CertsTopics Logo

Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 60certs

ECCouncil 512-50 Dumps

Page: 1 / 15
Total 404 questions
Get 512-50 Full Access Download 512-50 PDF

EC-Council Information Security Manager (E|ISM) Questions and Answers

Question 1

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 2

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 3

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 4

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 5

Which wireless encryption technology makes use of temporal keys?

Options:

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Question 6

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

Options:

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Question 7

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Question 8

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 9

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Options:

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Question 10

The process of identifying and classifying assets is typically included in the

Options:

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Question 11

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 12

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 13

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

Options:

A.

Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data

B.

Create separate controls for the business units based on the types of business and functions they perform

C.

Ensure business units are involved in the creation of controls and defining conditions under which they must be applied

D.

Provide the business units with control mandates and schedules of audits for compliance validation

Question 14

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

Options:

A.

Risk Assessment

B.

Incident Response

C.

Risk Management

D.

Network Security administration

Question 15

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

Options:

A.

Download open source security tools and deploy them on your production network

B.

Download trial versions of commercially available security tools and deploy on your production network

C.

Download open source security tools from a trusted site, test, and then deploy on production network

D.

Download security tools from a trusted source and deploy to production network

Question 16

When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

Options:

A.

The CISO should cut other essential programs to ensure the new solution’s continued use

B.

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

C.

Defer selection until the market improves and cash flow is positive

D.

Implement the solution and ask for the increased operating cost budget when it is time

Question 17

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

Options:

A.

The company lacks a risk management process

B.

The company does not believe the security vulnerabilities to be real

C.

The company has a high risk tolerance

D.

The company lacks the tools to perform a vulnerability assessment

Question 18

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

Options:

A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

Question 19

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

Options:

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Question 20

Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

Options:

A.

Grant her access, the employee has been adequately warned through the AUP.

B.

Assist her with the request, but only after her supervisor signs off on the action.

C.

Reset the employee’s password and give it to the supervisor.

D.

Deny the request citing national privacy laws.

Question 21

Which of the following best summarizes the primary goal of a security program?

Options:

A.

Provide security reporting to all levels of an organization

B.

Create effective security awareness to employees

C.

Manage risk within the organization

D.

Assure regulatory compliance

Question 22

When is an application security development project complete?

Options:

A.

When the application is retired.

B.

When the application turned over to production.

C.

When the application reaches the maintenance phase.

D.

After one year.

Question 23

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

Options:

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Question 24

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

Options:

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Question 25

The formal certification and accreditation process has four primary steps, what are they?

Options:

A.

Evaluating, describing, testing and authorizing

B.

Evaluating, purchasing, testing, authorizing

C.

Auditing, documenting, verifying, certifying

D.

Discovery, testing, authorizing, certifying

Question 26

The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

Options:

A.

Safeguard Value

B.

Cost Benefit Analysis

C.

Single Loss Expectancy

D.

Life Cycle Loss Expectancy

Question 27

The rate of change in technology increases the importance of:

Options:

A.

Outsourcing the IT functions.

B.

Understanding user requirements.

C.

Hiring personnel with leading edge skills.

D.

Implementing and enforcing good processes.

Question 28

Which of the following terms is used to describe countermeasures implemented to minimize risks to physical

property, information, and computing systems?

Options:

A.

Security frameworks

B.

Security policies

C.

Security awareness

D.

Security controls

Question 29

File Integrity Monitoring (FIM) is considered a

Options:

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

Question 30

As the Chief Information Security Officer, you are performing an assessment of security posture to understand

what your Defense-in-Depth capabilities are. Which network security technology examines network traffic flows

to detect and actively stop vulnerability exploits and attacks?

Options:

A.

Gigamon

B.

Intrusion Prevention System

C.

Port Security

D.

Anti-virus

Question 31

Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

Options:

A.

Alignment with business goals

B.

ISO27000 accreditation

C.

PCI attestation of compliance

D.

Financial statements

Question 32

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Options:

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

Question 33

Which of the following is the MOST logical method of deploying security controls within an organization?

Options:

A.

Obtain funding for all desired controls and then create project plans for implementation

B.

Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult and

costly controls

C.

Apply the least costly controls to demonstrate positive program activity

D.

Obtain business unit buy-in through close communication and coordination

Question 34

Which of the following best describes the sensors designed to project and detect a light beam across an area?

Options:

A.

Smoke

B.

Thermal

C.

Air-aspirating

D.

Photo electric

Question 35

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

Options:

A.

Network based security preventative controls

B.

Software segmentation controls

C.

Network based security detective controls

D.

User segmentation controls

Question 36

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and

uses the special card in order to access the restricted area of the target company. Just as the employee opens

the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so

that he can enter. What is the best way to undermine the social engineering activity of tailgating?

