[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 81-90

Get Full Version of the Exam

Question No.81

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

  1. An independent Governance, Risk and Compliance organization

  2. Alignment of security goals with business goals

  3. Compliance with local privacy regulations

  4. Support from Legal and HR teams

Correct Answer: B

Question No.82

Which of the following most commonly falls within the scope of an information security governance steering committee?

  1. Approving access to critical financial systems

  2. Developing content for security awareness programs

  3. Interviewing candidates for information security specialist positions

  4. Vetting information security policies

Correct Answer: D

Question No.83

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

  1. Need to comply with breach disclosure laws

  2. Need to transfer the risk associated with hosting PII data

  3. Need to better understand the risk associated with using PII data

  4. Fiduciary responsibility to safeguard credit card information

Correct Answer: C

Question No.84

When dealing with a risk management process, asset classification is important because it will impact the overall:

  1. Threat identification

  2. Risk monitoring

  3. Risk treatment

  4. Risk tolerance

Correct Answer: C

Question No.85

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

  1. Contacting the Internet Service Provider for an IP scope

  2. Getting authority to operate the system from executive management

  3. Changing the default passwords

  4. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Correct Answer: B

Question No.86

Risk is defined as:

  1. Threat times vulnerability divided by control

  2. Advisory plus capability plus vulnerability

  3. Asset loss times likelihood of event

  4. Quantitative plus qualitative impact

Correct Answer: A

Question No.87

What is the BEST way to achieve on-going compliance monitoring in an organization?

  1. Only check compliance right before the auditors are scheduled to arrive onsite.

  2. Outsource compliance to a 3rd party vendor and let them manage the program.

  3. Have Compliance and Information Security partner to correct issues as they arise.

  4. Have Compliance direct Information Security to fix issues after the auditors report.

Correct Answer: C

Question No.88

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

  1. The asset owner

  2. The asset manager

  3. The data custodian

  4. The project manager

Correct Answer: A

Question No.89

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

  1. Internal audit

  2. The data owner

  3. All executive staff

  4. Government regulators

Correct Answer: B

Question No.90

The exposure factor of a threat to your organization is defined by?

  1. Asset value times exposure factor

  2. Annual rate of occurrence

  3. Annual loss expectancy minus current cost of controls

  4. Percentage of loss experienced due to a realized threat event

Correct Answer: D

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF