Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. ECCouncil
  3. EISM
  4. 512-50 - EC-Council Information Security Manager (EISM)

ECCouncil 512-50 EC-Council Information Security Manager (EISM) Exam Practice Test

Page: 1 / 40
Total 404 questions
Get 512-50 Full Access Download 512-50 PDF

EC-Council Information Security Manager (EISM) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

The risk found after a control has been fully implemented is called:

Options:

A.

Residual Risk

B.

Total Risk

C.

Post implementation risk

D.

Transferred risk

Question 2

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

Options:

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

Question 3

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

Options:

A.

Have internal audit conduct another audit to see what has changed.

B.

Contract with an external audit company to conduct an unbiased audit

C.

Review the recommendations and follow up to see if audit implemented the changes

D.

Meet with audit team to determine a timeline for corrections

Question 4

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s

Options:

A.

Risk Management Program.

B.

Anti-Spam controls.

C.

Security Awareness Program.

D.

Identity and Access Management Program.

Question 5

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

Options:

A.

Servers, routers, switches, modem

B.

Firewall, exchange, web server, intrusion detection system (IDS)

C.

Firewall, anti-virus console, IDS, syslog

D.

IDS, syslog, router, switches

Question 6

Which of the following illustrates an operational control process:

Options:

A.

Classifying an information system as part of a risk assessment

B.

Installing an appropriate fire suppression system in the data center

C.

Conducting an audit of the configuration management process

D.

Establishing procurement standards for cloud vendors

Question 7

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

Options:

A.

ISO 27001

B.

PRINCE2

C.

ISO 27004

D.

ITILv3

Question 8

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

Options:

A.

Incident response plan

B.

Business Continuity plan

C.

Disaster recovery plan

D.

Damage control plan

Question 9

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options:

A.

A substantive test of program library controls

B.

A compliance test of program library controls

C.

A compliance test of the program compiler controls

D.

A substantive test of the program compiler controls

Question 10

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

Options:

A.

The IT team is not familiar in IT audit practices

B.

This represents a bad implementation of the Least Privilege principle

C.

This represents a conflict of interest

D.

The IT team is not certified to perform audits

Question 11

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

Options:

A.

Perform an audit to measure the control formally

B.

Escalate the issue to the IT organization

C.

Perform a risk assessment to measure risk

D.

Establish Key Risk Indicators

Question 12

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Options:

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Question 13

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

Options:

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Question 14

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 15

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Question 16

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 17

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Options:

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Question 18

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 19

The process of creating a system which divides documents based on their security level to manage access to private data is known as

Options:

A.

security coding

B.

data security system

C.

data classification

D.

privacy protection

Question 20

What is the FIRST step in developing the vulnerability management program?

Options:

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Question 21

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Question 22

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

Options:

A.

4, 2, 5, 3, 1

B.

2, 5, 3, 1, 4

C.

4, 5, 2, 3, 1

D.

4, 3, 5, 2, 1

Question 23

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 24

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 25

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Options:

A.

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

B.

Intrusion Detection System (IDS), firewall, switch, syslog

C.

Security Incident Event Management (SIEM), IDS, router, syslog

D.

SIEM, IDS, firewall, VMS

Question 26

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

Options:

A.

low risk-tolerance

B.

high risk-tolerance

C.

moderate risk-tolerance

D.

medium-high risk-tolerance

Question 27

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

Options:

A.

Time zone differences

B.

Compliance to local hiring laws

C.

Encryption import/export regulations

D.

Local customer privacy laws

Question 28

Which of the following is considered one of the most frequent failures in project management?

Options:

A.

Overly restrictive management

B.

Excessive personnel on project

C.

Failure to meet project deadlines

D.

Insufficient resources

Question 29

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

Options:

A.

Lack of asset management processes

B.

Lack of change management processes

C.

Lack of hardening standards

D.

Lack of proper access controls

Question 30

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

Options:

A.

Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data

B.

Create separate controls for the business units based on the types of business and functions they perform

C.

Ensure business units are involved in the creation of controls and defining conditions under which they must be applied

D.

Provide the business units with control mandates and schedules of audits for compliance validation

Question 31

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

Options:

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Question 32

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

Options:

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Question 33

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Question 34

What oversight should the information security team have in the change management process for application security?

Options:

A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Question 35

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

Options:

A.

Risk Assessment

B.

Incident Response

C.

Risk Management

D.

Network Security administration

Question 36

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

Options:

A.

Vendors uses their own laptop and logins with same admin credentials your security team uses

B.

Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses

C.

Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials

D.

Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

Question 37

The exposure factor of a threat to your organization is defined by?

Options:

A.

Asset value times exposure factor

B.

Annual rate of occurrence

C.

Annual loss expectancy minus current cost of controls

D.

Percentage of loss experienced due to a realized threat event

Question 38

Information security policies should be reviewed:

Options:

A.

by stakeholders at least annually

B.

by the CISO when new systems are brought online

C.

by the Incident Response team after an audit

D.

by internal audit semiannually

Question 39

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

Options:

A.

Risk Tolerance

B.

Qualitative risk analysis

C.

Risk Appetite

D.

Quantitative risk analysis

Question 40

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

Options:

A.

Chief Information Security Officer

B.

Chief Executive Officer

C.

Chief Information Officer

D.

Chief Legal Counsel

Question 41

If your organization operates under a model of "assumption of breach", you should:

Options:

A.

Protect all information resource assets equally

B.

Establish active firewall monitoring protocols

C.

Purchase insurance for your compliance liability

D.

Focus your security efforts on high value assets

Question 42

The single most important consideration to make when developing your security program, policies, and processes is:

Options:

A.

Budgeting for unforeseen data compromises

B.

Streamlining for efficiency

C.

Alignment with the business

D.

Establishing your authority as the Security Executive

Question 43

One of the MAIN goals of a Business Continuity Plan is to

Options:

A.

Ensure all infrastructure and applications are available in the event of a disaster

B.

Allow all technical first-responders to understand their roles in the event of a disaster

C.

Provide step by step plans to recover business processes in the event of a disaster

D.

Assign responsibilities to the technical teams responsible for the recovery of all data.

Question 44

Regulatory requirements typically force organizations to implement

Options:

A.

Mandatory controls

B.

Discretionary controls

C.

Optional controls

D.

Financial controls

Question 45

The PRIMARY objective for information security program development should be:

Options:

A.

Reducing the impact of the risk to the business.

B.

Establishing strategic alignment with business continuity requirements

C.

Establishing incident response programs.

D.

Identifying and implementing the best security solutions.

Question 46

Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

Options:

A.

Security officer

B.

Data owner

C.

Vulnerability engineer

D.

System administrator

Question 47

Which of the following has the GREATEST impact on the implementation of an information security governance model?

Options:

A.

Organizational budget

B.

Distance between physical locations

C.

Number of employees

D.

Complexity of organizational structure

Question 48

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Options:

A.

Subscribe to vendor mailing list to get notification of system vulnerabilities

B.

Deploy Intrusion Detection System (IDS) and install anti-virus on systems

C.

Configure firewall, perimeter router and Intrusion Prevention System (IPS)

D.

Conduct security testing, vulnerability scanning, and penetration testing

Question 49

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

What is the MOST logical course of action the CISO should take?

Options:

A.

Review the original solution set to determine if another system would fit the organization’s risk appetite and budget

regulatory compliance requirements

B.

Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be provided when needed

C.

Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor

D.

Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements

Question 50

As the CISO, you have been tasked with the execution of the company’s key management program. You

MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key

control will ensure no single individual can constitute or re-constitute a key?

Options:

A.

Dual Control

B.

Separation of Duties

C.

Split Knowledge

D.

Least Privilege

Question 51

Which of the following is the MOST important reason for performing assessments of the security portfolio?

Options:

A.

To assure that the portfolio is aligned to the needs of the broader organization

B.

To create executive support of the portfolio

C.

To discover new technologies and processes for implementation within the portfolio

D.

To provide independent 3rd party reviews of security effectiveness

Question 52

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

Options:

A.

Inform peer executives of the audit results

B.

Validate gaps and accept or dispute the audit findings

C.

Create remediation plans to address program gaps

D.

Determine if security policies and procedures are adequate

Question 53

A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

Options:

A.

Moderate investment

B.

Passive monitoring

C.

Integrated security controls

D.

Dynamic deception

Question 54

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

Options:

A.

Get approval from the board of directors

B.

Screen potential vendor solutions

C.

Verify that the cost of mitigation is less than the risk

D.

Create a risk metrics for all unmitigated risks

Question 55

Which of the following is MOST useful when developing a business case for security initiatives?

Options:

A.

Budget forecasts

B.

Request for proposals

C.

Cost/benefit analysis

D.

Vendor management

Question 56

Which type of scan is used on the eye to measure the layer of blood vessels?

Options:

A.

Facial recognition scan

B.

Iris scan

C.

Signature kinetics scan

D.

Retinal scan

Question 57

Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

Options:

A.

ITIL

B.

Privacy Act

C.

Sarbanes Oxley

D.

PCI-DSS

Question 58

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

Options:

A.

Begin initial gap remediation analyses

B.

Review the security organization’s charter

C.

Validate gaps with the Information Technology team

D.

Create a briefing of the findings for executive management

Question 59

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his

assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for

an employee to pass through the main access gate, then the consultant follows the employee behind to get into

the restricted area. Which type of attack did the consultant perform?

Options:

A.

Shoulder surfing

B.

Tailgating

C.

Social engineering

D.

Mantrap

Question 60

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

Options:

A.

Destroy the repository of stolen data

B.

Contact your local law enforcement agency

C.

Consult with other C-Level executives to develop an action plan

D.

Contract with a credit reporting company for paid monitoring services for affected customers

Load More 512-50 Questions
Page: 1 / 40
Total 404 questions
Get 512-50 Full Access Download 512-50 PDF