Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

712-50 Exam Dumps - EC-Council Certified CISO (CCISO)

Go to page:
Question # 97

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

A.

Penetration testers

B.

External Audit

C.

Internal Audit

D.

Forensic experts

Full Access
Question # 98

The success of the Chief Information Security Officer is MOST dependent upon:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Full Access
Question # 99

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

A.

They are objective and can express risk / cost in real numbers

B.

They are subjective and can be completed more quickly

C.

They are objective and express risk / cost in approximates

D.

They are subjective and can express risk /cost in real numbers

Full Access
Question # 100

Which of the following is a critical operational component of an Incident Response Program (IRP)?

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Full Access
Question # 101

Which of the following is MOST important when dealing with an Information Security Steering committee:

A.

Include a mix of members from different departments and staff levels.

B.

Ensure that security policies and procedures have been vetted and approved.

C.

Review all past audit and compliance reports.

D.

Be briefed about new trends and products at each meeting by a vendor.

Full Access
Question # 102

Which of the following is a benefit of information security governance?

A.

Questioning the trust in vendor relationships.

B.

Increasing the risk of decisions based on incomplete management information.

C.

Direct involvement of senior management in developing control processes

D.

Reduction of the potential for civil and legal liability

Full Access
Question # 103

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

A.

How many credit card records are stored?

B.

How many servers do you have?

C.

What is the scope of the certification?

D.

What is the value of the assets at risk?

Full Access
Question # 104

With respect to the audit management process, management response serves what function?

A.

placing underperforming units on notice for failing to meet standards

B.

determining whether or not resources will be allocated to remediate a finding

C.

adding controls to ensure that proper oversight is achieved by management

D.

revealing the “root cause” of the process failure and mitigating for all internal and external units

Full Access
Go to page: