Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil 712-50 Exam: A Detailed EC-Council Certified CISO (CCISO) Guide

Questions 121

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

Options:

A.

4, 2, 5, 3, 1

B.

2, 5, 3, 1, 4

C.

4, 5, 2, 3, 1

D.

4, 3, 5, 2, 1

Buy Now
Questions 122

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

Options:

A.

Lack of compliance to the Payment Card Industry (PCI) standards

B.

Ineffective security awareness program

C.

Security practices not in alignment with ISO 27000 frameworks

D.

Lack of technical controls when dealing with credit card data

Buy Now
Questions 123

The primary purpose of a risk register is to:

Options:

A.

Maintain a log of discovered risks

B.

Track individual risk assessments

C.

Develop plans for mitigating identified risks

D.

Coordinate the timing of scheduled risk assessments

Buy Now
Questions 124

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Your Corporate Information Security Policy should include which of the following?

Options:

A.

Information security theory

B.

Roles and responsibilities

C.

Incident response contacts

D.

Desktop configuration standards

Buy Now
Questions 125

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his

assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for

an employee to pass through the main access gate, then the consultant follows the employee behind to get into

the restricted area. Which type of attack did the consultant perform?

Options:

A.

Shoulder surfing

B.

Tailgating

C.

Social engineering

D.

Mantrap

Buy Now
Questions 126

File Integrity Monitoring (FIM) is considered a

Options:

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

Buy Now
Questions 127

Involvement of senior management is MOST important in the development of:

Options:

A.

IT security implementation plans.

B.

Standards and guidelines.

C.

IT security policies.

D.

IT security procedures.

Buy Now
Questions 128

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and

uses the special card in order to access the restricted area of the target company. Just as the employee opens

the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so

that he can enter. What is the best way to undermine the social engineering activity of tailgating?

Options:

A.

Post a sign that states, “no tailgating” next to the special card reader adjacent to the secure door

B.

Issue special cards to access secure doors at the company and provide a one-time only brief description of

use of the special card

C.

Educate and enforce physical security policies of the company to all the employees on a regular basis

D.

Setup a mock video camera next to the special card reader adjacent to the secure door

Buy Now
Questions 129

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

Options:

A.

Security Governance

B.

Compliance management

C.

Vendor management

D.

Disaster recovery

Buy Now
Questions 130

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

Options:

A.

Poorly configured firewalls

B.

Malware

C.

Advanced Persistent Threat (APT)

D.

An insider

Buy Now
Exam Code: 712-50
Exam Name: EC-Council Certified CISO (CCISO)
Last Update: Dec 13, 2024
Questions: 460

PDF + Testing Engine

$164.99
$66

Testing Engine

$124.99
$50

PDF (Q&A)

$104.99
$42

ECCouncil Free Exams

ECCouncil Free Exams
Discover free ECCouncil exam prep resources at Examstrack. Access practice tests and study materials to enhance your ECCouncil exam success.