[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 331-340

Get Full Version of the Exam

Question No.331

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the quot;real workers.quot; What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

  1. Cite compliance with laws, statutes, and regulations ?explaining the financial implications for the

    company for non-compliance

  2. Understand the business and focus your efforts on enabling operations securely

  3. Draw from your experience and recount stories of how other companies have been compromised

  4. Cite corporate policy and insist on compliance with audit findings

Correct Answer: B

Question No.332

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first.

How can you minimize risk to your most sensitive information before granting access?

  1. Conduct background checks on individuals before hiring them

  2. Develop an Information Security Awareness program

  3. Monitor employee browsing and surfing habits

  4. Set your firewall permissions aggressively and monitor logs regularly.

Correct Answer: A

Question No.333

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

  1. Lack of compliance to the Payment Card Industry (PCI) standards

  2. Ineffective security awareness program

  3. Security practices not in alignment with ISO 27000 frameworks

  4. Lack of technical controls when dealing with credit card data

Correct Answer: A

Question No.334

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives. Symmetric encryption in general is preferable to asymmetric encryption when:

  1. The number of unique communication links is large

  2. The volume of data being transmitted is small

  3. The speed of the encryption / deciphering process is essential

  4. The distance to the end node is farthest away

Correct Answer: C

Question No.335

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. When multiple regulations or standards apply to your industry you should set controls to meet the:

  1. Easiest regulation or standard to implement

  2. Stricter regulation or standard

  3. Most complex standard to implement

  4. Recommendations of your Legal Staff

Correct Answer: A

Question No.336

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

  1. The Net Present Value (NPV) of the project is positive

  2. The NPV of the project is negative

  3. The Return on Investment (ROI) is larger than 10 months

  4. The ROI is lower than 10 months

Correct Answer: B

Question No.337

Which of the following is MOST useful when developing a business case for security initiatives?

  1. Budget forecasts

  2. Request for proposals

  3. Cost/benefit analysis

  4. Vendor management

Correct Answer: C

Question No.338

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

  1. Destroy the repository of stolen data

  2. Contact your local law enforcement agency

  3. Consult with other C-Level executives to develop an action plan

  4. Contract with a credit reporting company for paid monitoring services for affected customers

Correct Answer: C

Question No.339

Which of the following provides an independent assessment of a vendor#39;s internal security controls and overall posture?

  1. Alignment with business goals

  2. ISO27000 accreditation

  3. PCI attestation of compliance

  4. Financial statements

Correct Answer: B

Question No.340

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

  1. Get approval from the board of directors

  2. Screen potential vendor solutions

  3. Verify that the cost of mitigation is less than the risk

  4. Create a risk metrics for all unmitigated risks

Correct Answer: C


Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF