Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil 712-50 Exam: A Detailed EC-Council Certified CISO (CCISO) Guide

Questions 121

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

Options:

A.

Detective Controls

B.

Proactive Controls

C.

Preemptive Controls

D.

Organizational Controls

Buy Now
Questions 122

Creating a secondary authentication process for network access would be an example of?

Options:

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Buy Now
Questions 123

Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

Options:

A.

Application logs

B.

File integrity monitoring

C.

SNMP traps

D.

Syslog

Buy Now
Questions 124

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

Options:

A.

The asset is more expensive than the remediation

B.

The audit finding is incorrect

C.

The asset being protected is less valuable than the remediation costs

D.

The remediation costs are irrelevant; it must be implemented regardless of cost.

Buy Now
Questions 125

Which of the following are primary concerns for management with regard to assessing internal control objectives?

Options:

A.

Confidentiality, Availability, Integrity

B.

Compliance, Effectiveness, Efficiency

C.

Communication, Reliability, Cost

D.

Confidentiality, Compliance, Cost

Buy Now
Questions 126

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Options:

A.

Validate that security awareness program content includes information about the potential vulnerability

B.

Conduct a thorough risk assessment against the current implementation to determine system functions

C.

Determine program ownership to implement compensating controls

D.

Send a report to executive peers and business unit owners detailing your suspicions

Buy Now
Questions 127

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Options:

A.

Organization control

B.

Procedural control

C.

Management control

D.

Technical control

Buy Now
Questions 128

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

Options:

A.

The IT team is not familiar in IT audit practices

B.

This represents a bad implementation of the Least Privilege principle

C.

This represents a conflict of interest

D.

The IT team is not certified to perform audits

Buy Now
Questions 129

Control Objectives for Information and Related Technology (COBIT) is which of the following?

Options:

A.

An Information Security audit standard

B.

An audit guideline for certifying secure systems and controls

C.

A framework for Information Technology management and governance

D.

A set of international regulations for Information Technology governance

Buy Now
Questions 130

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

Options:

A.

Number of callers who report security issues.

B.

Number of callers who report a lack of customer service from the call center

C.

Number of successful social engineering attempts on the call center

D.

Number of callers who abandon the call before speaking with a representative

Buy Now