Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

712-50 Exam Dumps - EC-Council Certified CISO (CCISO)

Go to page:
Question # 89

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

A.

Perform an audit to measure the control formally

B.

Escalate the issue to the IT organization

C.

Perform a risk assessment to measure risk

D.

Establish Key Risk Indicators

Full Access
Question # 90

What two methods are used to assess risk impact?

A.

Cost and annual rate of expectance

B.

Subjective and Objective

C.

Qualitative and percent of loss realized

D.

Quantitative and qualitative

Full Access
Question # 91

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

A.

Identify and evaluate the existing controls.

B.

Disclose the threats and impacts to management.

C.

Identify information assets and the underlying systems.

D.

Identify and assess the risk assessment process used by management.

Full Access
Question # 92

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Full Access
Question # 93

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

A.

Determine the risk tolerance

B.

Perform an asset classification

C.

Create an architecture gap analysis

D.

Analyze existing controls on systems

Full Access
Question # 94

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements

Full Access
Question # 95

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

A.

The organization uses exclusively a quantitative process to measure risk

B.

The organization uses exclusively a qualitative process to measure risk

C.

The organization’s risk tolerance is high

D.

The organization’s risk tolerance is lo

Full Access
Question # 96

Who is responsible for securing networks during a security incident?

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Full Access
Go to page: