March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

ECCouncil 712-50 Dumps

Page: 1 / 17
Total 449 questions

EC-Council Certified CISO (CCISO) Questions and Answers

Question 1

Which of the following reports should you as an IT auditor use to check on compliance with a service level agreement’s requirement for uptime?

Options:

A.

Systems logs

B.

Hardware error reports

C.

Utilization reports

D.

Availability reports

Question 2

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

Options:

A.

Single loss expectancy multiplied by the annual rate of occurrence

B.

Total loss expectancy multiplied by the total loss frequency

C.

Value of the asset multiplied by the loss expectancy

D.

Replacement cost multiplied by the single loss expectancy

Question 3

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Options:

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Temporal Probability (TP)

Question 4

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

Options:

A.

Executive summary

B.

Penetration test agreement

C.

Names and phone numbers of those who conducted the audit

D.

Business charter

Question 5

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

Options:

A.

Perform an audit to measure the control formally

B.

Escalate the issue to the IT organization

C.

Perform a risk assessment to measure risk

D.

Establish Key Risk Indicators

Question 6

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

Options:

A.

The asset is more expensive than the remediation

B.

The audit finding is incorrect

C.

The asset being protected is less valuable than the remediation costs

D.

The remediation costs are irrelevant; it must be implemented regardless of cost.

Question 7

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

Options:

A.

Internal Audit

B.

Database Administration

C.

Information Security

D.

Compliance

Question 8

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Options:

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Question 9

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

Options:

A.

Procedural control

B.

Management control

C.

Technical control

D.

Administrative control

Question 10

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

Options:

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

Question 11

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

Options:

A.

Qualitative analysis

B.

Quantitative analysis

C.

Risk mitigation

D.

Estimate activity duration

Question 12

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

Options:

A.

Have internal audit conduct another audit to see what has changed.

B.

Contract with an external audit company to conduct an unbiased audit

C.

Review the recommendations and follow up to see if audit implemented the changes

D.

Meet with audit team to determine a timeline for corrections

Question 13

What is a key policy that should be part of the information security plan?

Options:

A.

Account management policy

B.

Training policy

C.

Acceptable Use policy

D.

Remote Access policy

Question 14

What organizational structure combines the functional and project structures to create a hybrid of the two?

Options:

A.

Traditional

B.

Composite

C.

Project

D.

Matrix

Question 15

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).

The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

Options:

A.

ISO 22318 Supply Chain Continuity

B.

ISO 27031 BCM Readiness

C.

ISO 22301 BCM Requirements

D.

ISO 22317 BIA

Question 16

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

Options:

A.

This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system

B.

Contracting rules typically require you to have conversations with two or more groups

C.

Discussing decisions with a very large group of people always provides a better outcome

D.

It helps to avoid regulatory or internal compliance issues

Question 17

To make sure that the actions of all employees, applications, and systems follow the organization’s rules and regulations can BEST be described as which of the following?

Options:

A.

Compliance management

B.

Asset management

C.

Risk management

D.

Security management

Question 18

What is the primary difference between regulations and standards?

Options:

A.

Standards will include regulations

B.

Standards that aren’t followed are punishable by fines

C.

Regulations are made enforceable by the power provided by laws

D.

Regulations must be reviewed and approved by the business

Question 19

Who should be involved in the development of an internal campaign to address email phishing?

Options:

A.

Business unit leaders, CIO, CEO

B.

Business Unite Leaders, CISO, CIO and CEO

C.

All employees

D.

CFO, CEO, CIO

Question 20

Which of the following is the MOST effective method to counter phishing attacks?

Options:

A.

User awareness and training

B.

Host based Intrusion Detection System (IPS)

C.

Acceptable use guide signed by all system users

D.

Antispam solution

Question 21

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

Options:

A.

RAM and unallocated space

B.

Unallocated space and RAM

C.

Slack space and browser cache

D.

Persistent and volatile data

Question 22

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

Options:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Question 23

A bastion host should be placed:

Options:

A.

Inside the DMZ

B.

In-line with the data center firewall

C.

Beyond the outer perimeter firewall

D.

As the gatekeeper to the organization’s honeynet

Question 24

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.

Which is the BEST type of risk that defines this event?

Options:

A.

Compliance Risk

B.

Reputation Risk

C.

Operational Risk

D.

Strategic Risk

Question 25

Which of the following is the MOST logical method of deploying security controls within an organization?

Options:

A.

Obtain funding for all desired controls and then create project plans for implementation

B.

Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult and

costly controls

C.

Apply the least costly controls to demonstrate positive program activity

D.

Obtain business unit buy-in through close communication and coordination

Question 26

Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18

members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit

team, the project manager is convinced to add a quality professional to lead to test team at additional cost to

the project.

The project manager is aware of the importance of communication for the success of the project and takes the

step of introducing additional communication channels, making it more complex, in order to assure quality

levels of the project. What will be the first project management document that Smith should change in order to

accommodate additional communication channels?

Options:

A.

WBS document

B.

Scope statement

C.

Change control document

D.

Risk management plan

Question 27

File Integrity Monitoring (FIM) is considered a

Options:

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

Question 28

Which of the following is true regarding expenditures?

Options:

A.

Capital expenditures are never taxable

B.

Operating expenditures are for acquiring assets, capital expenditures are for support costs of that asset

C.

Capital expenditures are used to define depreciation tables of intangible assets

D.

Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that

asset

Question 29

Involvement of senior management is MOST important in the development of:

Options:

A.

IT security implementation plans.

B.

Standards and guidelines.

C.

IT security policies.

D.

IT security procedures.

Question 30

The rate of change in technology increases the importance of:

Options:

A.

Outsourcing the IT functions.

B.

Understanding user requirements.

C.

Hiring personnel with leading edge skills.

D.

Implementing and enforcing good processes.

Question 31

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

Options:

A.

Get approval from the board of directors

B.

Screen potential vendor solutions

C.

Verify that the cost of mitigation is less than the risk

D.

Create a risk metrics for all unmitigated risks

Question 32

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

Options:

A.

Lack of compliance to the Payment Card Industry (PCI) standards

B.

Ineffective security awareness program

C.

Security practices not in alignment with ISO 27000 frameworks

D.

Lack of technical controls when dealing with credit card data

Question 33

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

Options:

A.

Inform peer executives of the audit results

B.

Validate gaps and accept or dispute the audit findings

C.

Create remediation plans to address program gaps

D.

Determine if security policies and procedures are adequate

Question 34

The formal certification and accreditation process has four primary steps, what are they?

Options:

A.

Evaluating, describing, testing and authorizing

B.

Evaluating, purchasing, testing, authorizing

C.

Auditing, documenting, verifying, certifying

D.

Discovery, testing, authorizing, certifying

Question 35

If a Virtual Machine’s (VM) data is being replicated and that data is corrupted, this corruption will automatically

be replicated to the other machine(s). What would be the BEST control to safeguard data integrity?

Options:

A.

Backup to tape

B.

Maintain separate VM backups

C.

Backup to a remote location

D.

Increase VM replication frequency

Question 36

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they’ve already completed the project work they were contracted to do. What can John do in this instance?

Options:

A.

Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.

B.

Review the Request for Proposal (RFP) for guidance.

C.

Withhold the vendor’s payments until the issue is resolved.

D.

Refer to the contract agreement for direction.

Question 37

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 38

Which wireless encryption technology makes use of temporal keys?

Options:

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Question 39

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 40

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 41

The process of identifying and classifying assets is typically included in the

Options:

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Question 42

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Question 43

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Question 44

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 45

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Question 46

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Question 47

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 48

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 49

Who is responsible for securing networks during a security incident?

Options:

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Question 50

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

Options:

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Question 51

Which of the following is a critical operational component of an Incident Response Program (IRP)?

Options:

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Question 52

The success of the Chief Information Security Officer is MOST dependent upon:

Options:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Question 53

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Options:

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Question 54

The PRIMARY objective for information security program development should be:

Options:

A.

Reducing the impact of the risk to the business.

B.

Establishing strategic alignment with bunsiness continuity requirements

C.

Establishing incident response programs.

D.

Identifying and implementing the best security solutions.

Question 55

What is the main purpose of the Incident Response Team?

Options:

A.

Ensure efficient recovery and reinstate repaired systems

B.

Create effective policies detailing program activities

C.

Communicate details of information security incidents

D.

Provide current employee awareness programs

Question 56

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Options:

A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

Question 57

The Information Security Governance program MUST:

Options:

A.

integrate with other organizational governance processes

B.

support user choice for Bring Your Own Device (BYOD)

C.

integrate with other organizational governance processes

D.

show a return on investment for the organization

Question 58

Why is it vitally important that senior management endorse a security policy?

Options:

A.

So that they will accept ownership for security within the organization.

B.

So that employees will follow the policy directives.

C.

So that external bodies will recognize the organizations commitment to security.

D.

So that they can be held legally accountable.

Question 59

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

Options:

A.

The organization uses exclusively a quantitative process to measure risk

B.

The organization uses exclusively a qualitative process to measure risk

C.

The organization’s risk tolerance is high

D.

The organization’s risk tolerance is lo

Question 60

What is the definition of Risk in Information Security?

Options:

A.

Risk = Probability x Impact

B.

Risk = Threat x Probability

C.

Risk = Financial Impact x Probability

D.

Risk = Impact x Threat

Question 61

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

Options:

A.

Quarterly

B.

Semi-annually

C.

Bi-annually

D.

Annually

Question 62

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

Options:

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Question 63

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

Options:

A.

Type of data contained in the process/system

B.

Type of connection/protocol used to transfer the data

C.

Type of encryption required for the data once it is at rest

D.

Type of computer the data is processed on

Question 64

Which business stakeholder is accountable for the integrity of a new information system?

Options:

A.

CISO

B.

Compliance Officer

C.

Project manager

D.

Board of directors

Question 65

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Options:

A.

Scope creep

B.

Deadline extension

C.

Scope modification

D.

Deliverable expansion

Question 66

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

Options:

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Question 67

Which of the following is considered a project versus a managed process?

Options:

A.

monitoring external and internal environment during incident response

B.

ongoing risk assessments of routine operations

C.

continuous vulnerability assessment and vulnerability repair

D.

installation of a new firewall system

Page: 1 / 17
Total 449 questions