New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

712-50 EC-Council Certified CISO (CCISO) Questions and Answers

Questions 4

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Buy Now
Questions 5

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Buy Now
Questions 6

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Buy Now
Questions 7

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Buy Now
Questions 8

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options:

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Buy Now
Questions 9

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Buy Now
Questions 10

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Buy Now
Questions 11

Which wireless encryption technology makes use of temporal keys?

Options:

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Buy Now
Questions 12

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Buy Now
Questions 13

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Options:

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Buy Now
Questions 14

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Buy Now
Questions 15

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Options:

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Buy Now
Questions 16

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Options:

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Buy Now
Questions 17

An anonymity network is a series of?

Options:

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Buy Now
Questions 18

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Buy Now
Questions 19

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

Options:

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Buy Now
Questions 20

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Buy Now
Questions 21

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Buy Now
Questions 22

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Buy Now
Questions 23

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

Options:

A.

non-repudiation

B.

conflict resolution

C.

strong authentication

D.

digital rights management

Buy Now
Questions 24

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

Options:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

Buy Now
Questions 25

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

Options:

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Buy Now
Questions 26

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

Options:

A.

Cost benefit

B.

Risk appetite

C.

Business continuity

D.

Likelihood of impact

Buy Now
Questions 27

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

Options:

A.

Lack of asset management processes

B.

Lack of change management processes

C.

Lack of hardening standards

D.

Lack of proper access controls

Buy Now
Questions 28

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

Options:

A.

Quarterly

B.

Semi-annually

C.

Bi-annually

D.

Annually

Buy Now
Questions 29

Which of the following are not stakeholders of IT security projects?

Options:

A.

Board of directors

B.

Third party vendors

C.

CISO

D.

Help Desk

Buy Now
Questions 30

When is an application security development project complete?

Options:

A.

When the application is retired.

B.

When the application turned over to production.

C.

When the application reaches the maintenance phase.

D.

After one year.

Buy Now
Questions 31

Which of the following is a major benefit of applying risk levels?

Options:

A.

Risk management governance becomes easier since most risks remain low once mitigated

B.

Resources are not wasted on risks that are already managed to an acceptable level

C.

Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

D.

Risk appetite can increase within the organization once the levels are understood

Buy Now
Questions 32

Risk appetite is typically determined by which of the following organizational functions?

Options:

A.

Security

B.

Business units

C.

Board of Directors

D.

Audit and compliance

Buy Now
Questions 33

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Buy Now
Questions 34

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Options:

A.

Scope creep

B.

Deadline extension

C.

Scope modification

D.

Deliverable expansion

Buy Now
Questions 35

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Options:

A.

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

B.

Intrusion Detection System (IDS), firewall, switch, syslog

C.

Security Incident Event Management (SIEM), IDS, router, syslog

D.

SIEM, IDS, firewall, VMS

Buy Now
Questions 36

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

Options:

A.

The software license expiration is probably out of synchronization with other software licenses

B.

The project was initiated without an effort to get support from impacted business units in the organization

C.

The software is out of date and does not provide for a scalable solution across the enterprise

D.

The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Buy Now
Questions 37

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

Options:

A.

Risk Assessment

B.

Incident Response

C.

Risk Management

D.

Network Security administration

Buy Now
Questions 38

Which of the following is critical in creating a security program aligned with an organization’s goals?

Options:

A.

Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements

B.

Develop a culture in which users, managers and IT professionals all make good decisions about information risk

C.

Provide clear communication of security program support requirements and audit schedules

D.

Create security awareness programs that include clear definition of security program goals and charters

Buy Now
Questions 39

Which of the following best summarizes the primary goal of a security program?

Options:

A.

Provide security reporting to all levels of an organization

B.

Create effective security awareness to employees

C.

Manage risk within the organization

D.

Assure regulatory compliance

Buy Now
Questions 40

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

Options:

A.

low risk-tolerance

B.

high risk-tolerance

C.

moderate risk-tolerance

D.

medium-high risk-tolerance

Buy Now
Questions 41

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Options:

A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

Buy Now
Questions 42

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

Options:

A.

tell him to shut down the server

B.

tell him to call the police

C.

tell him to invoke the incident response process

D.

tell him to analyze the problem, preserve the evidence and provide a full analysis and report

Buy Now
Questions 43

IT control objectives are useful to IT auditors as they provide the basis for understanding the:

Options:

A.

Desired results or purpose of implementing specific control procedures.

B.

The audit control checklist.

C.

Techniques for securing information.

D.

Security policy

Buy Now
Questions 44

What oversight should the information security team have in the change management process for application security?

Options:

A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Buy Now
Questions 45

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?

Options:

A.

Provide developer security training

B.

Deploy Intrusion Detection Systems

C.

Provide security testing tools

D.

Implement Compensating Controls

Buy Now
Questions 46

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

Options:

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Buy Now
Questions 47

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

Options:

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Buy Now
Questions 48

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

Options:

A.

The auditors have not followed proper auditing processes

B.

The CIO of the organization disagrees with the finding

C.

The risk tolerance of the organization permits this risk

D.

The organization has purchased cyber insurance

Buy Now
Questions 49

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

Options:

A.

Management Control

B.

Technical Control

C.

Training Control

D.

Operational Control

Buy Now
Questions 50

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

Options:

A.

Plan-Check-Do-Act

B.

Plan-Do-Check-Act

C.

Plan-Select-Implement-Evaluate

D.

SCORE (Security Consensus Operational Readiness Evaluation)

Buy Now
Questions 51

The success of the Chief Information Security Officer is MOST dependent upon:

Options:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Buy Now
Questions 52

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

Options:

A.

Controlled mitigation effort

B.

Risk impact comparison

C.

Relative likelihood of event

D.

Comparative threat analysis

Buy Now
Questions 53

Which of the following is MOST likely to be discretionary?

Options:

A.

Policies

B.

Procedures

C.

Guidelines

D.

Standards

Buy Now
Questions 54

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Options:

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Buy Now
Questions 55

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

Options:

A.

Single loss expectancy multiplied by the annual rate of occurrence

B.

Total loss expectancy multiplied by the total loss frequency

C.

Value of the asset multiplied by the loss expectancy

D.

Replacement cost multiplied by the single loss expectancy

Buy Now
Questions 56

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

Options:

A.

Lack of notification to the public of disclosure of confidential information.

B.

Lack of periodic examination of access rights

C.

Failure to notify police of an attempted intrusion

D.

Lack of reporting of a successful denial of service attack on the network.

Buy Now
Questions 57

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

Options:

A.

How many credit card records are stored?

B.

How many servers do you have?

C.

What is the scope of the certification?

D.

What is the value of the assets at risk?

Buy Now
Questions 58

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

Options:

A.

Technology governance defines technology policies and standards while security governance does not.

B.

Security governance defines technology best practices and Information Technology governance does not.

C.

Technology Governance is focused on process risks whereas Security Governance is focused on business risk.

D.

The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Buy Now
Questions 59

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

Options:

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

Buy Now
Questions 60

Which of the following has the GREATEST impact on the implementation of an information security governance model?

Options:

A.

Organizational budget

B.

Distance between physical locations

C.

Number of employees

D.

Complexity of organizational structure

Buy Now
Questions 61

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Options:

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Buy Now
Questions 62

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

Options:

A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

Buy Now
Questions 63

Which of the following is a benefit of information security governance?

Options:

A.

Questioning the trust in vendor relationships.

B.

Increasing the risk of decisions based on incomplete management information.

C.

Direct involvement of senior management in developing control processes

D.

Reduction of the potential for civil and legal liability

Buy Now
Questions 64

Control Objectives for Information and Related Technology (COBIT) is which of the following?

Options:

A.

An Information Security audit standard

B.

An audit guideline for certifying secure systems and controls

C.

A framework for Information Technology management and governance

D.

A set of international regulations for Information Technology governance

Buy Now
Questions 65

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

Options:

A.

ISO 27001

B.

ISO 27002

C.

ISO 27004

D.

ISO 27005

Buy Now
Questions 66

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Options:

A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

Buy Now
Questions 67

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Options:

A.

Need to comply with breach disclosure laws

B.

Need to transfer the risk associated with hosting PII data

C.

Need to better understand the risk associated with using PII data

D.

Fiduciary responsibility to safeguard credit card information

Buy Now
Questions 68

Who is responsible for securing networks during a security incident?

Options:

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Buy Now
Questions 69

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

Options:

A.

Enforce the existing security standards and do not allow the deployment of the new technology.

B.

Amend the standard to permit the deployment.

C.

If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

D.

Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

Buy Now
Questions 70

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

Options:

A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements

Buy Now
Questions 71

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

Options:

A.

In promiscuous mode and only detect malicious traffic.

B.

In-line and turn on blocking mode to stop malicious traffic.

C.

In promiscuous mode and block malicious traffic.

D.

In-line and turn on alert mode to stop malicious traffic.

Buy Now
Questions 72

Why is it vitally important that senior management endorse a security policy?

Options:

A.

So that they will accept ownership for security within the organization.

B.

So that employees will follow the policy directives.

C.

So that external bodies will recognize the organizations commitment to security.

D.

So that they can be held legally accountable.

Buy Now
Questions 73

Developing effective security controls is a balance between:

Options:

A.

Risk Management and Operations

B.

Corporate Culture and Job Expectations

C.

Operations and Regulations

D.

Technology and Vendor Management

Buy Now
Questions 74

The single most important consideration to make when developing your security program, policies, and processes is:

Options:

A.

Budgeting for unforeseen data compromises

B.

Streamlining for efficiency

C.

Alignment with the business

D.

Establishing your authority as the Security Executive

Buy Now
Questions 75

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

Options:

A.

Confidentiality, Integrity and Availability

B.

Assurance, Compliance and Availability

C.

International Compliance

D.

Integrity and Availability

Buy Now
Questions 76

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization’s products and services?

Options:

A.

Strong authentication technologies

B.

Financial reporting regulations

C.

Credit card compliance and regulations

D.

Local privacy laws

Buy Now
Questions 77

The alerting, monitoring and life-cycle management of security related events is typically handled by the

Options:

A.

security threat and vulnerability management process

B.

risk assessment process

C.

risk management process

D.

governance, risk, and compliance tools

Buy Now
Questions 78

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

Options:

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Buy Now
Questions 79

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

Options:

A.

Control Objective for Information Technology (COBIT)

B.

Committee of Sponsoring Organizations (COSO)

C.

Payment Card Industry (PCI)

D.

Information Technology Infrastructure Library (ITIL)

Buy Now
Questions 80

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

Options:

A.

Servers, routers, switches, modem

B.

Firewall, exchange, web server, intrusion detection system (IDS)

C.

Firewall, anti-virus console, IDS, syslog

D.

IDS, syslog, router, switches

Buy Now
Questions 81

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

Options:

A.

If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.

B.

If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

C.

If the findings impact regulatory compliance, remediate the high findings as quickly as possible.

D.

If the findings do not impact regulatory compliance, review current security controls.

Buy Now
Questions 82

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Options:

A.

Organization control

B.

Procedural control

C.

Management control

D.

Technical control

Buy Now
Questions 83

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

Options:

A.

Qualitative analysis

B.

Quantitative analysis

C.

Risk mitigation

D.

Estimate activity duration

Buy Now
Questions 84

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

Options:

A.

Number of change orders rejected

B.

Number and length of planned outages

C.

Number of unplanned outages

D.

Number of change orders processed

Buy Now
Questions 85

The risk found after a control has been fully implemented is called:

Options:

A.

Residual Risk

B.

Total Risk

C.

Post implementation risk

D.

Transferred risk

Buy Now
Questions 86

The patching and monitoring of systems on a consistent schedule is required by?

Options:

A.

Local privacy laws

B.

Industry best practices

C.

Risk Management frameworks

D.

Audit best practices

Buy Now
Questions 87

The effectiveness of an audit is measured by?

Options:

A.

The number of actionable items in the recommendations

B.

How it exposes the risk tolerance of the company

C.

How the recommendations directly support the goals of the company

D.

The number of security controls the company has in use

Buy Now
Questions 88

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

Options:

A.

Determine the annual loss expectancy (ALE)

B.

Create a crisis management plan

C.

Create technology recovery plans

D.

Build a secondary hot site

Buy Now
Questions 89

Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

Options:

A.

Application logs

B.

File integrity monitoring

C.

SNMP traps

D.

Syslog

Buy Now
Questions 90

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

Options:

A.

Internal Audit

B.

Database Administration

C.

Information Security

D.

Compliance

Buy Now
Questions 91

Creating a secondary authentication process for network access would be an example of?

Options:

A.

An administrator with too much time on their hands.

B.

Putting undue time commitment on the system administrator.

C.

Supporting the concept of layered security

D.

Network segmentation.

Buy Now
Questions 92

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

Options:

A.

All vulnerabilities found on servers and desktops

B.

Only critical and high vulnerabilities on servers and desktops

C.

Only critical and high vulnerabilities that impact important production servers

D.

All vulnerabilities that impact important production servers

Buy Now
Questions 93

If the result of an NPV is positive, then the project should be selected. The net present value shows the present

value of the project, based on the decisions taken for its selection. What is the net present value equal to?

Options:

A.

Net profit – per capita income

B.

Total investment – Discounted cash

C.

Average profit – Annual investment

D.

Initial investment – Future value

Buy Now
Questions 94

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

Options:

A.

Network based security preventative controls

B.

Software segmentation controls

C.

Network based security detective controls

D.

User segmentation controls

Buy Now
Questions 95

What is the difference between encryption and tokenization?

Options:

A.

Tokenization combined with hashing is always better than encryption

B.

Encryption can be mathematically reversed to provide the original information

C.

The token contains the all original information

D.

Tokenization can be mathematically reversed to provide the original information

Buy Now
Questions 96

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

When multiple regulations or standards apply to your industry you should set controls to meet the:

Options:

A.

Easiest regulation or standard to implement

B.

Stricter regulation or standard

C.

Most complex standard to implement

D.

Recommendations of your Legal Staff

Buy Now
Questions 97

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.

Which of the following needs to be performed NEXT?

Options:

A.

Verify the scope of the project

B.

Verify the regulatory requirements

C.

Verify technical resources

D.

Verify capacity constraints

Buy Now
Questions 98

Which of the following is an accurate statement regarding capital expenses?

Options:

A.

They are easily reduced through the elimination of usage, such as reducing power for lighting of work areas

during off-hours

B.

Capital expenses can never be replaced by operational expenses

C.

Capital expenses are typically long-term investments with value being realized through their use

D.

The organization is typically able to regain the initial cost by selling this type of asset

Buy Now
Questions 99

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?

Options:

A.

Scope of the project

B.

Training of the personnel on the project

C.

Timeline of the project milestones

D.

Vendor for the project

Buy Now
Questions 100

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

Options:

A.

Internal Audit

B.

Corporate governance

C.

Risk Oversight

D.

Key Performance Indicators

Buy Now
Questions 101

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team’s activities?

Options:

A.

Regular communication of incident status to executives

B.

Eradication of malware and system restoration

C.

Determination of the attack source

D.

Preservation of information

Buy Now
Questions 102

Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

Options:

A.

ITIL

B.

Privacy Act

C.

Sarbanes Oxley

D.

PCI-DSS

Buy Now
Questions 103

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

Options:

A.

There is integration between IT security and business staffing.

B.

There is a clear definition of the IT security mission and vision.

C.

There is an auditing methodology in place.

D.

The plan requires return on investment for all security projects.

Buy Now
Questions 104

Which type of scan is used on the eye to measure the layer of blood vessels?

Options:

A.

Facial recognition scan

B.

Iris scan

C.

Signature kinetics scan

D.

Retinal scan

Buy Now
Questions 105

The network administrator wants to strengthen physical security in the organization. Specifically, to implement a

solution stopping people from entering certain restricted zones without proper credentials. Which of following

physical security measures should the administrator use?

Options:

A.

Video surveillance

B.

Mantrap

C.

Bollards

D.

Fence

Buy Now
Questions 106

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Options:

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

Buy Now
Questions 107

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his

assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for

an employee to pass through the main access gate, then the consultant follows the employee behind to get into

the restricted area. Which type of attack did the consultant perform?

Options:

A.

Shoulder surfing

B.

Tailgating

C.

Social engineering

D.

Mantrap

Buy Now
Questions 108

A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

Options:

A.

Moderate investment

B.

Passive monitoring

C.

Integrated security controls

D.

Dynamic deception

Buy Now
Questions 109

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

Options:

A.

Annually

B.

Semi-annually

C.

Quarterly

D.

Never

Buy Now
Questions 110

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

Options:

A.

The CISO does not report directly to the CEO of the organization

B.

The CISO reports to the IT organization

C.

The CISO has not implemented a policy management framework

D.

The CISO has not implemented a security awareness program

Buy Now
Questions 111

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

Options:

A.

Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance

B.

Understand the business and focus your efforts on enabling operations securely

C.

Draw from your experience and recount stories of how other companies have been compromised

D.

Cite corporate policy and insist on compliance with audit findings

Buy Now
Questions 112

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Options:

A.

The Net Present Value (NPV) of the project is positive

B.

The NPV of the project is negative

C.

The Return on Investment (ROI) is larger than 10 months

D.

The ROI is lower than 10 months

Buy Now
Questions 113

Which of the following is MOST useful when developing a business case for security initiatives?

Options:

A.

Budget forecasts

B.

Request for proposals

C.

Cost/benefit analysis

D.

Vendor management

Buy Now
Questions 114

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

Options:

A.

Security regulations

B.

Asset classification

C.

Information security policy

D.

Data classification

Buy Now
Questions 115

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Your Corporate Information Security Policy should include which of the following?

Options:

A.

Information security theory

B.

Roles and responsibilities

C.

Incident response contacts

D.

Desktop configuration standards

Buy Now
Questions 116

Which of the following is considered the MOST effective tool against social engineering?

Options:

A.

Anti-phishing tools

B.

Effective Security awareness program

C.

Anti-malware tools

D.

Effective Security Vulnerability Management Program

Buy Now
Questions 117

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

Options:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Buy Now
Questions 118

As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.

The performance quality audit activity is done in what project management process group?

Options:

A.

Executing

B.

Controlling

C.

Planning

D.

Closing

Buy Now
Questions 119

What is the primary difference between regulations and standards?

Options:

A.

Standards will include regulations

B.

Standards that aren’t followed are punishable by fines

C.

Regulations are made enforceable by the power provided by laws

D.

Regulations must be reviewed and approved by the business

Buy Now
Questions 120

XYZ is a publicly-traded software development company.

Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?

Options:

A.

Chief Financial Officer (CFO)

B.

Chief Software Architect (CIO)

C.

CISO

D.

Chief Executive Officer (CEO)

Buy Now
Questions 121

Optical biometric recognition such as retina scanning provides access to facilities through reading the unique characteristics of a person’s eye.

However, authorization failures can occur with individuals who have?

Options:

A.

Glaucoma or cataracts

B.

Two different colored eyes (heterochromia iridium)

C.

Contact lens

D.

Malaria

Buy Now
Questions 122

A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).

In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?

Options:

A.

Recovery Point Objective (RPO)

B.

Mean Time to Delivery (MTD)

C.

Recovery Time Objective (RTO)

D.

Maximum Tolerable Downtime (MTD)

Buy Now
Questions 123

When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?

Options:

A.

Oversees the organization’s day-to-day operations, creating the policies and strategies that govern operations

B.

Enlisting support from key executives the information security program budget and policies

C.

Charged with developing and implementing policies designed to protect employees and customers’ data from unauthorized access

D.

Responsible for the success or failure of the IT organization and setting strategic direction

Buy Now
Questions 124

When managing a project, the MOST important activity in managing the expectations of stakeholders is:

Options:

A.

To force stakeholders to commit ample resources to support the project

B.

To facilitate proper communication regarding outcomes

C.

To assure stakeholders commit to the project start and end dates in writing

D.

To finalize detailed scope of the project at project initiation

Buy Now
Questions 125

Which of the following provides the BEST approach to achieving positive outcomes while preserving savings?

Options:

A.

Business Impact Analysis

B.

Cost-benefit analysis

C.

Economic impact analysis

D.

Return on Investment

Buy Now
Questions 126

What does RACI stand for?

Options:

A.

Reasonable, Actionable, Controlled, and Implemented

B.

Responsible, Actors, Consult, and Instigate

C.

Responsible, Accountable, Consulted, and Informed

D.

Review, Act, Communicate, and Inform

Buy Now
Questions 127

In defining a strategic security plan for an organization, what should a CISO first analyze?

Options:

A.

Reach out to a business similar to yours and ask for their plan

B.

Set goals that are difficult to attain to drive more productivity

C.

Review business acquisitions for the past 3 years

D.

Analyze the broader organizational strategic plan

Buy Now
Questions 128

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

Options:

A.

RAM and unallocated space

B.

Unallocated space and RAM

C.

Slack space and browser cache

D.

Persistent and volatile data

Buy Now
Questions 129

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

Options:

A.

This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system

B.

Contracting rules typically require you to have conversations with two or more groups

C.

Discussing decisions with a very large group of people always provides a better outcome

D.

It helps to avoid regulatory or internal compliance issues

Buy Now
Questions 130

During a cyber incident, which non-security personnel might be needed to assist the security team?

Options:

A.

Threat analyst, IT auditor, forensic analyst

B.

Network engineer, help desk technician, system administrator

C.

CIO, CFO, CSO

D.

Financial analyst, payroll clerk, HR manager

Buy Now
Questions 131

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.

What Security Operations Center (SOC) model does this BEST describe?

Options:

A.

Virtual SOC

B.

In-house SOC

C.

Security Network Operations Center (SNOC)

D.

Hybrid SOC

Buy Now
Questions 132

Who should be involved in the development of an internal campaign to address email phishing?

Options:

A.

Business unit leaders, CIO, CEO

B.

Business Unite Leaders, CISO, CIO and CEO

C.

All employees

D.

CFO, CEO, CIO

Buy Now
Questions 133

When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

Options:

A.

SaaS provider’s website certifications and representations (certs and reps)

B.

SOC-2 Report

C.

Metasploit Audit Report

D.

Statement from SaaS provider attesting their ability to secure your data

Buy Now
Questions 134

What are the common data hiding techniques used by criminals?

Options:

A.

Unallocated space and masking

B.

Website defacement and log manipulation

C.

Disabled Logging and admin elevation

D.

Encryption, Steganography, and Changing Metadata/Timestamps

Buy Now
Questions 135

An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.

What is the MOST likely reason why the sensitive data was posted?

Options:

A.

The DLP Solution was not integrated with mobile device anti-malware

B.

Data classification was not properly performed on the assets

C.

The sensitive data was not encrypted while at rest

D.

A risk assessment was not performed after purchasing the DLP solution

Buy Now
Questions 136

Many successful cyber-attacks currently include:

Options:

A.

Phishing Attacks

B.

Misconfigurations

C.

All of these

D.

Social engineering

Buy Now
Questions 137

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

Options:

A.

Public cloud

B.

Private cloud

C.

Community cloud

D.

Hybrid cloud

Buy Now
Questions 138

Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?

Options:

A.

Purge

B.

Clear

C.

Mangle

D.

Destroy

Buy Now
Exam Code: 712-50
Exam Name: EC-Council Certified CISO (CCISO)
Last Update: Dec 26, 2024
Questions: 460
712-50 pdf

712-50 PDF

$25.5  $84.99
712-50 Engine

712-50 Testing Engine

$30  $99.99
712-50 PDF + Engine

712-50 PDF + Testing Engine

$40.5  $134.99