Download EC-Council Certified CISO.712-50.CertShared.2024-01-31.151q.vcex
| Vendor: | ECCouncil |
| Exam Code: | 712-50 |
| Exam Name: | EC-Council Certified CISO |
| Date: | Jan 31, 2024 |
| File Size: | 94 KB |
| Downloads: | 4 |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Discount: 20%
Demo Questions
Question 1
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?
- Providing a risk program governance structure
- Ensuring developers include risk control comments in code
- Creating risk assessment templates based on specific threats
- Allowing for the acceptance of risk for regulatory compliance requirements
Correct answer: A
Question 2
Regulatory requirements typically force organizations to implement
- Mandatory controls
- Discretionary controls
- Optional controls
- Financial controls
Correct answer: A
Question 3
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?
- Risk Avoidance
- Risk Acceptance
- Risk Transfer
- Risk Mitigation
Correct answer: C
Question 4
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
- Susceptibility to attack, mitigation response time, and cost
- Attack vectors, controls cost, and investigation staffing needs
- Vulnerability exploitation, attack recovery, and mean time to repair
- Susceptibility to attack, expected duration of attack, and mitigation availability
Correct answer: A
Question 5
Risk is defined as:
- Threat times vulnerability divided by control
- Advisory plus capability plus vulnerability
- Asset loss times likelihood of event
- Quantitative plus qualitative impact
Correct answer: A
Question 6
Which of the following intellectual Property components is focused on maintaining brand recognition?
- Trademark
- Patent
- Research Logs
- Copyright
Correct answer: A
Question 7
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?
- Enforce the existing security standards and do not allow the deployment of the new technology.
- Amend the standard to permit the deployment.
- If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
- Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
Correct answer: C
Question 8
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
- Data breach disclosure
- Consumer right disclosure
- Security incident disclosure
- Special circumstance disclosure
Correct answer: A
Question 9
What is the definition of Risk in Information Security?
- Risk = Probability x Impact
- Risk = Threat x Probability
- Risk = Financial Impact x Probability
- Risk = Impact x Threat
Correct answer: A
Question 10
When dealing with a risk management process, asset classification is important because it will impact the overall:
- Threat identification
- Risk monitoring
- Risk treatment
- Risk tolerance
Correct answer: C
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!