
Pass Your Exam With 100% Verified 712-50 Exam Questions
712-50 Dumps PDF - 712-50 Real Exam Questions Answers
There are multiple professional exams that claim to take the career of an IT specialist at a new horizon. However, we hardly see anyone coming near to the EC-Council 712-50 exam. By imparting a broad-spectrum understanding of cybersecurity concepts, leadership, and communication skills, this test leverages the growth of IT enthusiasts commendably.
NEW QUESTION 106
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
- A. The organization uses exclusively a qualitative process to measure risk
- B. The organization's risk tolerance is high
- C. The organization uses exclusively a quantitative process to measure risk
- D. The organization's risk tolerance is low
Answer: B
Explanation:
Explanation/Reference:
NEW QUESTION 107
A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?
- A. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
- B. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.
- C. If the findings do not impact regulatory compliance, review current security controls.
- D. If the findings impact regulatory compliance, remediate the high findings as quickly as possible.
Answer: D
NEW QUESTION 108
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
- A. Packet sampling
- B. Heuristic analysis
- C. Traffic Analysis
- D. Deep-Packet inspection
Answer: D
NEW QUESTION 109
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?
- A. Multi-factor authentication employing hard tokens
- B. Professional user education on phishing conducted by a reputable vendor
- C. Decreasing the number of employees with administrator privileges
- D. Forcing password changes every 90 days
Answer: A
NEW QUESTION 110
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?
- A. Outsource the creation and execution of the BC plan to a third party vendor
- B. Conduct periodic tabletop exercises to refine the BC plan
- C. Conduct a Disaster Recovery (DR) exercise every year to test the plan
- D. Test every three years to ensure that things work as planned
Answer: B
NEW QUESTION 111
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. The organization has already been subject to a significant amount of credit card fraud.
Which of the following is the MOST likely reason for this fraud?
- A. Lack of technical controls when dealing with credit card data
- B. Security practices not in alignment with ISO 27000 frameworks
- C. Lack of compliance to the Payment Card Industry (PCI) standards
- D. Ineffective security awareness program
Answer: C
NEW QUESTION 112
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes.
Which of the following represents the MOST LIKELY cause of this situation?
- A. Poor alignment of the security program to business needs
- B. A lack of executive presence within the security program
- C. This is normal since business units typically resist security requirements
- D. Poor audit support for the security program
Answer: A
Explanation:
Explanation/Reference:
NEW QUESTION 113
A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions.
This activity BEST demonstrates what part of a security program?
- A. Compliance management
- B. Physical control testing
- C. Security awareness training
- D. Audit validation
Answer: A
NEW QUESTION 114
Which of the following is true regarding expenditures?
- A. Capital expenditures are used to define depreciation tables of intangible assets
- B. Operating expenditures are for acquiring assets, capital expenditures are for support costs of that asset
- C. Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that asset
- D. Capital expenditures are never taxable
Answer: C
NEW QUESTION 115
As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?
- A. Nothing, this falls outside your area of influence.
- B. Have a risk assessment performed.
- C. Post a guard at the door to maintain physical security
- D. Close and chain the door shut and send a company-wide memo banning the practice.
Answer: B
NEW QUESTION 116
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
- A. Never
- B. Annually
- C. Quarterly
- D. Semi-annually
Answer: A
NEW QUESTION 117
In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?
- A. Every 12 months
- B. Every 6 months
- C. Every 18 months
- D. High risk environments 6 months, low-risk environments 12 months
Answer: A
NEW QUESTION 118
A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?
- A. Meet with audit team to determine a timeline for corrections
- B. Review the recommendations and follow up to see if audit implemented the changes
- C. Have internal audit conduct another audit to see what has changed.
- D. Contract with an external audit company to conduct an unbiased audit
Answer: B
NEW QUESTION 119
The company decides to release the application without remediating the high-risk vulnerabilities.
Which of the following is the MOST likely reason for the company to release the application?
- A. The company does not believe the security vulnerabilities to be real
- B. The company has a high risk tolerance
- C. The company lacks the tools to perform a vulnerability assessment
- D. The company lacks a risk management process
Answer: B
NEW QUESTION 120
Which of the following is critical in creating a security program aligned with an organization's goals?
- A. Create security awareness programs that include clear definition of security program goals and charters
- B. Develop a culture in which users, managers and IT professionals all make good decisions about information risk
- C. Ensure security budgets enable technical acquisition and resource allocation based in internal compliance requirements
- D. Provide clear communication of security program support requirements and audit schedules
Answer: B
NEW QUESTION 121
An organization's Information Security Policy is of MOST importance because_____________.
- A. It defines a process to meet compliance requirements
- B. It is formally acknowledged by all employees and vendors
- C. It establishes a framework to protect confidential information
- D. It communicates management's commitment to protecting information resources
Answer: D
Explanation:
Explanation
NEW QUESTION 122
Which of the following is considered the MOST effective tool against social engineering?
- A. Effective Security awareness program
- B. Anti-malware tools
- C. Effective Security Vulnerability Management Program
- D. Anti-phishing tools
Answer: A
NEW QUESTION 123
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient.
Which of the following keys should be used to encrypt the message?
- A. the recipient's private key
- B. Your public key
- C. The recipient's public key
- D. Certificate authority key
Answer: C
NEW QUESTION 124
The ultimate goal of an IT security projects is:
- A. Increase stock value
- B. Complete security
- C. Implement information security policies
- D. Support business requirements
Answer: D
NEW QUESTION 125
An information security department is required to remediate system vulnerabilities when they are discovered.
Please select the three primary remediation methods that can be used on an affected system.
- A. Discover software, remove affected software, apply software patch
- B. Software removal, install software patch, maintain system
- C. Install software patch, operate system, maintain system
- D. Install software patch, configuration adjustment, software removal
Answer: D
NEW QUESTION 126
What is the definition of Risk in Information Security?
- A. Risk = Financial Impact x Probability
- B. Risk = Threat x Probability
- C. Risk = Impact x Threat
- D. Risk = Probability x Impact
Answer: D
NEW QUESTION 127
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first.
How can you minimize risk to your most sensitive information before granting access?
- A. Develop an Information Security Awareness program
- B. Conduct background checks on individuals before hiring them
- C. Set your firewall permissions aggressively and monitor logs regularly.
- D. Monitor employee drowsing and surfing habits
Answer: B
NEW QUESTION 128
Which of the following is a benefit of a risk-based approach to audit planning?
- A. Resources are allocated to the areas of the highest concern
- B. Budgets are more likely to be met by the IT audit staff
- C. Staff will be exposed to a variety of technologies
- D. Scheduling may be performed months in advance
Answer: A
NEW QUESTION 129
As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?
- A. Recovery Time Objective (RTO)
- B. Recovery Point Objective (RPO)
- C. Business Continuity Plan
- D. Disaster Recovery Plan
Answer: C
NEW QUESTION 130
......
712-50 Dumps 100 Pass Guarantee With Latest Demo: https://www.verifieddumps.com/712-50-valid-exam-braindumps.html
Prepare 712-50 Question Answers Free Update With 100% Exam Passing Guarantee [2022]: https://drive.google.com/open?id=1006I0FS2y_nN0akFYO3QFRknzS1jmitx
