Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
Security related breaches are assessed and contained through which of the following?
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?
SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?
Which of the following is a countermeasure to prevent unauthorized database access from web applications?
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:
Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?
Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?
A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?
How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?
Risk appetite is typically determined by which of the following organizational functions?
This occurs when the quantity or quality of project deliverables is expanded from the original project plan.
In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?
A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?
Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?
Which of the following is critical in creating a security program aligned with an organization’s goals?
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
Which of the following methodologies references the recommended industry standard that Information security project managers should follow?
A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?
IT control objectives are useful to IT auditors as they provide the basis for understanding the:
What oversight should the information security team have in the change management process for application security?
The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?
A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?
Which of the following represents the best method of ensuring business unit alignment with security program requirements?
A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?
An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?
What is the MAIN reason for conflicts between Information Technology and Information Security programs?
You have implemented a new security control. Which of the following risk strategy options have you engaged in?
Which of the following has the GREATEST impact on the implementation of an information security governance model?
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?
Control Objectives for Information and Related Technology (COBIT) is which of the following?
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?
When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it
The single most important consideration to make when developing your security program, policies, and processes is:
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for
Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization’s products and services?
The alerting, monitoring and life-cycle management of security related events is typically handled by the
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?
Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?
Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?
A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?
An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:
The patching and monitoring of systems on a consistent schedule is required by?
An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?
In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?
Creating a secondary authentication process for network access would be an example of?
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?
If the result of an NPV is positive, then the project should be selected. The net present value shows the present
value of the project, based on the decisions taken for its selection. What is the net present value equal to?
Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:
The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.
Which of the following needs to be performed NEXT?
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?
What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?
SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team’s activities?
Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?
The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a
solution stopping people from entering certain restricted zones without proper credentials. Which of following
physical security measures should the administrator use?
SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
In what phase of the response will the team extract information from the affected systems without altering original data?
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his
assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for
an employee to pass through the main access gate, then the consultant follows the employee behind to get into
the restricted area. Which type of attack did the consultant perform?
A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?
Which of the following is MOST useful when developing a business case for security initiatives?
Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?
Which of the following is considered the MOST effective tool against social engineering?
From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:
As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.
The performance quality audit activity is done in what project management process group?
XYZ is a publicly-traded software development company.
Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?
Optical biometric recognition such as retina scanning provides access to facilities through reading the unique characteristics of a person’s eye.
However, authorization failures can occur with individuals who have?
A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).
In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?
When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?
When managing a project, the MOST important activity in managing the expectations of stakeholders is:
Which of the following provides the BEST approach to achieving positive outcomes while preserving savings?
In defining a strategic security plan for an organization, what should a CISO first analyze?
When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?
When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?
During a cyber incident, which non-security personnel might be needed to assist the security team?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?
Who should be involved in the development of an internal campaign to address email phishing?
When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?
An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.
What is the MOST likely reason why the sensitive data was posted?
A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?
Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?
CCISO | 712-50 Questions Answers | 712-50 Test Prep | EC-Council Certified CISO (CCISO) Questions PDF | 712-50 Online Exam | 712-50 Practice Test | 712-50 PDF | 712-50 Test Questions | 712-50 Study Material | 712-50 Exam Preparation | 712-50 Valid Dumps | 712-50 Real Questions | CCISO 712-50 Exam Questions
TESTED 24 Nov 2024
