Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil 712-50 Exam: A Detailed EC-Council Certified CISO (CCISO) Guide

Questions 91

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

Options:

A.

International encryption restrictions

B.

Compliance to Payment Card Industry (PCI) data security standards

C.

Compliance with local government privacy laws

D.

Adherence to local data breach notification laws

Buy Now
Questions 92

When dealing with risk, the information security practitioner may choose to:

Options:

A.

assign

B.

transfer

C.

acknowledge

D.

defer

Buy Now
Questions 93

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

Symmetric encryption in general is preferable to asymmetric encryption when:

Options:

A.

The number of unique communication links is large

B.

The volume of data being transmitted is small

C.

The speed of the encryption / deciphering process is essential

D.

The distance to the end node is farthest away

Buy Now
Questions 94

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?

Options:

A.

Lack of identification of technology stake holders

B.

Lack of business continuity process

C.

Lack of influence with leaders outside IT

D.

Lack of a security awareness program

Buy Now
Questions 95

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business,

they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they

will be in the organization. How would you prevent such type of attacks?

Options:

A.

Conduct thorough background checks before you engage them

B.

Hire the people through third-party job agencies who will vet them for you

C.

Investigate their social networking profiles

D.

It is impossible to block these attacks

Buy Now
Questions 96

Which of the following defines the boundaries and scope of a risk assessment?

Options:

A.

The risk assessment schedule

B.

The risk assessment framework

C.

The risk assessment charter

D.

The assessment context

Buy Now
Questions 97

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

Options:

A.

Get approval from the board of directors

B.

Screen potential vendor solutions

C.

Verify that the cost of mitigation is less than the risk

D.

Create a risk metrics for all unmitigated risks

Buy Now
Questions 98

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

Options:

A.

Inform peer executives of the audit results

B.

Validate gaps and accept or dispute the audit findings

C.

Create remediation plans to address program gaps

D.

Determine if security policies and procedures are adequate

Buy Now
Questions 99

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

Options:

A.

Network based security preventative controls

B.

Software segmentation controls

C.

Network based security detective controls

D.

User segmentation controls

Buy Now
Questions 100

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

Options:

A.

Security regulations

B.

Asset classification

C.

Information security policy

D.

Data classification

Buy Now