Weekend Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

ECCouncil 512-50 Dumps

Page: 1 / 40
Total 404 questions
Get 512-50 Full Access Download 512-50 PDF

EC-Council Information Security Manager (E|ISM) Questions and Answers

Question 1

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 2

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Options:

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Question 3

Which wireless encryption technology makes use of temporal keys?

Options:

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Question 4

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 5

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Options:

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Question 6

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

Options:

A.

4, 2, 5, 3, 1

B.

2, 5, 3, 1, 4

C.

4, 5, 2, 3, 1

D.

4, 3, 5, 2, 1

Question 7

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Question 8

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 9

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 10

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Question 11

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 12

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 13

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

Options:

A.

NIST and Privacy Regulations

B.

ISO 27000 and Payment Card Industry Data Security Standards

C.

NIST and data breach notification laws

D.

ISO 27000 and Human resources best practices

Question 14

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Options:

A.

The Net Present Value (NPV) of the project is positive

B.

The NPV of the project is negative

C.

The Return on Investment (ROI) is larger than 10 months

D.

The ROI is lower than 10 months

Question 15

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

Options:

A.

Conduct background checks on individuals before hiring them

B.

Develop an Information Security Awareness program

C.

Monitor employee browsing and surfing habits

D.

Set your firewall permissions aggressively and monitor logs regularly.

Question 16

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

Options:

A.

Network based security preventative controls

B.

Software segmentation controls

C.

Network based security detective controls

D.

User segmentation controls

Question 17

A digital signature addresses which of the following concerns?

Options:

A.

Message alteration

B.

Message copying

C.

Message theft

D.

Unauthorized reading

Question 18

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

Which group of people should be consulted when developing your security program?

Options:

A.

Peers

B.

End Users

C.

Executive Management

D.

All of the above

Question 19

The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

Options:

A.

Security certification

B.

Security system analysis

C.

Security accreditation

D.

Alignment with business practices and goals.

Question 20

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

Options:

A.

Poorly configured firewalls

B.

Malware

C.

Advanced Persistent Threat (APT)

D.

An insider

Question 21

Involvement of senior management is MOST important in the development of:

Options:

A.

IT security implementation plans.

B.

Standards and guidelines.

C.

IT security policies.

D.

IT security procedures.

Question 22

As the CISO, you have been tasked with the execution of the company’s key management program. You

MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key

control will ensure no single individual can constitute or re-constitute a key?

Options:

A.

Dual Control

B.

Separation of Duties

C.

Split Knowledge

D.

Least Privilege

Question 23

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

Options:

A.

Destroy the repository of stolen data

B.

Contact your local law enforcement agency

C.

Consult with other C-Level executives to develop an action plan

D.

Contract with a credit reporting company for paid monitoring services for affected customers

Question 24

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

Options:

A.

Begin initial gap remediation analyses

B.

Review the security organization’s charter

C.

Validate gaps with the Information Technology team

D.

Create a briefing of the findings for executive management

Question 25

Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

Options:

A.

Application logs

B.

File integrity monitoring

C.

SNMP traps

D.

Syslog

Question 26

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

Options:

A.

assign the responsibility to the information security team.

B.

assign the responsibility to the team responsible for the management of the controls.

C.

create operational reports on the effectiveness of the controls.

D.

perform an independent audit of the security controls.

Question 27

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

Options:

A.

Have internal audit conduct another audit to see what has changed.

B.

Contract with an external audit company to conduct an unbiased audit

C.

Review the recommendations and follow up to see if audit implemented the changes

D.

Meet with audit team to determine a timeline for corrections

Question 28

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

Options:

A.

Plan-Check-Do-Act

B.

Plan-Do-Check-Act

C.

Plan-Select-Implement-Evaluate

D.

SCORE (Security Consensus Operational Readiness Evaluation)

Question 29

Which of the following is a fundamental component of an audit record?

Options:

A.

Date and time of the event

B.

Failure of the event

C.

Originating IP-Address

D.

Authentication type

Question 30

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

Options:

A.

ISO 27001

B.

PRINCE2

C.

ISO 27004

D.

ITILv3

Question 31

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Options:

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Temporal Probability (TP)

Question 32

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

Options:

A.

Perform a vulnerability scan of the network

B.

External penetration testing by a qualified third party

C.

Internal Firewall ruleset reviews

D.

Implement network intrusion prevention systems

Question 33

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

Options:

A.

If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.

B.

If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

C.

If the findings impact regulatory compliance, remediate the high findings as quickly as possible.

D.

If the findings do not impact regulatory compliance, review current security controls.

Question 34

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Options:

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Question 35

At which point should the identity access management team be notified of the termination of an employee?

Options:

A.

At the end of the day once the employee is off site

B.

During the monthly review cycle

C.

Immediately so the employee account(s) can be disabled

D.

Before an audit

Question 36

Creating a secondary authentication process for network access would be an example of?

Options:

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Question 37

Risk is defined as:

Options:

A.

Threat times vulnerability divided by control

B.

Advisory plus capability plus vulnerability

C.

Asset loss times likelihood of event

D.

Quantitative plus qualitative impact

Question 38

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

Options:

A.

Audit validation

B.

Physical control testing

C.

Compliance management

D.

Security awareness training

Question 39

Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

Options:

A.

Security officer

B.

Data owner

C.

Vulnerability engineer

D.

System administrator

Question 40

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

Options:

A.

Contacting the Internet Service Provider for an IP scope

B.

Getting authority to operate the system from executive management

C.

Changing the default passwords

D.

Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Question 41

What is a difference from the list below between quantitative and qualitative Risk Assessment?

Options:

A.

Quantitative risk assessments result in an exact number (in monetary terms)

B.

Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

C.

Qualitative risk assessments map to business objectives

D.

Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Question 42

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

Options:

A.

Chief Information Security Officer

B.

Chief Executive Officer

C.

Chief Information Officer

D.

Chief Legal Counsel

Question 43

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

Options:

A.

Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

B.

Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program

C.

Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

D.

Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Question 44

What is the BEST way to achieve on-going compliance monitoring in an organization?

Options:

A.

Only check compliance right before the auditors are scheduled to arrive onsite.

B.

Outsource compliance to a 3rd party vendor and let them manage the program.

C.

Have Compliance and Information Security partner to correct issues as they arise.

D.

Have Compliance direct Information Security to fix issues after the auditors report.

Question 45

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

Options:

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months

Question 46

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

Options:

A.

When there is a need to develop a more unified incident response capability.

B.

When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

C.

When there is a variety of technologies deployed in the infrastructure.

D.

When it results in an overall lower cost of operating the security program.

Question 47

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

Options:

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

Question 48

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

Options:

A.

National Institute for Standards and Technology 800-50 (NIST 800-50)

B.

International Organization for Standardizations – 27005 (ISO-27005)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27004 (ISO-27004)

Question 49

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

Options:

A.

A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

B.

A clear set of security policies and procedures that are more concept-based than controls-based

C.

A complete inventory of Information Technology assets including infrastructure, networks, applications and data

D.

A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

Question 50

A recommended method to document the respective roles of groups and individuals for a given process is to:

Options:

A.

Develop a detailed internal organization chart

B.

Develop a telephone call tree for emergency response

C.

Develop an isolinear response matrix with cost benefit analysis projections

D.

Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

Question 51

Which of the following are the triple constraints of project management?

Options:

A.

Time, quality, and scope

B.

Cost, quality, and time

C.

Scope, time, and cost

D.

Quality, scope, and cost

Question 52

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

Options:

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Question 53

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

Options:

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Question 54

Which of the following information may be found in table top exercises for incident response?

Options:

A.

Security budget augmentation

B.

Process improvements

C.

Real-time to remediate

D.

Security control selection

Question 55

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

Options:

A.

Vendor’s client list of reputable organizations currently using their solution

B.

Vendor provided attestation of the detailed security controls from a reputable accounting firm

C.

Vendor provided reference from an existing reputable client detailing their implementation

D.

Vendor provided internal risk assessment and security control documentation

Question 56

Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Options:

A.

Upper management support

B.

More frequent project milestone meetings

C.

More training of staff members

D.

Involve internal audit

Question 57

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

Options:

A.

Download open source security tools and deploy them on your production network

B.

Download trial versions of commercially available security tools and deploy on your production network

C.

Download open source security tools from a trusted site, test, and then deploy on production network

D.

Download security tools from a trusted source and deploy to production network

Question 58

You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

Options:

A.

Risk averse

B.

Risk tolerant

C.

Risk conditional

D.

Risk minimal

Question 59

Which of the following are not stakeholders of IT security projects?

Options:

A.

Board of directors

B.

Third party vendors

C.

CISO

D.

Help Desk

Question 60

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

Options:

A.

Quarterly

B.

Semi-annually

C.

Bi-annually

D.

Annually

Load More 512-50 Questions
Page: 1 / 40
Total 404 questions
Get 512-50 Full Access Download 512-50 PDF