712-50 Practice Exam Questions with Answers EC-Council Certified CISO (CCISO) Certification

Validate the effectiveness of current controls

Create detailed remediation funding and staffing plans

Report the audit findings and remediation status to business stake holders

Review security procedures to determine if they need modified according to findings

Network connectivity costs

New datacenter to operate from

Upgrade of mainframe

Purchase of new mobile devices to improve operations

Maintain a log of discovered risks

Track individual risk assessments

Develop plans for mitigating identified risks

Coordinate the timing of scheduled risk assessments

IT security implementation plans.

Standards and guidelines.

IT security policies.

IT security procedures.

Alignment with the business goals and the vision of the CIO

The risk tolerance of the company and the company mission statement

The executive summary and vision of the board of directors

The alignment with the business goals and the risk tolerance

Provide developer security training

Deploy Intrusion Detection Systems

Provide security testing tools

Implement Compensating Controls

Security budget augmentation

Process improvements

Real-time to remediate

Security control selection

Knowing who all the stakeholders are.

Knowing the people on the data center team.

Knowing the threats to the organization.

Knowing the milestones and timelines of deliverables.

Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact

Explain to the IT group that the IPS won’t cause any network impact because it will fail open

Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

Security

Business units

Board of Directors

Audit and compliance

Scheduling

Back-out procedures

Outage planning

Management approval

Provide security reporting to all levels of an organization

Create effective security awareness to employees

Manage risk within the organization

Assure regulatory compliance

Tell the team to do their best and respond to each alert

Tune the sensors to help reduce false positives so the team can react better

Request additional resources to handle the workload

Tell the team to only respond to the critical and high alerts

The Security Systems Development Life Cycle

The Security Project And Management Methodology

Project Management System Methodology

Project Management Body of Knowledge

Cost benefit

Risk appetite

Business continuity

Likelihood of impact

Customer demand

Cost and time to replace

Insurability tables

Risk of exposure

Secure the area and shut-down the computer until investigators arrive

Secure the area and attempt to maintain power until investigators arrive

Immediately place hard drive and other components in an anti-static bag

Secure the area.

The need to change accounting periods on a regular basis.

The requirement to post entries for a closed accounting period.

The need to create and modify the chart of accounts and its allocations.

The lack of policies and procedures for the proper segregation of duties.

In-line hardware keyloggers don’t require physical access

In-line hardware keyloggers don’t comply to industry regulations

In-line hardware keyloggers are undetectable by software

In-line hardware keyloggers are relatively inexpensive

The IT support team.

A forensic analysis.

Incident response

Physical security team.

Your public key

The recipient's private key

The recipient's public key

Certificate authority key

Shared key

Asynchronous

Open

None

3DES

MD5

ECC

RSA

Unallocated space and masking

Website defacement and log manipulation

Disabled Logging and admin elevation

Encryption, Steganography, and Changing Metadata/Timestamps

Account management policy

Training policy

Acceptable Use policy

Remote Access policy

Inside the DMZ

In-line with the data center firewall

Beyond the outer perimeter firewall

As the gatekeeper to the organization’s honeynet

Inability to export the private certificate/key

It can double as physical identification at the DMV

It has the user’s photograph to help ID them

It can be used as a secure flash drive

Phishing Attacks

Misconfigurations

Social engineering

All of these

Conduct a quantitative risk assessment

Conduct a hybrid risk assessment

Conduct a subjective risk assessment

Conduct a qualitative risk assessment

This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system

Contracting rules typically require you to have conversations with two or more groups

Discussing decisions with a very large group of people always provides a better outcome

It helps to avoid regulatory or internal compliance issues

The CISO should cut other essential programs to ensure the new solution’s continued use

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

Defer selection until the market improves and cash flow is positive

Implement the solution and ask for the increased operating cost budget when it is time

It is an IPSec protocol.

It is a text-based communication protocol.

It uses TCP port 22 as the default port and operates at the application layer.

It uses UDP port 22

Comprehensive Log-Files from all servers and network devices affected during the attack

Fully trained network forensic experts to analyze all data right after the attack

Uninterrupted Chain of Custody

Expert forensics witness

Traffic Analysis

Deep-Packet inspection

Packet sampling

Heuristic analysis

chain of custody.

electronic discovery.

evidence tampering.

electronic review.

Covert government networks

War driving maps

Government networks in Tora

Virtual network tunnels

Lack of risk management process

Lack of sponsorship from executive management

IT security centric agenda

Compliance centric agenda

Professional user education on phishing conducted by a reputable vendor

Multi-factor authentication employing hard tokens

Forcing password changes every 90 days

Decreasing the number of employees with administrator privileges

Smoke

Thermal

Air-aspirating

Photo electric

An approach that allows for minimum budget impact if the solution is unsuitable

A methodology-based approach to ensure authentication mechanism functions

An approach providing minimum time impact to the implementation schedules

A risk-based approach to determine if the solution is suitable for investment

Board of directors

Risk assessment

Patching history

Latest virus definitions file

Conduct background checks on individuals before hiring them

Develop an Information Security Awareness program

Monitor employee browsing and surfing habits

Set your firewall permissions aggressively and monitor logs regularly.

To understand the risk coverage that are being mitigated by the vendor

To establish a vendor selection process

To document the relationship between the company and the vendor

To define the partnership for long-term success

favorable audit findings

following the recommendations of consultants and contractors

development of relationships with organization executives

raising awareness of security issues with end users

High risk environments 6 months, low risk environments 12 months

Every 12 months

Every 18 months

Every six months

security threat and vulnerability management process

risk assessment process

risk management process

governance, risk, and compliance tools

integrate with other organizational governance processes

support user choice for Bring Your Own Device (BYOD)

integrate with other organizational governance processes

show a return on investment for the organization

all organizational assets

critical business processes and /or revenue streams

intellectual property released into the public domain

against distributed denial of service attacks

Scan a representative sample of systems

Perform the scans only during off-business hours

Decrease the vulnerabilities within the scan tool settings

Filter the scan output so only pertinent data is analyzed

Confidential/Protected Information

Bodily Information

Territorial Information

Communications Information

Legal department

Compliance officer

Data Owner

Information security officer

Implement redundancy

move operations to another region

purchase breach insurance

Alignment with business operations

They are objective and can express risk / cost in real numbers

They are subjective and can be completed more quickly

They are objective and express risk / cost in approximates

They are subjective and can express risk /cost in real numbers

Cost and annual rate of expectance

Subjective and Objective

Qualitative and percent of loss realized

Quantitative and qualitative

Risk Management and Operations

Corporate Culture and Job Expectations

Operations and Regulations

Technology and Vendor Management

At the end of the day once the employee is off site

During the monthly review cycle

Immediately so the employee account(s) can be disabled

Before an audit

International Organization for Standardization 27001

National Institute of Standards and Technology Special Publication SP 800-12

Request For Comment 2196

National Institute of Standards and Technology Special Publication SP 800-26

Threat Level, Risk of Compromise, and Consequences of Compromise

Risk Avoidance, Threat Level, and Consequences of Compromise

Risk Transfer, Reputational Impact, and Consequences of Compromise

Reputational Impact, Financial Impact, and Risk of Compromise

Validate that security awareness program content includes information about the potential vulnerability

Conduct a thorough risk assessment against the current implementation to determine system functions

Determine program ownership to implement compensating controls

Send a report to executive peers and business unit owners detailing your suspicions

Every 6 months

Quarterly

Before an audit

At least once a year

Organization control

Procedural control

Management control

Technical control

Detective Controls

Proactive Controls

Preemptive Controls

Organizational Controls