Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

712-50 Exam Dumps - EC-Council Certified CISO (CCISO)

Go to page:
Question # 105

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

A.

Chief Information Security Officer

B.

Chief Executive Officer

C.

Chief Information Officer

D.

Chief Legal Counsel

Full Access
Question # 106

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

A.

International Organization for Standardizations – 22301 (ISO-22301)

B.

Information Technology Infrastructure Library (ITIL)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Full Access
Question # 107

An organization information security policy serves to

A.

establish budgetary input in order to meet compliance requirements

B.

establish acceptable systems and user behavior

C.

define security configurations for systems

D.

define relationships with external law enforcement agencies

Full Access
Question # 108

Which of the following activities must be completed BEFORE you can calculate risk?

A.

Determining the likelihood that vulnerable systems will be attacked by specific threats

B.

Calculating the risks to which assets are exposed in their current setting

C.

Assigning a value to each information asset

D.

Assessing the relative risk facing the organization’s information assets

Full Access
Question # 109

What is the definition of Risk in Information Security?

A.

Risk = Probability x Impact

B.

Risk = Threat x Probability

C.

Risk = Financial Impact x Probability

D.

Risk = Impact x Threat

Full Access
Question # 110

From an information security perspective, information that no longer supports the main purpose of the business should be:

A.

assessed by a business impact analysis.

B.

protected under the information classification policy.

C.

analyzed under the data ownership policy.

D.

analyzed under the retention policy

Full Access
Question # 111

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Full Access
Question # 112

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

A.

Number of callers who report security issues.

B.

Number of callers who report a lack of customer service from the call center

C.

Number of successful social engineering attempts on the call center

D.

Number of callers who abandon the call before speaking with a representative

Full Access
Go to page: