Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. ECCouncil
  3. CCISO
  4. 712-50 - EC-Council Certified CISO (CCISO)

ECCouncil 712-50 EC-Council Certified CISO (CCISO) Exam Practice Test

Page: 1 / 46
Total 460 questions
Get 712-50 Full Access Download 712-50 PDF

EC-Council Certified CISO (CCISO) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 2

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 3

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

Options:

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Question 4

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Options:

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Question 5

An anonymity network is a series of?

Options:

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Question 6

Which wireless encryption technology makes use of temporal keys?

Options:

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Question 7

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Question 8

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Question 9

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Question 10

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Options:

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Question 11

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Question 12

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options:

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Question 13

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 14

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 15

The process of creating a system which divides documents based on their security level to manage access to private data is known as

Options:

A.

security coding

B.

data security system

C.

data classification

D.

privacy protection

Question 16

The process of identifying and classifying assets is typically included in the

Options:

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Question 17

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 18

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Options:

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Question 19

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 20

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 21

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

Options:

A.

4, 2, 5, 3, 1

B.

2, 5, 3, 1, 4

C.

4, 5, 2, 3, 1

D.

4, 3, 5, 2, 1

Question 22

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 23

What is the FIRST step in developing the vulnerability management program?

Options:

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Question 24

The amount of risk an organization is willing to accept in pursuit of its mission is known as

Options:

A.

Risk mitigation

B.

Risk transfer

C.

Risk tolerance

D.

Risk acceptance

Question 25

Creating a secondary authentication process for network access would be an example of?

Options:

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Question 26

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

Options:

A.

Number of change orders rejected

B.

Number and length of planned outages

C.

Number of unplanned outages

D.

Number of change orders processed

Question 27

Which represents PROPER separation of duties in the corporate environment?

Options:

A.

Information Security and Identity Access Management teams perform two distinct functions

B.

Developers and Network teams both have admin rights on servers

C.

Finance has access to Human Resources data

D.

Information Security and Network teams perform two distinct functions

Question 28

Which of the following is the MOST important goal of risk management?

Options:

A.

Identifying the risk

B.

Finding economic balance between the impact of the risk and the cost of the control

C.

Identifying the victim of any potential exploits.

D.

Assessing the impact of potential threats

Question 29

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

Options:

A.

Security Administrators

B.

Internal/External Audit

C.

Risk Management

D.

Security Operations

Question 30

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

Options:

A.

All vulnerabilities found on servers and desktops

B.

Only critical and high vulnerabilities on servers and desktops

C.

Only critical and high vulnerabilities that impact important production servers

D.

All vulnerabilities that impact important production servers

Question 31

Creating a secondary authentication process for network access would be an example of?

Options:

A.

An administrator with too much time on their hands.

B.

Putting undue time commitment on the system administrator.

C.

Supporting the concept of layered security

D.

Network segmentation.

Question 32

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

Options:

A.

Servers, routers, switches, modem

B.

Firewall, exchange, web server, intrusion detection system (IDS)

C.

Firewall, anti-virus console, IDS, syslog

D.

IDS, syslog, router, switches

Question 33

Which of the following are primary concerns for management with regard to assessing internal control objectives?

Options:

A.

Confidentiality, Availability, Integrity

B.

Compliance, Effectiveness, Efficiency

C.

Communication, Reliability, Cost

D.

Confidentiality, Compliance, Cost

Question 34

The risk found after a control has been fully implemented is called:

Options:

A.

Residual Risk

B.

Total Risk

C.

Post implementation risk

D.

Transferred risk

Question 35

The regular review of a firewall ruleset is considered a

Options:

A.

Procedural control

B.

Organization control

C.

Technical control

D.

Management control

Question 36

Which of the following illustrates an operational control process:

Options:

A.

Classifying an information system as part of a risk assessment

B.

Installing an appropriate fire suppression system in the data center

C.

Conducting an audit of the configuration management process

D.

Establishing procurement standards for cloud vendors

Question 37

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options:

A.

A substantive test of program library controls

B.

A compliance test of program library controls

C.

A compliance test of the program compiler controls

D.

A substantive test of the program compiler controls

Question 38

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

Options:

A.

assign the responsibility to the information security team.

B.

assign the responsibility to the team responsible for the management of the controls.

C.

create operational reports on the effectiveness of the controls.

D.

perform an independent audit of the security controls.

Question 39

When you develop your audit remediation plan what is the MOST important criteria?

Options:

A.

To remediate half of the findings before the next audit.

B.

To remediate all of the findings before the next audit.

C.

To validate that the cost of the remediation is less than the risk of the finding.

D.

To validate the remediation process with the auditor.

Question 40

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s

Options:

A.

Risk Management Program.

B.

Anti-Spam controls.

C.

Security Awareness Program.

D.

Identity and Access Management Program.

Question 41

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Options:

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Question 42

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

Options:

A.

ISO 27001

B.

ISO 27002

C.

ISO 27004

D.

ISO 27005

Question 43

The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?

Options:

A.

Risk metrics

B.

Management metrics

C.

Operational metrics

D.

Compliance metrics

Question 44

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

Options:

A.

Inform senior management of the risk involved.

B.

Agree to work with the security officer on these shifts as a form of preventative control.

C.

Develop a computer assisted audit technique to detect instances of abuses of the arrangement.

D.

Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Question 45

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

Options:

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Question 46

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

Options:

A.

Number of callers who report security issues.

B.

Number of callers who report a lack of customer service from the call center

C.

Number of successful social engineering attempts on the call center

D.

Number of callers who abandon the call before speaking with a representative

Question 47

The Board of Directors of a publicly-traded company is concerned about the security implications of a strategic project that will migrate 50% of the organization’s information technology assets to the cloud. They have requested a briefing on the project plan and a progress report of the security stream of the project. As the CISO, you have been tasked with preparing the report for the Chief Executive Officer to present.

Using the Earned Value Management (EVM), what does a Cost Variance (CV) of -1,200 mean?

Options:

A.

The project is over budget

B.

The project budget has reserves

C.

The project cost is in alignment with the budget

D.

The project is under budget

Question 48

A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

Options:

A.

Multiple certifications, strong technical capabilities and lengthy resume

B.

Industry certifications, technical knowledge and program management skills

C.

College degree, audit capabilities and complex project management

D.

Multiple references, strong background check and industry certifications

Question 49

You have been promoted to the CISO of a retail store. Which of the following compliance standards is the MOST important to the organization?

Options:

A.

Payment Card Industry (PCI) Data Security Standard (DSS)

B.

ISO 27002

C.

NIST Cybersecurity Framework

D.

The Federal Risk and Authorization Management Program (FedRAMP)

Question 50

Which of the following strategies provides the BEST response to a ransomware attack?

Options:

A.

Real-time off-site replication

B.

Daily incremental backup

C.

Daily full backup

D.

Daily differential backup

Question 51

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

Options:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Question 52

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans.

Which control is MOST important to protect AI products?

Options:

A.

Hash datasets

B.

Sanitize datasets

C.

Delete datasets

D.

Encrypt datasets

Question 53

What is the THIRD state of the Tuckman Stages of Group Development?

Options:

A.

Performing

B.

Norming

C.

Storming

D.

Forming

Question 54

When managing a project, the MOST important activity in managing the expectations of stakeholders is:

Options:

A.

To force stakeholders to commit ample resources to support the project

B.

To facilitate proper communication regarding outcomes

C.

To assure stakeholders commit to the project start and end dates in writing

D.

To finalize detailed scope of the project at project initiation

Question 55

What is the MOST critical output of the incident response process?

Options:

A.

A complete document of all involved team members and the support they provided

B.

Recovery of all data from affected systems

C.

Lessons learned from the incident, so they can be incorporated into the incident response processes

D.

Clearly defined documents detailing standard evidence collection and preservation processes

Question 56

A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:

Options:

A.

Inability to export the private certificate/key

B.

It can double as physical identification at the DMV

C.

It has the user’s photograph to help ID them

D.

It can be used as a secure flash drive

Question 57

Which of the following are the triple constraints of project management?

Options:

A.

Time, quality, and scope

B.

Cost, quality, and time

C.

Scope, time, and cost

D.

Quality, scope, and cost

Question 58

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

Options:

A.

Public cloud

B.

Private cloud

C.

Community cloud

D.

Hybrid cloud

Question 59

What key technology can mitigate ransomware threats?

Options:

A.

Use immutable data storage

B.

Phishing exercises

C.

Application of multiple end point anti-malware solutions

D.

Blocking use of wireless networks

Question 60

A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).

In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?

Options:

A.

Recovery Point Objective (RPO)

B.

Mean Time to Delivery (MTD)

C.

Recovery Time Objective (RTO)

D.

Maximum Tolerable Downtime (MTD)

Question 61

ABC Limited has recently suffered a security breach with customers’ social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.

Which metric would meet the requirement?

Options:

A.

Number of times third parties access critical information systems

B.

Number of systems with known vulnerabilities

C.

Number of users with elevated privileges

D.

Number of websites with weak or misconfigured certificates

Question 62

The main purpose of the SOC is:

Options:

A.

An organization which provides Tier 1 support for technology issues and provides escalation when needed

B.

A distributed organization which provides intelligence to governments and private sectors on cyber-criminal activities

C.

The coordination of personnel, processes and technology to identify information security events and provide timely response and remediation

D.

A device which consolidates event logs and provides real-time analysis of security alerts generated by applications and network hardware

Question 63

The alerting, monitoring, and lifecycle management of security-related events are typically managed by the:

Options:

A.

Security controls group

B.

Governance, risk, and compliance tools

C.

Security Threat and vulnerability management process

D.

Risk assessment process

Question 64

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to organizational implementation and management requirements. Which of the following principles does this BEST demonstrate?

Options:

A.

Proper budget management

B.

Leveraging existing implementations

C.

Alignment with the business

D.

Effective use of existing technologies

Question 65

Who is responsible for verifying that audit directives are implemented?

Options:

A.

IT Management

B.

Internal Audit

C.

IT Security

D.

BOD Audit Committee

Question 66

When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?

Options:

A.

Oversees the organization’s day-to-day operations, creating the policies and strategies that govern operations

B.

Enlisting support from key executives the information security program budget and policies

C.

Charged with developing and implementing policies designed to protect employees and customers’ data from unauthorized access

D.

Responsible for the success or failure of the IT organization and setting strategic direction

Question 67

Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?

Options:

A.

Purge

B.

Clear

C.

Mangle

D.

Destroy

Question 68

You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.

Which of the following is NOT documented in the SSP?

Options:

A.

The controls in place to secure the system

B.

Name of the connected system

C.

The results of a third-party audits and recommendations

D.

Type of information used in the system

Question 69

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.

What Security Operations Center (SOC) model does this BEST describe?

Options:

A.

Virtual SOC

B.

In-house SOC

C.

Security Network Operations Center (SNOC)

D.

Hybrid SOC

Question 70

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.

Which of the following needs to be performed NEXT?

Options:

A.

Verify the scope of the project

B.

Verify the regulatory requirements

C.

Verify technical resources

D.

Verify capacity constraints

Question 71

A newly-hired CISO needs to understand the organization’s financial management standards for business units

and operations. Which of the following would be the best source of this information?

Options:

A.

The internal accounting department

B.

The Chief Financial Officer (CFO)

C.

The external financial audit service

D.

The managers of the accounts payables and accounts receivables teams

Question 72

When project costs continually increase throughout implementation due to large or rapid changes in customer

or user requirements, this is commonly known as:

Options:

A.

Cost/benefit adjustments

B.

Scope creep

C.

Prototype issues

D.

Expectations management

Question 73

Which of the following is an accurate description of a balance sheet?

Options:

A.

The percentage of earnings that are retained by the organization for reinvestment in the business

B.

The details of expenses and revenue over a long period of time

C.

A summarized statement of all assets and liabilities at a specific point in time

D.

A review of regulations and requirements impacting the business from a financial perspective

Question 74

An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network

(WAN). Which of the following would BEST ensure network continuity?

Options:

A.

Third-party emergency repair contract

B.

Pre-built servers and routers

C.

Permanent alternative routing

D.

Full off-site backup of every server

Question 75

Which of the following terms is used to describe countermeasures implemented to minimize risks to physical

property, information, and computing systems?

Options:

A.

Security frameworks

B.

Security policies

C.

Security awareness

D.

Security controls

Question 76

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

Options:

A.

Security Governance

B.

Compliance management

C.

Vendor management

D.

Disaster recovery

Question 77

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

Your defenses did not hold up to the test as originally thought. As you investigate how the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time. Which technology or solution could you deploy to prevent employees from removing corporate data from your network? Choose the BEST answer.

Options:

A.

Security Guards posted outside the Data Center

B.

Data Loss Prevention (DLP)

C.

Rigorous syslog reviews

D.

Intrusion Detection Systems (IDS)

Question 78

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

How can you reduce the administrative burden of distributing symmetric keys for your employer?

Options:

A.

Use asymmetric encryption for the automated distribution of the symmetric key

B.

Use a self-generated key on both ends to eliminate the need for distribution

C.

Use certificate authority to distribute private keys

D.

Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it

Question 79

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When formulating the remediation plan, what is a required input?

Options:

A.

Board of directors

B.

Risk assessment

C.

Patching history

D.

Latest virus definitions file

Question 80

Human resource planning for security professionals in your organization is a:

Options:

A.

Simple and easy task because the threats are getting easier to find and correct.

B.

Training requirement that is met through once every year user training.

C.

Training requirement that is on-going and always changing.

D.

Not needed because automation and anti-virus software has eliminated the threats.

Question 81

As the CISO, you have been tasked with the execution of the company’s key management program. You

MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key

control will ensure no single individual can constitute or re-constitute a key?

Options:

A.

Dual Control

B.

Separation of Duties

C.

Split Knowledge

D.

Least Privilege

Question 82

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his

assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for

an employee to pass through the main access gate, then the consultant follows the employee behind to get into

the restricted area. Which type of attack did the consultant perform?

Options:

A.

Shoulder surfing

B.

Tailgating

C.

Social engineering

D.

Mantrap

Question 83

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

Options:

A.

Validate the effectiveness of applied controls

B.

Validate security program resource requirements

C.

Report the audit findings and remediation status to business stake holders

D.

Review security procedures to determine if they need modified according to findings

Question 84

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

Options:

A.

Inform peer executives of the audit results

B.

Validate gaps and accept or dispute the audit findings

C.

Create remediation plans to address program gaps

D.

Determine if security policies and procedures are adequate

Question 85

The total cost of security controls should:

Options:

A.

Be equal to the value of the information resource being protected

B.

Be greater than the value of the information resource being protected

C.

Be less than the value of the information resource being protected

D.

Should not matter, as long as the information resource is protected

Question 86

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

Options:

A.

Destroy the repository of stolen data

B.

Contact your local law enforcement agency

C.

Consult with other C-Level executives to develop an action plan

D.

Contract with a credit reporting company for paid monitoring services for affected customers

Question 87

Which of the following is an accurate statement regarding capital expenses?

Options:

A.

They are easily reduced through the elimination of usage, such as reducing power for lighting of work areas

during off-hours

B.

Capital expenses can never be replaced by operational expenses

C.

Capital expenses are typically long-term investments with value being realized through their use

D.

The organization is typically able to regain the initial cost by selling this type of asset

Question 88

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Options:

A.

The Net Present Value (NPV) of the project is positive

B.

The NPV of the project is negative

C.

The Return on Investment (ROI) is larger than 10 months

D.

The ROI is lower than 10 months

Question 89

A digital signature addresses which of the following concerns?

Options:

A.

Message alteration

B.

Message copying

C.

Message theft

D.

Unauthorized reading

Question 90

When updating the security strategic planning document what two items must be included?

Options:

A.

Alignment with the business goals and the vision of the CIO

B.

The risk tolerance of the company and the company mission statement

C.

The executive summary and vision of the board of directors

D.

The alignment with the business goals and the risk tolerance

Question 91

Which of the following best describes a portfolio?

Options:

A.

The portfolio is used to manage and track individual projects

B.

The portfolio is used to manage incidents and events

C.

A portfolio typically consists of several programs

D.

A portfolio delivers one specific service or program to the business

Question 92

Which technology can provide a computing environment without requiring a dedicated hardware backend?

Options:

A.

Mainframe server

B.

Virtual Desktop

C.

Thin client

D.

Virtual Local Area Network

Question 93

Which of the following is a benefit of information security governance?

Options:

A.

Questioning the trust in vendor relationships.

B.

Increasing the risk of decisions based on incomplete management information.

C.

Direct involvement of senior management in developing control processes

D.

Reduction of the potential for civil and legal liability

Question 94

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

Options:

A.

Risk Tolerance

B.

Qualitative risk analysis

C.

Risk Appetite

D.

Quantitative risk analysis

Question 95

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

Options:

A.

Determine the risk tolerance

B.

Perform an asset classification

C.

Create an architecture gap analysis

D.

Analyze existing controls on systems

Question 96

An organization information security policy serves to

Options:

A.

establish budgetary input in order to meet compliance requirements

B.

establish acceptable systems and user behavior

C.

define security configurations for systems

D.

define relationships with external law enforcement agencies

Question 97

The PRIMARY objective for information security program development should be:

Options:

A.

Reducing the impact of the risk to the business.

B.

Establishing strategic alignment with bunsiness continuity requirements

C.

Establishing incident response programs.

D.

Identifying and implementing the best security solutions.

Question 98

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

Options:

A.

Information Technology Infrastructure Library (ITIL)

B.

International Organization for Standardization (ISO) standards

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

National Institute for Standards and Technology (NIST) standard

Question 99

The alerting, monitoring and life-cycle management of security related events is typically handled by the

Options:

A.

security threat and vulnerability management process

B.

risk assessment process

C.

risk management process

D.

governance, risk, and compliance tools

Question 100

Which of the following is considered the MOST effective tool against social engineering?

Options:

A.

Anti-phishing tools

B.

Anti-malware tools

C.

Effective Security Vulnerability Management Program

D.

Effective Security awareness program

Question 101

A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the following qualifications and experience would be MOST desirable to find in a candidate?

Options:

A.

Multiple certifications, strong technical capabilities and lengthy resume

B.

Industry certifications, technical knowledge and program management skills

C.

College degree, audit capabilities and complex project management

D.

Multiple references, strong background check and industry certifications

Question 102

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

Options:

A.

Awareness

B.

Compliance

C.

Governance

D.

Management

Question 103

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

Options:

A.

Audit validation

B.

Physical control testing

C.

Compliance management

D.

Security awareness training

Question 104

Who is responsible for securing networks during a security incident?

Options:

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Question 105

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

Options:

A.

Compliance to the Payment Card Industry (PCI) regulations.

B.

Alignment with financial reporting regulations for each country where they operate.

C.

Alignment with International Organization for Standardization (ISO) standards.

D.

Compliance with patient data protection regulations for each country where they operate.

Question 106

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

Options:

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

Question 107

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

Options:

A.

How many credit card records are stored?

B.

How many servers do you have?

C.

What is the scope of the certification?

D.

What is the value of the assets at risk?

Question 108

From an information security perspective, information that no longer supports the main purpose of the business should be:

Options:

A.

assessed by a business impact analysis.

B.

protected under the information classification policy.

C.

analyzed under the data ownership policy.

D.

analyzed under the retention policy

Question 109

When managing the security architecture for your company you must consider:

Options:

A.

Security and IT Staff size

B.

Company Values

C.

Budget

D.

All of the above

Question 110

Who in the organization determines access to information?

Options:

A.

Legal department

B.

Compliance officer

C.

Data Owner

D.

Information security officer

Question 111

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

Options:

A.

Technology governance defines technology policies and standards while security governance does not.

B.

Security governance defines technology best practices and Information Technology governance does not.

C.

Technology Governance is focused on process risks whereas Security Governance is focused on business risk.

D.

The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Question 112

Why is it vitally important that senior management endorse a security policy?

Options:

A.

So that they will accept ownership for security within the organization.

B.

So that employees will follow the policy directives.

C.

So that external bodies will recognize the organizations commitment to security.

D.

So that they can be held legally accountable.

Question 113

Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:

Options:

A.

Risk management

B.

Security management

C.

Mitigation management

D.

Compliance management

Question 114

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

Options:

A.

Susceptibility to attack, mitigation response time, and cost

B.

Attack vectors, controls cost, and investigation staffing needs

C.

Vulnerability exploitation, attack recovery, and mean time to repair

D.

Susceptibility to attack, expected duration of attack, and mitigation availability

Question 115

Credit card information, medical data, and government records are all examples of:

Options:

A.

