Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

712-50 Exam Dumps - EC-Council Certified CISO (CCISO)

Go to page:
Question # 81

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

A.

Define the risk appetite

B.

Determine budget constraints

C.

Review project charters

D.

Collaborate security projects

Full Access
Question # 82

Which of the following is considered a project versus a managed process?

A.

monitoring external and internal environment during incident response

B.

ongoing risk assessments of routine operations

C.

continuous vulnerability assessment and vulnerability repair

D.

installation of a new firewall system

Full Access
Question # 83

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Full Access
Question # 84

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

A.

tell him to shut down the server

B.

tell him to call the police

C.

tell him to invoke the incident response process

D.

tell him to analyze the problem, preserve the evidence and provide a full analysis and report

Full Access
Question # 85

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

A.

Contacting the Internet Service Provider for an IP scope

B.

Getting authority to operate the system from executive management

C.

Changing the default passwords

D.

Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Full Access
Question # 86

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Full Access
Question # 87

What is a difference from the list below between quantitative and qualitative Risk Assessment?

A.

Quantitative risk assessments result in an exact number (in monetary terms)

B.

Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

C.

Qualitative risk assessments map to business objectives

D.

Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Full Access
Question # 88

Which of the following is the MOST important benefit of an effective security governance process?

A.

Reduction of liability and overall risk to the organization

B.

Better vendor management

C.

Reduction of security breaches

D.

Senior management participation in the incident response process

Full Access
Go to page: