[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 221-230

Get Full Version of the Exam

Question No.221

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

  1. Failed to identify all stakeholders and their needs

  2. Deployed the encryption solution in an inadequate manner

  3. Used 1024 bit encryption when 256 bit would have sufficed

  4. Used hardware encryption instead of software encryption

Correct Answer: A

Question No.222

Which business stakeholder is accountable for the integrity of a new information system?

  1. CISO

  2. Compliance Officer

  3. Project manager

  4. Board of directors

Correct Answer: A

Question No.223

When should IT security project management be outsourced?

  1. When organizational resources are limited

  2. When the benefits of outsourcing outweigh the inherent risks of outsourcing

  3. On new, enterprise-wide security initiatives

  4. On projects not forecasted in the yearly budget

Correct Answer: B

Question No.224

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

  1. Provide clear communication of security requirements throughout the organization

  2. Demonstrate executive support with written mandates for security policy adherence

  3. Create collaborative risk management approaches within the organization

  4. Perform increased audits of security processes and procedures

Correct Answer: C

Question No.225

The ultimate goal of an IT security projects is:

  1. Increase stock value

  2. Complete security

  3. Support business requirements

  4. Implement information security policies

Correct Answer: C

Question No.226

When is an application security development project complete?

  1. When the application is retired.

  2. When the application turned over to production.

  3. When the application reaches the maintenance phase.

  4. After one year.

Correct Answer: A

Question No.227

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

  1. low risk-tolerance

  2. high risk-tolerance

  3. moderate risk-tolerance

  4. medium-high risk-tolerance

Correct Answer: A

Question No.228

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

  1. Poor audit support for the security program

  2. A lack of executive presence within the security program

  3. Poor alignment of the security program to business needs

  4. This is normal since business units typically resist security requirements

Correct Answer: C

Question No.229

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

  1. Ineffective configuration management controls

  2. Lack of change management controls

  3. Lack of version/source controls

  4. High turnover in the application development department

Correct Answer: C

Question No.230

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

  1. Quarterly

  2. Semi-annually

  3. Bi-annually

  4. Annually

Correct Answer: D

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF