512-50 Exam Dumps - EC-Council Information Security Manager (E|ISM)

Searching for workable clues to ace the ECCouncil 512-50 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s 512-50 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
Next
Last >>

Question # 17

What is the FIRST step in developing the vulnerability management program?

Baseline the Environment

Maintain and Monitor

Organization Vulnerability

Define Policy

Full Access

Question # 18

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Configure logging on each access point

Install a firewall software on each wireless access point.

Provide IP and MAC address

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Full Access

Question # 19

The process of identifying and classifying assets is typically included in the

Threat analysis process

Asset configuration management process

Business Impact Analysis

Disaster Recovery plan

Full Access

Question # 20

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

Enterprise Risk Assessment

Disaster recovery strategic plan

Business continuity plan

Application mapping document

Full Access

Question # 21

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

Zero-day attack mitigation

Preventive detection control

Corrective security control

Dynamic blocking control

Full Access

Question # 22

The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

Security certification

Security system analysis

Security accreditation

Alignment with business practices and goals.

Full Access

Question # 23

When creating contractual agreements and procurement processes why should security requirements be included?

To make sure they are added on after the process is completed

To make sure the costs of security is included and understood

To make sure the security process aligns with the vendorâ€™s security process

To make sure the patching process is included with the costs

Full Access

Question # 24

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Once supervisors and data owners have approved requests, information system administrators will implement

Technical control(s)

Management control(s)

Policy control(s)

Operational control(s)

Full Access

Go to page: