512-50 Exam Dumps - EC-Council Information Security Manager (E|ISM)

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
Next
Last >>

Question # 33

An organizationâ€™s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

A high threat environment

A low risk tolerance environment

I low vulnerability environment

A high risk tolerance environment

Full Access

Question # 34

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

Confidentiality, Integrity and Availability

Assurance, Compliance and Availability

International Compliance

Integrity and Availability

Full Access

Question # 35

Which of the following is MOST important when dealing with an Information Security Steering committee:

Include a mix of members from different departments and staff levels.

Ensure that security policies and procedures have been vetted and approved.

Review all past audit and compliance reports.

Be briefed about new trends and products at each meeting by a vendor.

Full Access

Question # 36

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

Risk Tolerance

Qualitative risk analysis

Risk Appetite

Quantitative risk analysis

Full Access

Question # 37

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organizationâ€™s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

Scan a representative sample of systems

Perform the scans only during off-business hours

Decrease the vulnerabilities within the scan tool settings

Filter the scan output so only pertinent data is analyzed

Full Access

Question # 38

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?

Review time schedules

Verify budget

Verify resources

Verify constraints

Full Access

Question # 39

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

Validate the effectiveness of current controls

Create detailed remediation funding and staffing plans

Report the audit findings and remediation status to business stake holders

Review security procedures to determine if they need modified according to findings

Full Access

Question # 40

Which of the following provides an independent assessment of a vendorâ€™s internal security controls and overall posture?

Alignment with business goals

ISO27000 accreditation

PCI attestation of compliance

Financial statements

Full Access