New Year Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

712-50 PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

712-50 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: EC-Council Certified CISO (CCISO)
  • Last Update: Jan 13, 2025
  • Questions and Answers: 461
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

712-50 Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

712-50 Practice Exam Questions with Answers EC-Council Certified CISO (CCISO) Certification

Question # 6

What is the purpose of the statement of retained earnings of an organization?

A.

It represents the sum of all capital expenditures

B.

It represents the percentage of earnings that could in part be used to finance future security controls

C.

It represents the savings generated by the proper acquisition and implementation of security controls

D.

It has a direct correlation with the CISO’s budget

Full Access
Question # 7

What is the THIRD state of the Tuckman Stages of Group Development?

A.

Performing

B.

Norming

C.

Storming

D.

Forming

Full Access
Question # 8

During a cyber incident, which non-security personnel might be needed to assist the security team?

A.

Threat analyst, IT auditor, forensic analyst

B.

Network engineer, help desk technician, system administrator

C.

CIO, CFO, CSO

D.

Financial analyst, payroll clerk, HR manager

Full Access
Question # 9

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

A.

RAM and unallocated space

B.

Unallocated space and RAM

C.

Slack space and browser cache

D.

Persistent and volatile data

Full Access
Question # 10

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.

Which of the following compliance standard is the MOST important to the organization?

A.

The Federal Risk and Authorization Management Program (FedRAMP)

B.

ISO 27002

C.

NIST Cybersecurity Framework

D.

Payment Card Industry (PCI) Data Security Standard (DSS)

Full Access
Question # 11

What are the common data hiding techniques used by criminals?

A.

Unallocated space and masking

B.

Website defacement and log manipulation

C.

Disabled Logging and admin elevation

D.

Encryption, Steganography, and Changing Metadata/Timestamps

Full Access
Question # 12

To make sure that the actions of all employees, applications, and systems follow the organization’s rules and regulations can BEST be described as which of the following?

A.

Compliance management

B.

Asset management

C.

Risk management

D.

Security management

Full Access
Question # 13

When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

A.

SaaS provider’s website certifications and representations (certs and reps)

B.

SOC-2 Report

C.

Metasploit Audit Report

D.

Statement from SaaS provider attesting their ability to secure your data

Full Access
Question # 14

Which of the following are the triple constraints of project management?

A.

Time, quality, and scope

B.

Cost, quality, and time

C.

Scope, time, and cost

D.

Quality, scope, and cost

Full Access
Question # 15

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to organizational implementation and management requirements. Which of the following principles does this BEST demonstrate?

A.

Proper budget management

B.

Leveraging existing implementations

C.

Alignment with the business

D.

Effective use of existing technologies

Full Access
Question # 16

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans.

Which control is MOST important to protect AI products?

A.

Hash datasets

B.

Sanitize datasets

C.

Delete datasets

D.

Encrypt datasets

Full Access
Question # 17

Many successful cyber-attacks currently include:

A.

Phishing Attacks

B.

Misconfigurations

C.

Social engineering

D.

All of these

Full Access
Question # 18

In defining a strategic security plan for an organization, what should a CISO first analyze?

A.

Reach out to a business similar to yours and ask for their plan

B.

Set goals that are difficult to attain to drive more productivity

C.

Review business acquisitions for the past 3 years

D.

Analyze the broader organizational strategic plan

Full Access
Question # 19

Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?

A.

Virtual

B.

Dedicated

C.

Fusion

D.

Command

Full Access
Question # 20

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

A.

Business Impact Analysis

B.

Economic Impact analysis

C.

Return on Investment

D.

Cost-benefit analysis

Full Access
Question # 21

As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?

A.

Recovery Point Objective (RPO)

B.

Disaster Recovery Plan

C.

Recovery Time Objective (RTO)

D.

Business Continuity Plan

Full Access
Question # 22

Which of the following is the MOST effective method for discovering common technical vulnerabilities within the

IT environment?

A.

Reviewing system administrator logs

B.

Auditing configuration templates

C.

Checking vendor product releases

D.

Performing system scans

Full Access
Question # 23

Which of the following best describes an access control process that confirms the identity of the entity seeking

access to a logical or physical area?

A.

Identification

B.

Authorization

C.

Authentication

D.

Accountability

Full Access
Question # 24

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how

hardware and software is implemented and managed within the organization. Which of the following principles

does this best demonstrate?

A.

Effective use of existing technologies

B.

Create a comprehensive security awareness program and provide success metrics to business units

C.

Proper budget management

D.

Leveraging existing implementations

Full Access
Question # 25

Which of the following is an accurate statement regarding capital expenses?

A.

They are easily reduced through the elimination of usage, such as reducing power for lighting of work areas

during off-hours

B.

Capital expenses can never be replaced by operational expenses

C.

Capital expenses are typically long-term investments with value being realized through their use

D.

The organization is typically able to regain the initial cost by selling this type of asset

Full Access
Question # 26

When dealing with risk, the information security practitioner may choose to:

A.

assign

B.

transfer

C.

acknowledge

D.

defer

Full Access
Question # 27

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

When multiple regulations or standards apply to your industry you should set controls to meet the:

A.

Easiest regulation or standard to implement

B.

Stricter regulation or standard

C.

Most complex standard to implement

D.

Recommendations of your Legal Staff

Full Access
Question # 28

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

Full Access
Question # 29

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When formulating the remediation plan, what is a required input?

A.

Board of directors

B.

Risk assessment

C.

Patching history

D.

Latest virus definitions file

Full Access
Question # 30

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

A.

Turn off VPN access for users originating from outside the country

B.

Enable monitoring on the VPN for suspicious activity

C.

Force a change of all passwords

D.

Block access to the Employee-Self Service application via VPN

Full Access
Question # 31

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

A.

NIST and Privacy Regulations

B.

ISO 27000 and Payment Card Industry Data Security Standards

C.

NIST and data breach notification laws

D.

ISO 27000 and Human resources best practices

Full Access
Question # 32

When updating the security strategic planning document what two items must be included?

A.

Alignment with the business goals and the vision of the CIO

B.

The risk tolerance of the company and the company mission statement

C.

The executive summary and vision of the board of directors

D.

The alignment with the business goals and the risk tolerance

Full Access
Question # 33

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

A.

There is integration between IT security and business staffing.

B.

There is a clear definition of the IT security mission and vision.

C.

There is an auditing methodology in place.

D.

The plan requires return on investment for all security projects.

Full Access
Question # 34

Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

A.

Alignment with business goals

B.

ISO27000 accreditation

C.

PCI attestation of compliance

D.

Financial statements

Full Access
Question # 35

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

A.

The CISO does not report directly to the CEO of the organization

B.

The CISO reports to the IT organization

C.

The CISO has not implemented a policy management framework

D.

The CISO has not implemented a security awareness program

Full Access
Question # 36

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Your Corporate Information Security Policy should include which of the following?

A.

Information security theory

B.

Roles and responsibilities

C.

Incident response contacts

D.

Desktop configuration standards

Full Access
Question # 37

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

A.

Annually

B.

Semi-annually

C.

Quarterly

D.

Never

Full Access
Question # 38

What are the primary reasons for the development of a business case for a security project?

A.

To estimate risk and negate liability to the company

B.

To understand the attack vectors and attack sources

C.

To communicate risk and forecast resource needs

D.

To forecast usage and cost per software licensing

Full Access
Question # 39

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

A.

Destroy the repository of stolen data

B.

Contact your local law enforcement agency

C.

Consult with other C-Level executives to develop an action plan

D.

Contract with a credit reporting company for paid monitoring services for affected customers

Full Access
Question # 40

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

What is the MOST logical course of action the CISO should take?

A.

Review the original solution set to determine if another system would fit the organization’s risk appetite and budget

regulatory compliance requirements

B.

Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be provided when needed

C.

Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor

D.

Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements

Full Access
Question # 41

At what level of governance are individual projects monitored and managed?

A.

Program

B.

Milestone

C.

Enterprise

D.

Portfolio

Full Access
Question # 42

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

A.

Validate the effectiveness of current controls

B.

Create detailed remediation funding and staffing plans

C.

Report the audit findings and remediation status to business stake holders

D.

Review security procedures to determine if they need modified according to findings

Full Access
Question # 43

Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

A.

ITIL

B.

Privacy Act

C.

Sarbanes Oxley

D.

PCI-DSS

Full Access
Question # 44

During the 3rd quarter of a budget cycle, the CISO noticed she spent more than was originally planned in her

annual budget. What is the condition of her current budgetary posture?

A.

The budget is in a temporary state of imbalance

B.

The budget is operating at a deficit

C.

She can realign the budget through moderate capital expense (CAPEX) allocation

D.

She has a surplus of operational expenses (OPEX)

Full Access
Question # 45

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

A.

Internal Audit

B.

Corporate governance

C.

Risk Oversight

D.

Key Performance Indicators

Full Access
Question # 46

A digital signature addresses which of the following concerns?

A.

Message alteration

B.

Message copying

C.

Message theft

D.

Unauthorized reading

Full Access
Question # 47

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

A.

Professional user education on phishing conducted by a reputable vendor

B.

Multi-factor authentication employing hard tokens

C.

Forcing password changes every 90 days

D.

Decreasing the number of employees with administrator privileges

Full Access
Question # 48

What is the primary reason for performing a return on investment analysis?

A.

To decide between multiple vendors

B.

To decide is the solution costs less than the risk it is mitigating

C.

To determine the current present value of a project

D.

To determine the annual rate of loss

Full Access
Question # 49

The ability to require implementation and management of security controls within third-party provided services is a critical part of:

A.

Disaster recovery

B.

Vendor management

C.

Security Governance

D.

Compliance management

Full Access
Question # 50

What is a key policy that should be part of the information security plan?

A.

Account management policy

B.

Training policy

C.

Acceptable Use policy

D.

Remote Access policy

Full Access
Question # 51

Who is responsible for verifying that audit directives are implemented?

A.

IT Management

B.

Internal Audit

C.

IT Security

D.

BOD Audit Committee

Full Access
Question # 52

When managing a project, the MOST important activity in managing the expectations of stakeholders is:

A.

To force stakeholders to commit ample resources to support the project

B.

To facilitate proper communication regarding outcomes

C.

To assure stakeholders commit to the project start and end dates in writing

D.

To finalize detailed scope of the project at project initiation

Full Access
Question # 53

Which of the following provides the BEST approach to achieving positive outcomes while preserving savings?

A.

Business Impact Analysis

B.

Cost-benefit analysis

C.

Economic impact analysis

D.

Return on Investment

Full Access
Question # 54

What is the primary difference between regulations and standards?

A.

Standards will include regulations

B.

Standards that aren’t followed are punishable by fines

C.

Regulations are made enforceable by the power provided by laws

D.

Regulations must be reviewed and approved by the business

Full Access
Question # 55

What organizational structure combines the functional and project structures to create a hybrid of the two?

A.

Traditional

B.

Composite

C.

Project

D.

Matrix

Full Access
Question # 56

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Full Access
Question # 57

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

Full Access
Question # 58

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Full Access
Question # 59

Which of the following is a major benefit of applying risk levels?

A.

Risk management governance becomes easier since most risks remain low once mitigated

B.

Resources are not wasted on risks that are already managed to an acceptable level

C.

Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

D.

Risk appetite can increase within the organization once the levels are understood

Full Access
Question # 60

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

A.

The company lacks a risk management process

B.

The company does not believe the security vulnerabilities to be real

C.

The company has a high risk tolerance

D.

The company lacks the tools to perform a vulnerability assessment

Full Access
Question # 61

Risk appetite is typically determined by which of the following organizational functions?

A.

Security

B.

Business units

C.

Board of Directors

D.

Audit and compliance

Full Access
Question # 62

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Full Access
Question # 63

A stakeholder is a person or group:

A.

Vested in the success and/or failure of a project or initiative regardless of budget implications.

B.

Vested in the success and/or failure of a project or initiative and is tied to the project budget.

C.

That has budget authority.

D.

That will ultimately use the system.

Full Access
Question # 64

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

A.

Quarterly

B.

Semi-annually

C.

Bi-annually

D.

Annually

Full Access
Question # 65

Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

A.

Risk Management

B.

Risk Assessment

C.

System Testing

D.

Vulnerability Assessment

Full Access
Question # 66

Which of the following can the company implement in order to avoid this type of security issue in the future?

A.

Network based intrusion detection systems

B.

A security training program for developers

C.

A risk management process

D.

A audit management process

Full Access
Question # 67

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

A.

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

B.

Intrusion Detection System (IDS), firewall, switch, syslog

C.

Security Incident Event Management (SIEM), IDS, router, syslog

D.

SIEM, IDS, firewall, VMS

Full Access
Question # 68

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

A.

Alignment with the business

B.

Effective use of existing technologies

C.

Leveraging existing implementations

D.

Proper budget management

Full Access
Question # 69

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

A.

A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

B.

A clear set of security policies and procedures that are more concept-based than controls-based

C.

A complete inventory of Information Technology assets including infrastructure, networks, applications and data

D.

A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

Full Access
Question # 70

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

A.

Distance learning/Web seminars

B.

Formal Class

C.

One-One Training

D.

Self –Study (noncomputerized)

Full Access
Question # 71

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

A.

Lack of asset management processes

B.

Lack of change management processes

C.

Lack of hardening standards

D.

Lack of proper access controls

Full Access
Question # 72

Which of the following is the MOST important component of any change management process?

A.

Scheduling

B.

Back-out procedures

C.

Outage planning

D.

Management approval

Full Access
Question # 73

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

A.

Risk Assessment

B.

Incident Response

C.

Risk Management

D.

Network Security administration

Full Access
Question # 74

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

A.

Cost benefit

B.

Risk appetite

C.

Business continuity

D.

Likelihood of impact

Full Access
Question # 75

To get an Information Security project back on schedule, which of the following will provide the MOST help?

A.

Upper management support

B.

More frequent project milestone meetings

C.

Stakeholder support

D.

Extend work hours

Full Access
Question # 76

Which of the following are not stakeholders of IT security projects?

A.

Board of directors

B.

Third party vendors

C.

CISO

D.

Help Desk

Full Access
Question # 77

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Full Access
Question # 78

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

A.

Poor audit support for the security program

B.

A lack of executive presence within the security program

C.

Poor alignment of the security program to business needs

D.

This is normal since business units typically resist security requirements

Full Access
Question # 79

You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

A.

Risk averse

B.

Risk tolerant

C.

Risk conditional

D.

Risk minimal

Full Access
Question # 80

Which of the following is the BEST indicator of a successful project?

A.

it is completed on time or early as compared to the baseline project plan

B.

it meets most of the specifications as outlined in the approved project definition

C.

it comes in at or below the expenditures planned for in the baseline budget

D.

the deliverables are accepted by the key stakeholders

Full Access
Question # 81

Which business stakeholder is accountable for the integrity of a new information system?

A.

CISO

B.

Compliance Officer

C.

Project manager

D.

Board of directors

Full Access
Question # 82

An example of professional unethical behavior is:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Full Access
Question # 83

Which of the following is considered a project versus a managed process?

A.

monitoring external and internal environment during incident response

B.

ongoing risk assessments of routine operations

C.

continuous vulnerability assessment and vulnerability repair

D.

installation of a new firewall system

Full Access
Question # 84

Which of the following information may be found in table top exercises for incident response?

A.

Security budget augmentation

B.

Process improvements

C.

Real-time to remediate

D.

Security control selection

Full Access
Question # 85

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

A.

Poses a strong technical background

B.

Understand all regulations affecting the organization

C.

Understand the business goals of the organization

D.

Poses a strong auditing background

Full Access
Question # 86

Which represents PROPER separation of duties in the corporate environment?

A.

Information Security and Identity Access Management teams perform two distinct functions

B.

Developers and Network teams both have admin rights on servers

C.

Finance has access to Human Resources data

D.

Information Security and Network teams perform two distinct functions

Full Access
Question # 87

Which of the following is considered the MOST effective tool against social engineering?

A.

Anti-phishing tools

B.

Anti-malware tools

C.

Effective Security Vulnerability Management Program

D.

Effective Security awareness program

Full Access
Question # 88

An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.

A.

Install software patch, Operate system, Maintain system

B.

Discover software, Remove affected software, Apply software patch

C.

Install software patch, configuration adjustment, Software Removal

D.

Software removal, install software patch, maintain system

Full Access
Question # 89

Risk is defined as:

A.

Threat times vulnerability divided by control

B.

Advisory plus capability plus vulnerability

C.

Asset loss times likelihood of event

D.

Quantitative plus qualitative impact

Full Access
Question # 90

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

A.

The organization uses exclusively a quantitative process to measure risk

B.

The organization uses exclusively a qualitative process to measure risk

C.

The organization’s risk tolerance is high

D.

The organization’s risk tolerance is lo

Full Access
Question # 91

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

A.

When there is a need to develop a more unified incident response capability.

B.

When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

C.

When there is a variety of technologies deployed in the infrastructure.

D.

When it results in an overall lower cost of operating the security program.

Full Access
Question # 92

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

A.

The IT team is not familiar in IT audit practices

B.

This represents a bad implementation of the Least Privilege principle

C.

This represents a conflict of interest

D.

The IT team is not certified to perform audits

Full Access
Question # 93

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

Full Access
Question # 94

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months

Full Access
Question # 95

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

A.

Number of callers who report security issues.

B.

Number of callers who report a lack of customer service from the call center

C.

Number of successful social engineering attempts on the call center

D.

Number of callers who abandon the call before speaking with a representative

Full Access
Question # 96

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Full Access
Question # 97

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

A.

Data breach disclosure

B.

Consumer right disclosure

C.

Security incident disclosure

D.

Special circumstance disclosure

Full Access
Question # 98

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

A.

Lack of notification to the public of disclosure of confidential information.

B.

Lack of periodic examination of access rights

C.

Failure to notify police of an attempted intrusion

D.

Lack of reporting of a successful denial of service attack on the network.

Full Access
Question # 99

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Full Access
Question # 100

What is the first thing that needs to be completed in order to create a security program for your organization?

A.

Risk assessment

B.

Security program budget

C.

Business continuity plan

D.

Compliance and regulatory analysis

Full Access
Question # 101

Which of the following is a critical operational component of an Incident Response Program (IRP)?

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Full Access
Question # 102

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

A.

Scan a representative sample of systems

B.

Perform the scans only during off-business hours

C.

Decrease the vulnerabilities within the scan tool settings

D.

Filter the scan output so only pertinent data is analyzed

Full Access
Question # 103

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

A.

Validate that security awareness program content includes information about the potential vulnerability

B.

Conduct a thorough risk assessment against the current implementation to determine system functions

C.

Determine program ownership to implement compensating controls

D.

Send a report to executive peers and business unit owners detailing your suspicions

Full Access
Question # 104

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

A.

Due Protection

B.

Due Care

C.

Due Compromise

D.

Due process

Full Access
Question # 105

The success of the Chief Information Security Officer is MOST dependent upon:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Full Access
Question # 106

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

A.

They are objective and can express risk / cost in real numbers

B.

They are subjective and can be completed more quickly

C.

They are objective and express risk / cost in approximates

D.

They are subjective and can express risk /cost in real numbers

Full Access
Question # 107

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements

Full Access
Question # 108

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

A.

Confidentiality, Integrity and Availability

B.

Assurance, Compliance and Availability

C.

International Compliance

D.

Integrity and Availability

Full Access
Question # 109

Developing effective security controls is a balance between:

A.

Risk Management and Operations

B.

Corporate Culture and Job Expectations

C.

Operations and Regulations

D.

Technology and Vendor Management

Full Access
Question # 110

Which of the following has the GREATEST impact on the implementation of an information security governance model?

A.

Organizational budget

B.

Distance between physical locations

C.

Number of employees

D.

Complexity of organizational structure

Full Access
Question # 111

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

A.

Penetration testers

B.

External Audit

C.

Internal Audit

D.

Forensic experts

Full Access
Question # 112

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

A.

The auditors have not followed proper auditing processes

B.

The CIO of the organization disagrees with the finding

C.

The risk tolerance of the organization permits this risk

D.

The organization has purchased cyber insurance

Full Access
Question # 113

Which of the following is the MAIN security concern for public cloud computing?

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Full Access
Question # 114

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Full Access
Question # 115

The process of identifying and classifying assets is typically included in the

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Full Access
Question # 116

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Full Access
Question # 117

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Full Access
Question # 118

Physical security measures typically include which of the following components?

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Full Access
Question # 119

The process of creating a system which divides documents based on their security level to manage access to private data is known as

A.

security coding

B.

data security system

C.

data classification

D.

privacy protection

Full Access
Question # 120

What type of attack requires the least amount of technical equipment and has the highest success rate?

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Full Access
Question # 121

An anonymity network is a series of?

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Full Access
Question # 122

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Full Access
Question # 123

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Full Access
Question # 124

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Full Access
Question # 125

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

A.

Execute

B.

Read

C.

Administrator

D.

Public

Full Access
Question # 126

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Full Access
Question # 127

What is the FIRST step in developing the vulnerability management program?

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Full Access
Question # 128

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

A.

4, 2, 5, 3, 1

B.

2, 5, 3, 1, 4

C.

4, 5, 2, 3, 1

D.

4, 3, 5, 2, 1

Full Access
Question # 129

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Full Access
Question # 130

Which wireless encryption technology makes use of temporal keys?

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Full Access
Question # 131

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Full Access
Question # 132

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Full Access
Question # 133

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Full Access
Question # 134

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

A.

non-repudiation

B.

conflict resolution

C.

strong authentication

D.

digital rights management

Full Access
Question # 135

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Full Access
Question # 136

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Full Access
Question # 137

Which of the following backup sites takes the longest recovery time?

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Full Access
Question # 138

Which of the following is a symmetric encryption algorithm?

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Full Access