Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free ECCouncil 712-50 Practice Exam with Questions & Answers

Questions 1

The effectiveness of an audit is measured by?

Options:
A.

The number of actionable items in the recommendations

B.

How it exposes the risk tolerance of the company

C.

How the recommendations directly support the goals of the company

D.

The number of security controls the company has in use

ECCouncil 712-50 Premium Access
Questions 2

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

Options:
A.

To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

B.

To provide a common basis for developing organizational security standards

C.

To provide effective security management practice and to provide confidence in inter-organizational dealings

D.

To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Questions 3

Who in the organization determines access to information?

Options:
A.

Legal department

B.

Compliance officer

C.

Data Owner

D.

Information security officer

Questions 4

With respect to the audit management process, management response serves what function?

Options:
A.

placing underperforming units on notice for failing to meet standards

B.

determining whether or not resources will be allocated to remediate a finding

C.

adding controls to ensure that proper oversight is achieved by management

D.

revealing the “root cause” of the process failure and mitigating for all internal and external units

Questions 5

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

Options:
A.

Control Objective for Information Technology (COBIT)

B.

Committee of Sponsoring Organizations (COSO)

C.

Payment Card Industry (PCI)

D.

Information Technology Infrastructure Library (ITIL)

Questions 6

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

Options:
A.

User awareness training for all employees

B.

Installation of new firewalls and intrusion detection systems

C.

Launch an internal awareness campaign

D.

Integrate security requirements into project inception

Questions 7

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

Options:
A.

Deploy a SEIM solution and have current staff review incidents first thing in the morning

B.

Contract with a managed security provider and have current staff on recall for incident response

C.

Configure your syslog to send SMS messages to current staff when target events are triggered

D.

Employ an assumption of breach protocol and defend only essential information resources

Questions 8

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Options:
A.

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

B.

Intrusion Detection System (IDS), firewall, switch, syslog

C.

Security Incident Event Management (SIEM), IDS, router, syslog

D.

SIEM, IDS, firewall, VMS

Questions 9

An example of professional unethical behavior is:

Options:
A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Questions 10

When managing the critical path of an IT security project, which of the following is MOST important?

Options:
A.

Knowing who all the stakeholders are.

B.

Knowing the people on the data center team.

C.

Knowing the threats to the organization.

D.

Knowing the milestones and timelines of deliverables.