Confidential/Protected Information

B.

Bodily Information

C.

Territorial Information

D.

Communications Information

Question 116

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

Options:

A.

Lack of asset management processes

B.

Lack of change management processes

C.

Lack of hardening standards

D.

Lack of proper access controls

Question 117

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

Options:

A.

The software license expiration is probably out of synchronization with other software licenses

B.

The project was initiated without an effort to get support from impacted business units in the organization

C.

The software is out of date and does not provide for a scalable solution across the enterprise

D.

The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Question 118

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

Options:

A.

low risk-tolerance

B.

high risk-tolerance

C.

moderate risk-tolerance

D.

medium-high risk-tolerance

Question 119

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

Options:

A.

Cost benefit

B.

Risk appetite

C.

Business continuity

D.

Likelihood of impact

Question 120

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

Options:

A.

Terms and Conditions

B.

Service Level Agreements (SLA)

C.

Statement of Work

D.

Key Performance Indicators (KPI)

Question 121

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

Options:

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Question 122

Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

Options:

A.

Grant her access, the employee has been adequately warned through the AUP.

B.

Assist her with the request, but only after her supervisor signs off on the action.

C.

Reset the employee’s password and give it to the supervisor.

D.

Deny the request citing national privacy laws.

Question 123

Which of the following information may be found in table top exercises for incident response?

Options:

A.

Security budget augmentation

B.

Process improvements

C.

Real-time to remediate

D.

Security control selection

Question 124

Risk appetite is typically determined by which of the following organizational functions?

Options:

A.

Security

B.

Business units

C.

Board of Directors

D.

Audit and compliance

Question 125

Which of the following best summarizes the primary goal of a security program?

Options:

A.

Provide security reporting to all levels of an organization

B.

Create effective security awareness to employees

C.

Manage risk within the organization

D.

Assure regulatory compliance

Question 126

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

Options:

A.

tell him to shut down the server

B.

tell him to call the police

C.

tell him to invoke the incident response process

D.

tell him to analyze the problem, preserve the evidence and provide a full analysis and report

Question 127

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Options:

A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

Question 128

To get an Information Security project back on schedule, which of the following will provide the MOST help?

Options:

A.

Upper management support

B.

More frequent project milestone meetings

C.

Stakeholder support

D.

Extend work hours

Question 129

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Question 130

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

Options:

A.

Vendors uses their own laptop and logins with same admin credentials your security team uses

B.

Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses

C.

Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials

D.

Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

Question 131

A recommended method to document the respective roles of groups and individuals for a given process is to:

Options:

A.

Develop a detailed internal organization chart

B.

Develop a telephone call tree for emergency response

C.

Develop an isolinear response matrix with cost benefit analysis projections

D.

Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

Question 132

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

Options:

A.

Tell the team to do their best and respond to each alert

B.

Tune the sensors to help reduce false positives so the team can react better

C.

Request additional resources to handle the workload

D.

Tell the team to only respond to the critical and high alerts

Question 133

Which of the following is critical in creating a security program aligned with an organization’s goals?

Options:

A.

Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements

B.

Develop a culture in which users, managers and IT professionals all make good decisions about information risk

C.

Provide clear communication of security program support requirements and audit schedules

D.

Create security awareness programs that include clear definition of security program goals and charters

Question 134

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

Options:

A.

Poor audit support for the security program

B.

A lack of executive presence within the security program

C.

Poor alignment of the security program to business needs

D.

This is normal since business units typically resist security requirements

Question 135

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

Options:

A.

Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact

B.

Explain to the IT group that the IPS won’t cause any network impact because it will fail open

C.

Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

D.

Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

Question 136

Which of the following is the MOST important component of any change management process?

Options:

A.

Scheduling

B.

Back-out procedures

C.

Outage planning

D.

Management approval

Question 137

The ultimate goal of an IT security projects is:

Options:

A.

Increase stock value

B.

Complete security

C.

Support business requirements

D.

Implement information security policies

Question 138

Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?

Options:

A.

Security administrators

B.

Security mangers

C.

Security technicians

D.

Security analysts

Load More 712-50 Questions
Page: 1 / 46
Total 460 questions
Get 712-50 Full Access Download 712-50 PDF