File Info
| Exam | EC-Council Certified CISO |
| Number | 712-50 |
| File Name | ECCouncil.712-50.CertShared.2024-01-31.151q.vcex |
| Size | 94 KB |
| Posted | Jan 31, 2024 |
| Downloads: | 2 |
| Download | ECCouncil.712-50.CertShared.2024-01-31.151q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?
- Providing a risk program governance structure
- Ensuring developers include risk control comments in code
- Creating risk assessment templates based on specific threats
- Allowing for the acceptance of risk for regulatory compliance requirements
Correct answer: A
Question 2
Regulatory requirements typically force organizations to implement
- Mandatory controls
- Discretionary controls
- Optional controls
- Financial controls
Correct answer: A
Question 3
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?
- Risk Avoidance
- Risk Acceptance
- Risk Transfer
- Risk Mitigation
Correct answer: C
Question 4
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
- Susceptibility to attack, mitigation response time, and cost
- Attack vectors, controls cost, and investigation staffing needs
- Vulnerability exploitation, attack recovery, and mean time to repair
- Susceptibility to attack, expected duration of attack, and mitigation availability
Correct answer: A
Question 5
Risk is defined as:
- Threat times vulnerability divided by control
- Advisory plus capability plus vulnerability
- Asset loss times likelihood of event
- Quantitative plus qualitative impact
Correct answer: A
Question 6
Which of the following intellectual Property components is focused on maintaining brand recognition?
- Trademark
- Patent
- Research Logs
- Copyright
Correct answer: A
Question 7
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?
- Enforce the existing security standards and do not allow the deployment of the new technology.
- Amend the standard to permit the deployment.
- If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
- Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
Correct answer: C
Question 8
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
- Data breach disclosure
- Consumer right disclosure
- Security incident disclosure
- Special circumstance disclosure
Correct answer: A
Question 9
What is the definition of Risk in Information Security?
- Risk = Probability x Impact
- Risk = Threat x Probability
- Risk = Financial Impact x Probability
- Risk = Impact x Threat
Correct answer: A
Question 10
When dealing with a risk management process, asset classification is important because it will impact the overall:
- Threat identification
- Risk monitoring
- Risk treatment
- Risk tolerance
Correct answer: C
