Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil 712-50 Exam: A Detailed EC-Council Certified CISO (CCISO) Guide

Questions 101

You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.

Which of the following is NOT documented in the SSP?

Options:

A.

The controls in place to secure the system

B.

Name of the connected system

C.

The results of a third-party audits and recommendations

D.

Type of information used in the system

Buy Now
Questions 102

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

Options:

A.

Business Impact Analysis

B.

Economic Impact analysis

C.

Return on Investment

D.

Cost-benefit analysis

Buy Now
Questions 103

ABC Limited has recently suffered a security breach with customers’ social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.

Which metric would meet the requirement?

Options:

A.

Number of times third parties access critical information systems

B.

Number of systems with known vulnerabilities

C.

Number of users with elevated privileges

D.

Number of websites with weak or misconfigured certificates

Buy Now
Questions 104

The primary responsibility for assigning entitlements to a network share lies with which role?

Options:

A.

CISO

B.

Data owner

C.

Chief Information Officer (CIO)

D.

Security system administrator

Buy Now
Questions 105

Who is responsible for verifying that audit directives are implemented?

Options:

A.

IT Management

B.

Internal Audit

C.

IT Security

D.

BOD Audit Committee

Buy Now
Questions 106

When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:

Options:

A.

Patch management

B.

Network monitoring

C.

Ability to provide security services tailored to the business’ needs

D.

24/7 tollfree number

Buy Now
Questions 107

A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:

Options:

A.

Inability to export the private certificate/key

B.

It can double as physical identification at the DMV

C.

It has the user’s photograph to help ID them

D.

It can be used as a secure flash drive

Buy Now
Questions 108

Which of the following statements below regarding Key Performance indicators (KPIs) are true?

Options:

A.

Development of KPI’s are most useful when done independently

B.

They are a strictly quantitative measure of success

C.

They should be standard throughout the organization versus domain-specific so they are more easily correlated

D.

They are a strictly qualitative measure of success

Buy Now
Questions 109

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

Options:

A.

Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

B.

Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program

C.

Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

D.

Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Buy Now
Questions 110

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.

Which is the BEST type of risk that defines this event?

Options:

A.

Compliance Risk

B.

Reputation Risk

C.

Operational Risk

D.

Strategic Risk

Buy Now