Latest Dec 14, 2022 712-50 Brain Dump A Study Guide with Tips & Tricks for passing Exam [Q186-Q203] : Latest Exam Prep : http://certify.vceprep.com

QUESTION 186
When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

An independent Governance, Risk and Compliance organization

Alignment of security goals with business goals

Compliance with local privacy regulations

Support from Legal and HR teams

QUESTION 187
An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

International Organization for Standardizations – 27004 (ISO-27004)

Payment Card Industry Data Security Standards (PCI-DSS)

Control Objectives for Information Technology (COBIT)

International Organization for Standardizations – 27005 (ISO-27005)

QUESTION 188
Scenario: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team. During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions.
What is the MOST critical aspect of the team’s activities?

Regular communication of incident status to executives

Preservation of information

Eradication of malware and system restoration

Determination of the attack source

QUESTION 189
An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

Number of change orders rejected

Number and length of planned outages

Number of unplanned outages

Number of change orders processed

QUESTION 190
During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Identify and assess the risk assessment process used by management.

Identify and evaluate existing controls.

Identify information assets and the underlying systems.

Disclose the threats and impacts to management.

QUESTION 191
A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

Moderate investment

Passive monitoring

Integrated security controls

Dynamic deception

QUESTION 192
The process of creating a system which divides documents based on their security level to manage access to private data is known as ____________________.

security coding

Privacy protection

data security system

data classification

QUESTION 193
Which of the following are the triple constraints of project management?

Time, quality, and scope

Cost, quality, and time

Scope, time, and cost

Quality, scope, and cost

QUESTION 194
When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

In promiscuous mode and only detect malicious traffic.

In-line and turn on blocking mode to stop malicious traffic.

In promiscuous mode and block malicious traffic.

In-line and turn on alert mode to stop malicious traffic.

QUESTION 195
Which of the following should be determined while defining risk management strategies?

Organizational objectives and risk tolerance

Risk assessment criteria

IT architecture complexity

Enterprise disaster recovery plans

QUESTION 196
Which represents PROPER separation of duties in the corporate environment?

Information Security and Identity Access Management teams perform two distinct functions

Developers and Network teams both have admin rights on servers

Finance has access to Human Resources data

Information Security and Network teams perform two distinct functions

QUESTION 197
If the result of an NPV is positive, then the project should be selected. The net present value shows the present value of the project, based on the decisions taken for its selection. What is the net present value equal to?

Net profit – per capita income

Total investment – Discounted cash

Average profit – Annual investment

Initial investment – Future value

QUESTION 198
Which of the following is the BEST indicator of a successful project?

it is completed on time or early as compared to the baseline project plan

it meets most of the specifications as outlined in the approved project definition

it comes in at or below the expenditures planned for in the baseline budget

the deliverables are accepted by the key stakeholders

QUESTION 199
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

Post a sign that states, “no tailgating” next to the special card reader adjacent to the secure door

Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card

Educate and enforce physical security policies of the company to all the employees on a regular basis

Setup a mock video camera next to the special card reader adjacent to the secure door

QUESTION 200
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

Risk Tolerance

Qualitative risk analysis

Risk Appetite

Quantitative risk analysis

QUESTION 201
Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

Define the risk appetite

Determine budget constraints

Review project charters

Collaborate security projects

QUESTION 202
Which of the following is a major benefit of applying risk levels?

Risk management governance becomes easier since most risks remain low once mitigated

Resources are not wasted on risks that are already managed to an acceptable level

Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

Risk appetite can increase within the organization once the levels are understood

QUESTION 203
Which of the following is a symmetric encryption algorithm?

3DES

MD5

ECC

RSA

Latest Dec 14, 2022 712-50 Brain Dump A Study Guide with Tips & Tricks for passing Exam [Q186-Q203]

EC-Council 712-50: Prerequisites

EC-COUNCIL 712-50 Exam Syllabus Topics:

EC-Council 712-50: Career Opportunities