 3)

Which of the following information may be found in table top exercises for incident response?

A. Security budget augmentation

B. Process improvements

C. Real-time to remediate

D. Security control selection

Answer: B

Q53.  - (Topic 1)

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

A. Susceptibility to attack, mitigation response time, and cost

A. B. Attack vectors, controls cost, and investigation staffing needs

C. Vulnerability exploitation, attack recovery, and mean time to repair

D. Susceptibility to attack, expected duration of attack, and mitigation availability

Answer: A

Q54.  - (Topic 1)

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems

addressing low, moderate, and high levels of concern for

A. Confidentiality, Integrity and Availability

B. Assurance, Compliance and Availability

C. International Compliance

D. Integrity and Availability

Answer: A

Q55.  - (Topic 4)

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks 2.Scanning and enumeration 3.Maintaining Access 4.Reconnaissance

5.Gaining Access

A. 4, 2, 5, 3, 1

B. 2, 5, 3, 1, 4

C. 4, 5, 2, 3, 1

D. 4, 3, 5, 2, 1

Answer: A

Q56.  - (Topic 5)

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability. This demonstrates which of the following?

A. An approach that allows for minimum budget impact if the solution is unsuitable

B. A methodology-based approach to ensure authentication mechanism functions

C. An approach providing minimum time impact to the implementation schedules

D. A risk-based approach to determine if the solution is suitable for investment

Answer: D

Q57.  - (Topic 5)

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?

A. Scope of the project

B. Training of the personnel on the project

C. Timeline of the project milestones

D. Vendor for the project

Answer: A

Q58.  - (Topic 1)

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

A. National Institute for Standards and Technology 800-50 (NIST 800-50)

B. International Organization for Standardizations – 27005 (ISO-27005)

C. Payment Card Industry Data Security Standards (PCI-DSS)

D. International Organization for Standardizations – 27004 (ISO-27004)

Answer: B

Q59.  - (Topic 3)

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

A. Deploy a SEIM solution and have current staff review incidents first thing in the morning

B. Contract with a managed security provider and have current staff on recall for incident response

C. Configure your syslog to send SMS messages to current staff when target events are triggered

D. Employ an assumption of breach protocol and defend only essential information resources

Answer: B

Q60.  - (Topic 2)

Which of the following activities is the MAIN purpose of the risk assessment process?

A. Creating an inventory of information assets

B. Classifying and organizing information assets into meaningful groups

C. Assigning value to each information asset

D. Calculating the risks to which assets are exposed in their current setting

Answer: D