[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 51-60

Get Full Version of the Exam

Question No.51

The alerting, monitoring and life-cycle management of security related events is typically handled by the

  1. security threat and vulnerability management process

  2. risk assessment process

  3. risk management process

  4. governance, risk, and compliance tools

Correct Answer: A

Question No.52

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

  1. Enforce the existing security standards and do not allow the deployment of the new technology.

  2. Amend the standard to permit the deployment.

  3. If the risks associated with that technology are not already identified, perform a risk analysis to

    quantify the risk, and allow the business unit to proceed based on the identified risk level.

  4. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

Correct Answer: C

Question No.53

Who in the organization determines access to information?

  1. Legal department

  2. Compliance officer

  3. Data Owner

  4. Information security officer

Correct Answer: C

Question No.54

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

  1. Identify threats, risks, impacts and vulnerabilities

  2. Decide how to manage risk

  3. Define the budget of the Information Security Management System

  4. Define Information Security Policy

Correct Answer: D

Question No.55

One of the MAIN goals of a Business Continuity Plan is to

  1. Ensure all infrastructure and applications are available in the event of a disaster

  2. Allow all technical first-responders to understand their roles in the event of a disaster

  3. Provide step by step plans to recover business processes in the event of a disaster

  4. Assign responsibilities to the technical teams responsible for the recovery of all data.

Correct Answer: C

Question No.56

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

  1. They are objective and can express risk / cost in real numbers

  2. They are subjective and can be completed more quickly

  3. They are objective and express risk / cost in approximates

  4. They are subjective and can express risk /cost in real numbers

Correct Answer: A

Question No.57

Which of the following provides an audit framework?

  1. Control Objectives for IT (COBIT)

  2. Payment Card Industry-Data Security Standard (PCI-DSS)

  3. International Organization Standard (ISO) 27002

  4. National Institute of Standards and Technology (NIST) SP 800-30

Correct Answer: A

Question No.58

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

  1. In promiscuous mode and only detect malicious traffic.

  2. In-line and turn on blocking mode to stop malicious traffic.

  3. In promiscuous mode and block malicious traffic.

  4. In-line and turn on alert mode to stop malicious traffic.

Correct Answer: B

Question No.59

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

  1. information security metrics.

  2. knowledge required to analyze each issue.

  3. baseline against which metrics are evaluated.

  4. linkage to business area objectives.

Correct Answer: D

Question No.60

What is the main purpose of the Incident Response Team?

  1. Ensure efficient recovery and reinstate repaired systems

  2. Create effective policies detailing program activities

  3. Communicate details of information security incidents

  4. Provide current employee awareness programs

Correct Answer: A

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF