Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil 712-50 Exam: A Detailed EC-Council Certified CISO (CCISO) Guide

Questions 21

When choosing a risk mitigation method what is the MOST important factor?

Options:

A.

Approval from the board of directors

B.

Cost of the mitigation is less than the risk

C.

Metrics of mitigation method success

D.

Mitigation method complies with PCI regulations

Buy Now
Questions 22

The PRIMARY objective for information security program development should be:

Options:

A.

Reducing the impact of the risk to the business.

B.

Establishing strategic alignment with bunsiness continuity requirements

C.

Establishing incident response programs.

D.

Identifying and implementing the best security solutions.

Buy Now
Questions 23

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

Options:

A.

Poses a strong technical background

B.

Understand all regulations affecting the organization

C.

Understand the business goals of the organization

D.

Poses a strong auditing background

Buy Now
Questions 24

Which of the following is the MOST important benefit of an effective security governance process?

Options:

A.

Reduction of liability and overall risk to the organization

B.

Better vendor management

C.

Reduction of security breaches

D.

Senior management participation in the incident response process

Buy Now
Questions 25

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

Options:

A.

Determine the risk tolerance

B.

Perform an asset classification

C.

Create an architecture gap analysis

D.

Analyze existing controls on systems

Buy Now
Questions 26

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

Options:

A.

International Organization for Standardizations – 27004 (ISO-27004)

B.

Payment Card Industry Data Security Standards (PCI-DSS)

C.

Control Objectives for Information Technology (COBIT)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Buy Now
Questions 27

What is the definition of Risk in Information Security?

Options:

A.

Risk = Probability x Impact

B.

Risk = Threat x Probability

C.

Risk = Financial Impact x Probability

D.

Risk = Impact x Threat

Buy Now
Questions 28

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

Options:

A.

Data breach disclosure

B.

Consumer right disclosure

C.

Security incident disclosure

D.

Special circumstance disclosure

Buy Now
Questions 29

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

Options:

A.

National Institute for Standards and Technology 800-50 (NIST 800-50)

B.

International Organization for Standardizations – 27005 (ISO-27005)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27004 (ISO-27004)

Buy Now
Questions 30

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

Options:

A.

Enforce the existing security standards and do not allow the deployment of the new technology.

B.

Amend the standard to permit the deployment.

C.

If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

D.

Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

Buy Now