512-50 Exam Dumps - EC-Council Information Security Manager (E|ISM)
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his
assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for
an employee to pass through the main access gate, then the consultant follows the employee behind to get into
the restricted area. Which type of attack did the consultant perform?
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?
The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?
When you develop your audit remediation plan what is the MOST important criteria?