Options:

A.

Post a sign that states, “no tailgating” next to the special card reader adjacent to the secure door

B.

Issue special cards to access secure doors at the company and provide a one-time only brief description of

use of the special card

C.

Educate and enforce physical security policies of the company to all the employees on a regular basis

D.

Setup a mock video camera next to the special card reader adjacent to the secure door

Question 37

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Options:

A.

Identify and evaluate the existing controls.

B.

Disclose the threats and impacts to management.

C.

Identify information assets and the underlying systems.

D.

Identify and assess the risk assessment process used by management.

Question 38

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

Options:

A.

Inform senior management of the risk involved.

B.

Agree to work with the security officer on these shifts as a form of preventative control.

C.

Develop a computer assisted audit technique to detect instances of abuses of the arrangement.

D.

Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Question 39

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

Options:

A.

Qualitative analysis

B.

Quantitative analysis

C.

Risk mitigation

D.

Estimate activity duration

Question 40

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Options:

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Temporal Probability (TP)

Question 41

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Options:

A.

Organization control

B.

Procedural control

C.

Management control

D.

Technical control

Question 42

At which point should the identity access management team be notified of the termination of an employee?

Options:

A.

At the end of the day once the employee is off site

B.

During the monthly review cycle

C.

Immediately so the employee account(s) can be disabled

D.

Before an audit

Question 43

The risk found after a control has been fully implemented is called:

Options:

A.

Residual Risk

B.

Total Risk

C.

Post implementation risk

D.

Transferred risk

Question 44

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

Options:

A.

The IT team is not familiar in IT audit practices

B.

This represents a bad implementation of the Least Privilege principle

C.

This represents a conflict of interest

D.

The IT team is not certified to perform audits

Question 45

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

Options:

A.

Perform a vulnerability scan of the network

B.

External penetration testing by a qualified third party

C.

Internal Firewall ruleset reviews

D.

Implement network intrusion prevention systems

Question 46

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

Options:

A.

The auditors have not followed proper auditing processes

B.

The CIO of the organization disagrees with the finding

C.

The risk tolerance of the organization permits this risk

D.

The organization has purchased cyber insurance

Question 47

Which of the following is a benefit of a risk-based approach to audit planning?

Options:

A.

Resources are allocated to the areas of the highest concern

B.

Scheduling may be performed months in advance

C.

Budgets are more likely to be met by the IT audit staff

D.

Staff will be exposed to a variety of technologies

Question 48

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

Options:

A.

Meet regulatory compliance requirements

B.

Better understand the threats and vulnerabilities affecting the environment

C.

Better understand strengths and weaknesses of the program

D.

Meet legal requirements

Question 49

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.

Which is the BEST type of risk that defines this event?

Options:

A.

Compliance Risk

B.

Reputation Risk

C.

Operational Risk

D.

Strategic Risk

Question 50

Which of the following is considered the MOST effective tool against social engineering?

Options:

A.

Anti-phishing tools

B.

Anti-malware tools

C.

Effective Security Vulnerability Management Program

D.

Effective Security awareness program

Question 51

When choosing a risk mitigation method what is the MOST important factor?

Options:

A.

Approval from the board of directors

B.

Cost of the mitigation is less than the risk

C.

Metrics of mitigation method success

D.

Mitigation method complies with PCI regulations

Question 52

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

Options:

A.

Audit validation

B.

Physical control testing

C.

Compliance management

D.

Security awareness training

Question 53

Information security policies should be reviewed:

Options:

A.

by stakeholders at least annually

B.

by the CISO when new systems are brought online

C.

by the Incident Response team after an audit

D.

by internal audit semiannually

Question 54

The success of the Chief Information Security Officer is MOST dependent upon:

Options:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Question 55

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

Options:

A.

Data breach disclosure

B.

Consumer right disclosure

C.

Security incident disclosure

D.

Special circumstance disclosure

Question 56

What is a difference from the list below between quantitative and qualitative Risk Assessment?

Options:

A.

Quantitative risk assessments result in an exact number (in monetary terms)

B.

Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

C.

Qualitative risk assessments map to business objectives

D.

Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Question 57

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

Options:

A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

Question 58

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Options:

A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

Question 59

When managing the security architecture for your company you must consider:

Options:

A.

Security and IT Staff size

B.

Company Values

C.

Budget

D.

All of the above

Question 60

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Options:

A.

Subscribe to vendor mailing list to get notification of system vulnerabilities

B.

Deploy Intrusion Detection System (IDS) and install anti-virus on systems

C.

Configure firewall, perimeter router and Intrusion Prevention System (IPS)

D.

Conduct security testing, vulnerability scanning, and penetration testing

Page: 1 / 15
Total 404 questions
Get 512-50 Full Access Download 512-50 PDF