EC-Council Certified CISO (CCISO) Questions and Answers
What is the first thing that needs to be completed in order to create a security program for your organization?
Credit card information, medical data, and government records are all examples of:
If your organization operates under a model of "assumption of breach", you should:
Which of the following should be determined while defining risk management strategies?
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?
An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?
Which of the following is a critical operational component of an Incident Response Program (IRP)?
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?
In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?
What is the MAIN reason for conflicts between Information Technology and Information Security programs?
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?
An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?
Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?
Creating a secondary authentication process for network access would be an example of?
During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?
The patching and monitoring of systems on a consistent schedule is required by?
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?
How often should an environment be monitored for cyber threats, risks, and exposures?
Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:
At which point should the identity access management team be notified of the termination of an employee?
Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?
File Integrity Monitoring (FIM) is considered a
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered
Involvement of senior management is MOST important in the development of:
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?
Which of the following is MOST useful when developing a business case for security initiatives?
An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network
(WAN). Which of the following would BEST ensure network continuity?
What is the BEST reason for having a formal request for proposal process?
A large number of accounts in a hardened system were suddenly compromised to an external party. Which of
the following is the MOST probable threat actor involved in this incident?
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?
When project costs continually increase throughout implementation due to large or rapid changes in customer
or user requirements, this is commonly known as:
What is the primary difference between regulations and standards?
When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?
What are the common data hiding techniques used by criminals?
Which of the following are the triple constraints of project management?
A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to make better decisions on protecting information and assets.
What is the MAIN goal of threat hunting to the SecOps Manager?
Devising controls for information security is a balance between?
A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?
An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.
What should the auditor’s NEXT step be?
When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?
In defining a strategic security plan for an organization, what should a CISO first analyze?
What is the MOST critical output of the incident response process?
What does RACI stand for?
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
Security related breaches are assessed and contained through which of the following?
Which of the following is a symmetric encryption algorithm?
Which of the following is a countermeasure to prevent unauthorized database access from web applications?
SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:
Which of the following is the MAIN security concern for public cloud computing?
In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:
What type of attack requires the least amount of technical equipment and has the highest success rate?
Which of the following statements about Encapsulating Security Payload (ESP) is true?
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
What is the FIRST step in developing the vulnerability management program?
In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?
Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?
A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:
An example of professional unethical behavior is:
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?
When is an application security development project complete?