Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil 712-50 Exam: A Detailed EC-Council Certified CISO (CCISO) Guide

Questions 1

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

Options:

A.

Begin initial gap remediation analyses

B.

Review the security organization’s charter

C.

Validate gaps with the Information Technology team

D.

Create a briefing of the findings for executive management

Buy Now
Questions 2

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

How can you reduce the administrative burden of distributing symmetric keys for your employer?

Options:

A.

Use asymmetric encryption for the automated distribution of the symmetric key

B.

Use a self-generated key on both ends to eliminate the need for distribution

C.

Use certificate authority to distribute private keys

D.

Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it

Buy Now
Questions 3

The formal certification and accreditation process has four primary steps, what are they?

Options:

A.

Evaluating, describing, testing and authorizing

B.

Evaluating, purchasing, testing, authorizing

C.

Auditing, documenting, verifying, certifying

D.

Discovery, testing, authorizing, certifying

Buy Now
Questions 4

What are the primary reasons for the development of a business case for a security project?

Options:

A.

To estimate risk and negate liability to the company

B.

To understand the attack vectors and attack sources

C.

To communicate risk and forecast resource needs

D.

To forecast usage and cost per software licensing

Buy Now
Questions 5

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

Your defenses did not hold up to the test as originally thought. As you investigate how the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time. Which technology or solution could you deploy to prevent employees from removing corporate data from your network? Choose the BEST answer.

Options:

A.

Security Guards posted outside the Data Center

B.

Data Loss Prevention (DLP)

C.

Rigorous syslog reviews

D.

Intrusion Detection Systems (IDS)

Buy Now
Questions 6

Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

Options:

A.

ITIL

B.

Privacy Act

C.

Sarbanes Oxley

D.

PCI-DSS

Buy Now
Questions 7

Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?

Options:

A.

Virtual

B.

Dedicated

C.

Fusion

D.

Command

Buy Now
Questions 8

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).

The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

Options:

A.

ISO 22318 Supply Chain Continuity

B.

ISO 27031 BCM Readiness

C.

ISO 22301 BCM Requirements

D.

ISO 22317 BIA

Buy Now
Questions 9

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

Options:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Buy Now
Questions 10

Which of the following is the MOST effective method to counter phishing attacks?

Options:

A.

User awareness and training

B.

Host based Intrusion Detection System (IPS)

C.

Acceptable use guide signed by all system users

D.

Antispam solution

Buy Now