[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 161-170

Get Full Version of the Exam

Question No.161

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

  1. Determine the annual loss expectancy (ALE)

  2. Create a crisis management plan

  3. Create technology recovery plans

  4. Build a secondary hot site

Correct Answer: C

Question No.162

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

  1. The asset is more expensive than the remediation

  2. The audit finding is incorrect

  3. The asset being protected is less valuable than the remediation costs

  4. The remediation costs are irrelevant; it must be implemented regardless of cost.

Correct Answer: C

Question No.163

Which of the following set of processes is considered to be one of the cornerstone cycles of the

International Organization for Standardization (ISO) 27001 standard?

  1. Plan-Check-Do-Act

  2. Plan-Do-Check-Act

  3. Plan-Select-Implement-Evaluate

  4. SCORE (Security Consensus Operational Readiness Evaluation)

Correct Answer: B

Question No.164

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

  1. ISO 27001

  2. PRINCE2

  3. ISO 27004

  4. ITILv3

Correct Answer: C

Question No.165

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

  1. To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

  2. To provide a common basis for developing organizational security standards

  3. To provide effective security management practice and to provide confidence in inter- organizational dealings

  4. To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Correct Answer: D

Question No.166

Which of the following activities must be completed BEFORE you can calculate risk?

  1. Determining the likelihood that vulnerable systems will be attacked by specific threats

  2. Calculating the risks to which assets are exposed in their current setting

  3. Assigning a value to each information asset

  4. Assessing the relative risk facing the organization#39;s information assets

Correct Answer: C

Question No.167

Control Objectives for Information and Related Technology (COBIT) is which of the following?

  1. An Information Security audit standard

  2. An audit guideline for certifying secure systems and controls

  3. A framework for Information Technology management and governance

  4. A set of international regulations for Information Technology governance

Correct Answer: C

Question No.168

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

  1. Number of callers who report security issues.

  2. Number of callers who report a lack of customer service from the call center

  3. Number of successful social engineering attempts on the call center

  4. Number of callers who abandon the call before speaking with a representative

Correct Answer: C

Question No.169

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

  1. