Summer Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

712-50 Exam Dumps - EC-Council Certified CISO (CCISO)

Question # 4

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

A.

A substantive test of program library controls

B.

A compliance test of program library controls

C.

A compliance test of the program compiler controls

D.

A substantive test of the program compiler controls

Full Access
Question # 5

The patching and monitoring of systems on a consistent schedule is required by?

A.

Local privacy laws

B.

Industry best practices

C.

Risk Management frameworks

D.

Audit best practices

Full Access
Question # 6

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

A.

Penetration testers

B.

External Audit

C.

Internal Audit

D.

Forensic experts

Full Access
Question # 7

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

A.

All vulnerabilities found on servers and desktops

B.

Only critical and high vulnerabilities on servers and desktops

C.

Only critical and high vulnerabilities that impact important production servers

D.

All vulnerabilities that impact important production servers

Full Access
Question # 8

Which of the following activities must be completed BEFORE you can calculate risk?

A.

Determining the likelihood that vulnerable systems will be attacked by specific threats

B.

Calculating the risks to which assets are exposed in their current setting

C.

Assigning a value to each information asset

D.

Assessing the relative risk facing the organization’s information assets

Full Access
Question # 9

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

A.

Organization control

B.

Procedural control

C.

Management control

D.

Technical control

Full Access
Question # 10

Which of the following is a fundamental component of an audit record?

A.

Date and time of the event

B.

Failure of the event

C.

Originating IP-Address

D.

Authentication type

Full Access
Question # 11

Devising controls for information security is a balance between?

A.

Governance and compliance

B.

Auditing and security

C.

Budget and risk tolerance

D.

Threats and vulnerabilities

Full Access
Question # 12

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Full Access
Question # 13

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).

The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

A.

ISO 22318 Supply Chain Continuity

B.

ISO 27031 BCM Readiness

C.

ISO 22301 BCM Requirements

D.

ISO 22317 BIA

Full Access
Question # 14

A recommended method to document the respective roles of groups and individuals for a given process is to:

A.

Develop a detailed internal organization chart

B.

Develop a telephone call tree for emergency response

C.

Develop an isolinear response matrix with cost benefit analysis projections

D.

Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

Full Access
Question # 15

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Full Access
Question # 16

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

A.

The software license expiration is probably out of synchronization with other software licenses

B.

The project was initiated without an effort to get support from impacted business units in the organization

C.

The software is out of date and does not provide for a scalable solution across the enterprise

D.

The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Full Access
Question # 17

The Board of Directors of a publicly-traded company is concerned about the security implications of a strategic project that will migrate 50% of the organization’s information technology assets to the cloud. They have requested a briefing on the project plan and a progress report of the security stream of the project. As the CISO, you have been tasked with preparing the report for the Chief Executive Officer to present.

Using the Earned Value Management (EVM), what does a Cost Variance (CV) of -1,200 mean?

A.

The project is over budget

B.

The project budget has reserves

C.

The project cost is in alignment with the budget

D.

The project is under budget

Full Access
Question # 18

What organizational structure combines the functional and project structures to create a hybrid of the two?

A.

Traditional

B.

Composite

C.

Project

D.

Matrix

Full Access
Question # 19

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

A.

A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

B.

A clear set of security policies and procedures that are more concept-based than controls-based

C.

A complete inventory of Information Technology assets including infrastructure, networks, applications and data

D.

A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

Full Access
Question # 20

Which of the following strategies provides the BEST response to a ransomware attack?

A.

Real-time off-site replication

B.

Daily incremental backup

C.

Daily full backup

D.

Daily differential backup

Full Access
Question # 21

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

A.

User awareness training for all employees

B.

Installation of new firewalls and intrusion detection systems

C.

Launch an internal awareness campaign

D.

Integrate security requirements into project inception

Full Access
Question # 22

Which of the following is the MOST effective method to counter phishing attacks?

A.

User awareness and training

B.

Host based Intrusion Detection System (IPS)

C.

Acceptable use guide signed by all system users

D.

Antispam solution

Full Access
Question # 23

Which of the following best summarizes the primary goal of a security program?

A.

Provide security reporting to all levels of an organization

B.

Create effective security awareness to employees

C.

Manage risk within the organization

D.

Assure regulatory compliance

Full Access
Question # 24

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

A.

Poorly configured firewalls

B.

Malware

C.

Advanced Persistent Threat (APT)

D.

An insider

Full Access
Question # 25

What is the difference between encryption and tokenization?

A.

Tokenization combined with hashing is always better than encryption

B.

Encryption can be mathematically reversed to provide the original information

C.

The token contains the all original information

D.

Tokenization can be mathematically reversed to provide the original information

Full Access
Question # 26

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

A.

The existing IT environment.

B.

The company business plan.

C.

The present IT budget.

D.

Other corporate technology trends.

Full Access
Question # 27

At what level of governance are individual projects monitored and managed?

A.

Program

B.

Milestone

C.

Enterprise

D.

Portfolio

Full Access
Question # 28

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

A.

Validate the effectiveness of current controls

B.

Create detailed remediation funding and staffing plans

C.

Report the audit findings and remediation status to business stake holders

D.

Review security procedures to determine if they need modified according to findings

Full Access
Question # 29

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

A.

Zero-day attack mitigation

B.

Preventive detection control

C.

Corrective security control

D.

Dynamic blocking control

Full Access
Question # 30

Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18

members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit

team, the project manager is convinced to add a quality professional to lead to test team at additional cost to

the project.

The project manager is aware of the importance of communication for the success of the project and takes the

step of introducing additional communication channels, making it more complex, in order to assure quality

levels of the project. What will be the first project management document that Smith should change in order to

accommodate additional communication channels?

A.

WBS document

B.

Scope statement

C.

Change control document

D.

Risk management plan

Full Access
Question # 31

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

A.

Destroy the repository of stolen data

B.

Contact your local law enforcement agency

C.

Consult with other C-Level executives to develop an action plan

D.

Contract with a credit reporting company for paid monitoring services for affected customers

Full Access
Question # 32

What is one key difference between Capital expenditures and Operating expenditures?

A.

Operating expense cannot be written off while Capital expense can

B.

Operating expenses can be depreciated over time and Capital expenses cannot

C.

Capital expenses cannot include salaries and Operating expenses can

D.

Capital expenditures allow for the cost to be depreciated over time and Operating does not

Full Access
Question # 33

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

A.

Upper management support

B.

More frequent project milestone meetings

C.

More training of staff members

D.

Involve internal audit

Full Access
Question # 34

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

A.

Security Governance

B.

Compliance management

C.

Vendor management

D.

Disaster recovery

Full Access
Question # 35

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

A.

Due Protection

B.

Due Care

C.

Due Compromise

D.

Due process

Full Access
Question # 36

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

A.

Information Technology Infrastructure Library (ITIL)

B.

International Organization for Standardization (ISO) standards

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

National Institute for Standards and Technology (NIST) standard

Full Access
Question # 37

Credit card information, medical data, and government records are all examples of:

A.

Confidential/Protected Information

B.

Bodily Information

C.

Territorial Information

D.

Communications Information

Full Access
Question # 38

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

A.

An independent Governance, Risk and Compliance organization

B.

Alignment of security goals with business goals

C.

Compliance with local privacy regulations

D.

Support from Legal and HR teams

Full Access
Question # 39

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

A.

International Organization for Standardizations – 22301 (ISO-22301)

B.

Information Technology Infrastructure Library (ITIL)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Full Access
Question # 40

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

A.

Inform peer executives of the audit results

B.

Validate gaps and accept or dispute the audit findings

C.

Create remediation plans to address program gaps

D.

Determine if security policies and procedures are adequate

Full Access
Question # 41

Who in the organization determines access to information?

A.

Legal department

B.

Compliance officer

C.

Data Owner

D.

Information security officer

Full Access
Question # 42

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

A.

In promiscuous mode and only detect malicious traffic.

B.

In-line and turn on blocking mode to stop malicious traffic.

C.

In promiscuous mode and block malicious traffic.

D.

In-line and turn on alert mode to stop malicious traffic.

Full Access
Question # 43

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

A.

Determine the risk tolerance

B.

Perform an asset classification

C.

Create an architecture gap analysis

D.

Analyze existing controls on systems

Full Access
Question # 44

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

A.

Identify threats, risks, impacts and vulnerabilities

B.

Decide how to manage risk

C.

Define the budget of the Information Security Management System

D.

Define Information Security Policy

Full Access
Question # 45

Physical security measures typically include which of the following components?

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Full Access
Question # 46

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Full Access
Question # 47

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Full Access
Question # 48

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Full Access
Question # 49

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Full Access
Question # 50

Which of the following backup sites takes the longest recovery time?

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Full Access
Question # 51

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Full Access
Question # 52

What type of attack requires the least amount of technical equipment and has the highest success rate?

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Full Access
Question # 53

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

A.

Session encryption

B.

Removing all stored procedures

C.

Input sanitization

D.

Library control

Full Access
Question # 54

The process of identifying and classifying assets is typically included in the

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Full Access
Question # 55

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Full Access
Question # 56

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Full Access
Question # 57

Risk that remains after risk mitigation is known as

A.

Persistent risk

B.

Residual risk

C.

Accepted risk

D.

Non-tolerated risk

Full Access
Question # 58

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Full Access
Question # 59

Which of the following intellectual Property components is focused on maintaining brand recognition?

A.

Trademark

B.

Patent

C.

Research Logs

D.

Copyright

Full Access
Question # 60

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

A.

Have internal audit conduct another audit to see what has changed.

B.

Contract with an external audit company to conduct an unbiased audit

C.

Review the recommendations and follow up to see if audit implemented the changes

D.

Meet with audit team to determine a timeline for corrections

Full Access
Question # 61

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Full Access
Question # 62

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

A.

Number of change orders rejected

B.

Number and length of planned outages

C.

Number of unplanned outages

D.

Number of change orders processed

Full Access
Question # 63

A stakeholder is a person or group:

A.

Vested in the success and/or failure of a project or initiative regardless of budget implications.

B.

Vested in the success and/or failure of a project or initiative and is tied to the project budget.

C.

That has budget authority.

D.

That will ultimately use the system.

Full Access
Question # 64

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

A.

Poor audit support for the security program

B.

A lack of executive presence within the security program

C.

Poor alignment of the security program to business needs

D.

This is normal since business units typically resist security requirements

Full Access
Question # 65

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

Full Access
Question # 66

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

Full Access
Question # 67

An example of professional unethical behavior is:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Full Access