Weekend Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

ECCouncil 712-50 Dumps

Page: 1 / 45
Total 449 questions
Get 712-50 Full Access Download 712-50 PDF

EC-Council Certified CISO (CCISO) Questions and Answers

Question 1

What is the first thing that needs to be completed in order to create a security program for your organization?

Options:

A.

Risk assessment

B.

Security program budget

C.

Business continuity plan

D.

Compliance and regulatory analysis

Question 2

Credit card information, medical data, and government records are all examples of:

Options:

A.

Confidential/Protected Information

B.

Bodily Information

C.

Territorial Information

D.

Communications Information

Question 3

If your organization operates under a model of "assumption of breach", you should:

Options:

A.

Protect all information resource assets equally

B.

Establish active firewall monitoring protocols

C.

Purchase insurance for your compliance liability

D.

Focus your security efforts on high value assets

Question 4

Which of the following should be determined while defining risk management strategies?

Options:

A.

Organizational objectives and risk tolerance

B.

Risk assessment criteria

C.

IT architecture complexity

D.

Enterprise disaster recovery plans

Question 5

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

Options:

A.

Identify threats, risks, impacts and vulnerabilities

B.

Decide how to manage risk

C.

Define the budget of the Information Security Management System

D.

Define Information Security Policy

Question 6

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

Options:

A.

When there is a need to develop a more unified incident response capability.

B.

When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

C.

When there is a variety of technologies deployed in the infrastructure.

D.

When it results in an overall lower cost of operating the security program.

Question 7

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

Options:

A.

International Organization for Standardizations – 27004 (ISO-27004)

B.

Payment Card Industry Data Security Standards (PCI-DSS)

C.

Control Objectives for Information Technology (COBIT)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Question 8

Which of the following is a critical operational component of an Incident Response Program (IRP)?

Options:

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Question 9

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

Options:

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Question 10

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

Options:

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months

Question 11

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

Options:

A.

Technology governance defines technology policies and standards while security governance does not.

B.

Security governance defines technology best practices and Information Technology governance does not.

C.

Technology Governance is focused on process risks whereas Security Governance is focused on business risk.

D.

The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Question 12

An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

Options:

A.

A high threat environment

B.

A low risk tolerance environment

C.

I low vulnerability environment

D.

A high risk tolerance environment

Question 13

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

Options:

A.

Management Control

B.

Technical Control

C.

Training Control

D.

Operational Control

Question 14

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

Options:

A.

Control Objective for Information Technology (COBIT)

B.

Committee of Sponsoring Organizations (COSO)

C.

Payment Card Industry (PCI)

D.

Information Technology Infrastructure Library (ITIL)

Question 15

Creating a secondary authentication process for network access would be an example of?

Options:

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Question 16

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Options:

A.

Identify and evaluate the existing controls.

B.

Disclose the threats and impacts to management.

C.

Identify information assets and the underlying systems.

D.

Identify and assess the risk assessment process used by management.

Question 17

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

Options:

A.

Meet regulatory compliance requirements

B.

Better understand the threats and vulnerabilities affecting the environment

C.

Better understand strengths and weaknesses of the program

D.

Meet legal requirements

Question 18

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

Options:

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Question 19

The patching and monitoring of systems on a consistent schedule is required by?

Options:

A.

Local privacy laws

B.

Industry best practices

C.

Risk Management frameworks

D.

Audit best practices

Question 20

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Options:

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Question 21

How often should an environment be monitored for cyber threats, risks, and exposures?

Options:

A.

Weekly

B.

Monthly

C.

Quarterly

D.

Daily

Question 22

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

Options:

A.

Detective Controls

B.

Proactive Controls

C.

Preemptive Controls

D.

Organizational Controls

Question 23

At which point should the identity access management team be notified of the termination of an employee?

Options:

A.

At the end of the day once the employee is off site

B.

During the monthly review cycle

C.

Immediately so the employee account(s) can be disabled

D.

Before an audit

Question 24

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

Options:

A.

Security Administrators

B.

Internal/External Audit

C.

Risk Management

D.

Security Operations

Question 25

File Integrity Monitoring (FIM) is considered a

Options:

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

Question 26

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

Options:

A.

Professional user education on phishing conducted by a reputable vendor

B.

Multi-factor authentication employing hard tokens

C.

Forcing password changes every 90 days

D.

Decreasing the number of employees with administrator privileges

Question 27

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

Options:

A.

Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance

B.

Understand the business and focus your efforts on enabling operations securely

C.

Draw from your experience and recount stories of how other companies have been compromised

D.

Cite corporate policy and insist on compliance with audit findings

Question 28

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

Options:

A.

Zero-day attack mitigation

B.

Preventive detection control

C.

Corrective security control

D.

Dynamic blocking control

Question 29

Involvement of senior management is MOST important in the development of:

Options:

A.

IT security implementation plans.

B.

Standards and guidelines.

C.

IT security policies.

D.

IT security procedures.

Question 30

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?

Options:

A.

Lack of identification of technology stake holders

B.

Lack of business continuity process

C.

Lack of influence with leaders outside IT

D.

Lack of a security awareness program

Question 31

Which of the following is MOST useful when developing a business case for security initiatives?

Options:

A.

Budget forecasts

B.

Request for proposals

C.

Cost/benefit analysis

D.

Vendor management

Question 32

An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network

(WAN). Which of the following would BEST ensure network continuity?

Options:

A.

Third-party emergency repair contract

B.

Pre-built servers and routers

C.

Permanent alternative routing

D.

Full off-site backup of every server

Question 33

What is the BEST reason for having a formal request for proposal process?

Options:

A.

Creates a timeline for purchasing and budgeting

B.

Allows small companies to compete with larger companies

C.

Clearly identifies risks and benefits before funding is spent

D.

Informs suppliers a company is going to make a purchase

Question 34

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

Options:

A.

Poorly configured firewalls

B.

Malware

C.

Advanced Persistent Threat (APT)

D.

An insider

Question 35

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Your Corporate Information Security Policy should include which of the following?

Options:

A.

Information security theory

B.

Roles and responsibilities

C.

Incident response contacts

D.

Desktop configuration standards

Question 36

When project costs continually increase throughout implementation due to large or rapid changes in customer

or user requirements, this is commonly known as:

Options:

A.

Cost/benefit adjustments

B.

Scope creep

C.

Prototype issues

D.

Expectations management

Question 37

What is the primary difference between regulations and standards?

Options:

A.

Standards will include regulations

B.

Standards that aren’t followed are punishable by fines

C.

Regulations are made enforceable by the power provided by laws

D.

Regulations must be reviewed and approved by the business

Question 38

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

Options:

A.

RAM and unallocated space

B.

Unallocated space and RAM

C.

Slack space and browser cache

D.

Persistent and volatile data

Question 39

What are the common data hiding techniques used by criminals?

Options:

A.

Unallocated space and masking

B.

Website defacement and log manipulation

C.

Disabled Logging and admin elevation

D.

Encryption, Steganography, and Changing Metadata/Timestamps

Question 40

Which of the following are the triple constraints of project management?

Options:

A.

Time, quality, and scope

B.

Cost, quality, and time

C.

Scope, time, and cost

D.

Quality, scope, and cost

Question 41

A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to make better decisions on protecting information and assets.

What is the MAIN goal of threat hunting to the SecOps Manager?

Options:

A.

Improve discovery of valid detected events

B.

Enhance tuning of automated tools to detect and prevent attacks

C.

Replace existing threat detection strategies

D.

Validate patterns of behavior related to an attack

Question 42

Devising controls for information security is a balance between?

Options:

A.

Governance and compliance

B.

Auditing and security

C.

Budget and risk tolerance

D.

Threats and vulnerabilities

Question 43

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.

What Security Operations Center (SOC) model does this BEST describe?

Options:

A.

Virtual SOC

B.

In-house SOC

C.

Security Network Operations Center (SNOC)

D.

Hybrid SOC

Question 44

An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.

What should the auditor’s NEXT step be?

Options:

A.

Immediately notify the board of directors of the organization as to the finding

B.

Correct the classifications immediately based on the auditor’s knowledge of the proper classification

C.

Document the missing classifications

D.

Identify the owner of the asset and induce the owner to apply a proper classification

Question 45

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

Options:

A.

This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system

B.

Contracting rules typically require you to have conversations with two or more groups

C.

Discussing decisions with a very large group of people always provides a better outcome

D.

It helps to avoid regulatory or internal compliance issues

Question 46

In defining a strategic security plan for an organization, what should a CISO first analyze?

Options:

A.

Reach out to a business similar to yours and ask for their plan

B.

Set goals that are difficult to attain to drive more productivity

C.

Review business acquisitions for the past 3 years

D.

Analyze the broader organizational strategic plan

Question 47

What is the MOST critical output of the incident response process?

Options:

A.

A complete document of all involved team members and the support they provided

B.

Recovery of all data from affected systems

C.

Lessons learned from the incident, so they can be incorporated into the incident response processes

D.

Clearly defined documents detailing standard evidence collection and preservation processes

Question 48

What does RACI stand for?

Options:

A.

Reasonable, Actionable, Controlled, and Implemented

B.

Responsible, Actors, Consult, and Instigate

C.

Responsible, Accountable, Consulted, and Informed

D.

Review, Act, Communicate, and Inform

Question 49

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Question 50

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 51

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 52

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 53

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options:

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Question 54

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 55

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Question 56

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 57

What type of attack requires the least amount of technical equipment and has the highest success rate?

Options:

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Question 58

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 59

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

Options:

A.

4, 2, 5, 3, 1

B.

2, 5, 3, 1, 4

C.

4, 5, 2, 3, 1

D.

4, 3, 5, 2, 1

Question 60

What is the FIRST step in developing the vulnerability management program?

Options:

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Question 61

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Options:

A.

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

B.

Intrusion Detection System (IDS), firewall, switch, syslog

C.

Security Incident Event Management (SIEM), IDS, router, syslog

D.

SIEM, IDS, firewall, VMS

Question 62

Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?

Options:

A.

Security administrators

B.

Security mangers

C.

Security technicians

D.

Security analysts

Question 63

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

Options:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

Question 64

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Question 65

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

Options:

A.

low risk-tolerance

B.

high risk-tolerance

C.

moderate risk-tolerance

D.

medium-high risk-tolerance

Question 66

An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

Options:

A.

The CISO

B.

Audit and Compliance

C.

The CFO

D.

The business owner

Question 67

When is an application security development project complete?

Options:

A.

When the application is retired.

B.

When the application turned over to production.

C.

When the application reaches the maintenance phase.

D.

After one year.

Load More 712-50 Questions
Page: 1 / 45
Total 449 questions
Get 712-50 Full Access Download 712-50 PDF