712-50 Exam Dumps - EC-Council Certified CISO (CCISO)
Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?
Quantitative Risk Assessments have the following advantages over qualitative risk assessments:
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?
Risk appetite directly affects what part of a vulnerability management program?
When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?
When dealing with a risk management process, asset classification is important because it will impact the overall:
What is the MAIN reason for conflicts between Information Technology and Information Security programs?
What is a difference from the list below between quantitative and qualitative Risk Assessment?
When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?
Which of the following is a critical operational component of an Incident Response Program (IRP)?
The PRIMARY objective for information security program development should be:
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?
A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?
Payment Card Industry (PCI) compliance requirements are based on what criteria?
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
Which of the following represents the BEST method of ensuring security program alignment to business needs?
As the CISO for your company you are accountable for the protection of information resources commensurate with:
What oversight should the information security team have in the change management process for application security?
Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?
Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?
Which of the following information may be found in table top exercises for incident response?
Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?
A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?
When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)
A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:
A recommended method to document the respective roles of groups and individuals for a given process is to:
When managing the critical path of an IT security project, which of the following is MOST important?
A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?
A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?
An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
Which of the following is critical in creating a security program aligned with an organization’s goals?
Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?
Creating a secondary authentication process for network access would be an example of?
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
At which point should the identity access management team be notified of the termination of an employee?
As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?
Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?
The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to
Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?
You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?
Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?
When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?
A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?
Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:
The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?
Which of the following activities is the MAIN purpose of the risk assessment process?
An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).
The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?
In defining a strategic security plan for an organization, what should a CISO first analyze?
Which of the following is the MOST effective method to counter phishing attacks?
A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO) receives impact data in financial terms to use as input to select the proper level of coverage in a new cybersecurity insurance policy.
What is the MOST effective method of risk analysis to provide the CFO with the information required?
Who should be involved in the development of an internal campaign to address email phishing?
An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.
What should the auditor’s NEXT step be?
Optical biometric recognition such as retina scanning provides access to facilities through reading the unique characteristics of a person’s eye.
However, authorization failures can occur with individuals who have?
A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?
The alerting, monitoring, and lifecycle management of security-related events are typically managed by the:
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.
Which of the following is NOT documented in the SSP?
When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?
ABC Limited has recently suffered a security breach with customers’ social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.
Which metric would meet the requirement?
Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?
A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to make better decisions on protecting information and assets.
What is the MAIN goal of threat hunting to the SecOps Manager?
When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:
Michael starts a new job and discovers that he has unnecessary access to a variety of systems. Which of the
following best describes the problem he has encountered?
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:
The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.
Which of the following needs to be performed NEXT?
Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?
Which type of scan is used on the eye to measure the layer of blood vessels?
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When formulating the remediation plan, what is a required input?
As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with
third parties outside the organization. What protocol provides the ability to extend the network perimeter with
the use of encapsulation and encryption?
Which of the following information would MOST likely be reported at the board-level within an organization?
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.â€
Which group of people should be consulted when developing your security program?
Which of the following is the MOST logical method of deploying security controls within an organization?
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:
As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?
If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business,
they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they
will be in the organization. How would you prevent such type of attacks?
Involvement of senior management is MOST important in the development of:
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?
Using the Transport Layer Security (TLS) protocol enables a client in a network to be:
SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team’s activities?
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
Which of the following statements about Encapsulating Security Payload (ESP) is true?
Security related breaches are assessed and contained through which of the following?
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?
What type of attack requires the least amount of technical equipment and has the highest success rate?
A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
Which of the following is a countermeasure to prevent unauthorized database access from web applications?
Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?
Physical security measures typically include which of the following components?
The process of identifying and classifying assets is typically included in the