Perfect EC-Council Certified CISO 712-50 Dumps To Test Yourself

test2022-06-23T03:57:07+00:00

By test 712-50 Dumps, 712-50 practice exam, 712-50 questions and answers, EC-Council Certified CISO 0 Comments

If you want to pass EC-Council Certified CISO 712-50 exam, FreeTestShare is the place to go. 712-50 dumps have been updated with real exam questions and answers to help you prepare well for the 712-50 exam. We guarantee that you will have a better understanding of the EC-Council Certified CISO 712-50 exam topics and patterns. To ensure that all test questions are true and valid, they have been corrected and updated. You can also practice the actual exam questions online. FreeTestShare 712-50 dumps include real exam questions and answers, allowing you to pass the exam on the first try.

Test yourself with these 712-50 practice exam questions now!

Page 1 of 5

1. An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations .

What authentication method is being used?

Shared key

Asynchronous

Open

None

2. Which of the following statements below regarding Key Performance indicators (KPIs) are true?

Development of KPI’s are most useful when done independently

They are a strictly quantitative measure of success

They should be standard throughout the organization versus domain-specific so they are more easily correlated

They are a strictly qualitative measure of success

3. SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability. This demonstrates which of the following?

An approach that allows for minimum budget impact if the solution is unsuitable

A methodology-based approach to ensure authentication mechanism functions

An approach providing minimum time impact to the implementation schedules

A risk-based approach to determine if the solution is suitable for investment

4. Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

The Net Present Value (NPV) of the project is positive

The NPV of the project is negative

The Return on Investment (ROI) is larger than 10 months

The ROI is lower than 10 months

5. Which type of scan is used on the eye to measure the layer of blood vessels?

Facial recognition scan

Iris scan

Signature kinetics scan

Retinal scan

6. Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Using the best business practices for project management, you determine that the project correctly aligns with the organization goals .

What should be verified next?

Scope

Budget

Resources

Constraints

7. When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?

Oversees the organization’s day-to-day operations, creating the policies and strategies that govern operations

Enlisting support from key executives the information security program budget and policies

Charged with developing and implementing policies designed to protect employees and customers’ data from unauthorized access

Responsible for the success or failure of the IT organization and setting strategic direction

8. As the CISO, you have been tasked with the execution of the company’s key management program. You MUST ensure the integrity of encryption keys at the point of generation .

Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?

Dual Control

Separation of Duties

Split Knowledge

Least Privilege

9. The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

Safeguard Value

Cost Benefit Analysis

Single Loss Expectancy

Life Cycle Loss Expectancy

10. Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When formulating the remediation plan, what is a required input?

Board of directors

Risk assessment

Patching history

Latest virus definitions file

Page 2 of 5

11. From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

Has a direct correlation with the CISO’s budget

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

Represents the sum of all capital expenditures

Represents the percentage of earnings that could in part be used to finance future security controls

12. The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials .

Which of following physical security measures should the administrator use?

Video surveillance

Mantrap

Bollards

Fence

13. The primary responsibility for assigning entitlements to a network share lies with which role?

CISO

Data owner

Chief Information Officer (CIO)

Security system administrator

14. When managing a project, the MOST important activity in managing the expectations of stakeholders is:

To force stakeholders to commit ample resources to support the project

To facilitate proper communication regarding outcomes

To assure stakeholders commit to the project start and end dates in writing

To finalize detailed scope of the project at project initiation

15. Which of the following terms is used to describe countermeasures implemented to minimize risks to physical property, information, and computing systems?

Security frameworks

Security policies

Security awareness

Security controls

16. When project costs continually increase throughout implementation due to large or rapid changes in customer or user requirements, this is commonly known as:

Cost/benefit adjustments

Scope creep

Prototype issues

Expectations management

17. Which of the following is the MOST logical method of deploying security controls within an organization?

Obtain funding for all desired controls and then create project plans for implementation

Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult and costly controls

Apply the least costly controls to demonstrate positive program activity

Obtain business unit buy-in through close communication and coordination

18. What are the common data hiding techniques used by criminals?

Unallocated space and masking

Website defacement and log manipulation

Disabled Logging and admin elevation

Encryption, Steganography, and Changing Metadata/Timestamps

19. What is the primary reason for performing a return on investment analysis?

To decide between multiple vendors

To decide is the solution costs less than the risk it is mitigating

To determine the current present value of a project

To determine the annual rate of loss

20. What are the three stages of an identity and access management system?

Authentication, Authorize, Validation

Provision, Administration, Enforcement

Administration, Validation, Protect

Provision, Administration, Authentication

Page 3 of 5

21. As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.

Which is the BEST type of risk that defines this event?

Compliance Risk

Reputation Risk

Operational Risk

Strategic Risk

22. Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

The organization has already been subject to a significant amount of credit card fraud .

Which of the following is the MOST likely reason for this fraud?

Lack of compliance to the Payment Card Industry (PCI) standards

Ineffective security awareness program

Security practices not in alignment with ISO 27000 frameworks

Lack of technical controls when dealing with credit card data

23. What is the MOST critical output of the incident response process?

A complete document of all involved team members and the support they provided

Recovery of all data from affected systems

Lessons learned from the incident, so they can be incorporated into the incident response processes

Clearly defined documents detailing standard evidence collection and preservation processes

24. Which of the following is a symmetric encryption algorithm?

3DES

MD5

ECC

RSA

25. The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

Security certification

Security system analysis

Security accreditation

Alignment with business practices and goals.

26. Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

Cite compliance with laws, statutes, and regulations C explaining the financial implications for the company for non-compliance

Understand the business and focus your efforts on enabling operations securely

Draw from your experience and recount stories of how other companies have been compromised

Cite corporate policy and insist on compliance with audit findings

27. Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.

To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

Business Impact Analysis

Business Continuity plan

Security roadmap

Annual report to shareholders

28. A CISO has implemented a risk management capability within the security portfolio .

Which of the following terms best describes this functionality?

Service

Program

Portfolio

Cost center

29. Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

Upper management support

More frequent project milestone meetings

More training of staff members

Involve internal audit

30. Which of the following are the triple constraints of project management?

Time, quality, and scope

Cost, quality, and time

Scope, time, and cost

Quality, scope, and cost

Page 4 of 5

31. As the CISO you need to write the IT security strategic plan .

Which of the following is the MOST important to review before you start writing the plan?

The existing IT environment.

The company business plan.

The present IT budget.

Other corporate technology trends.

32. Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?

Purge

Clear

Mangle

Destroy

33. The newly appointed CISO of an organization is reviewing the IT security strategic plan .

Which of the following is the MOST important component of the strategic plan?

There is integration between IT security and business staffing.

There is a clear definition of the IT security mission and vision.

There is an auditing methodology in place.

The plan requires return on investment for all security projects.

34. SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

Begin initial gap remediation analyses

Review the security organization’s charter

Validate gaps with the Information Technology team

Create a briefing of the findings for executive management

35. Which of the following is the MOST important reason for performing assessments of the security portfolio?

To assure that the portfolio is aligned to the needs of the broader organization

To create executive support of the portfolio

To discover new technologies and processes for implementation within the portfolio

To provide independent 3rd party reviews of security effectiveness

36. Who is responsible for verifying that audit directives are implemented?

IT Management

Internal Audit

IT Security

BOD Audit Committee

37. What are the three hierarchically related aspects of strategic planning and in which order should they be done?

1) Information technology strategic planning, 2) Enterprise strategic planning, 3) Cybersecurity or information security strategic planning

1) Cybersecurity or information security strategic planning, 2) Enterprise strategic planning, 3) Information technology strategic planning

1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or information security strategic planning

1) Enterprise strategic planning, 2) Cybersecurity or information security strategic planning, 3) Information technology strategic planning

38. The formal certification and accreditation process has four primary steps, what are they?

Evaluating, describing, testing and authorizing

Evaluating, purchasing, testing, authorizing

Auditing, documenting, verifying, certifying

Discovery, testing, authorizing, certifying

39. Acceptable levels of information security risk tolerance in an organization should be determined by?

Corporate legal counsel

CISO with reference to the company goals

CEO and board of director

Corporate compliance committee

40. The total cost of security controls should:

Be equal to the value of the information resource being protected

Be greater than the value of the information resource being protected

Be less than the value of the information resource being protected

Should not matter, as long as the information resource is protected

Page 5 of 5

41. Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

The organization wants a more permanent solution to the threat to user credential compromise through phishing .

What technical solution would BEST address this issue?

Professional user education on phishing conducted by a reputable vendor

Multi-factor authentication employing hard tokens

Forcing password changes every 90 days

Decreasing the number of employees with administrator privileges

42. What key technology can mitigate ransomware threats?

Use immutable data storage

Phishing exercises

Application of multiple end point anti-malware solutions

Blocking use of wireless networks

43. A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).

In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?

Recovery Point Objective (RPO)

Mean Time to Delivery (MTD)

Recovery Time Objective (RTO)

Maximum Tolerable Downtime (MTD)

44. Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

How can you reduce the administrative burden of distributing symmetric keys for your employer?

Use asymmetric encryption for the automated distribution of the symmetric key

Use a self-generated key on both ends to eliminate the need for distribution

Use certificate authority to distribute private keys

Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it

45. An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.

What is the MOST likely reason why the sensitive data was posted?

The DLP Solution was not integrated with mobile device anti-malware

Data classification was not properly performed on the assets

The sensitive data was not encrypted while at rest

A risk assessment was not performed after purchasing the DLP solution

46. Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization.

From an organizational perspective, which of the following is the LIKELY reason for this?

The CISO does not report directly to the CEO of the organization

The CISO reports to the IT organization

The CISO has not implemented a policy management framework

The CISO has not implemented a security awareness program

47. A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:

Inability to export the private certificate/key

It can double as physical identification at the DMV

It has the user’s photograph to help ID them

It can be used as a secure flash drive

48. A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization .

Which of the following principles does this best demonstrate?

Effective use of existing technologies

Create a comprehensive security awareness program and provide success metrics to business units

Proper budget management

Leveraging existing implementations

Perfect EC-Council Certified CISO 712-50 Dumps To Test Yourself

Perfect EC-Council Certified CISO 712-50 Dumps To Test Yourself

Share this post

Author

Leave a Reply Cancel reply

Related Posts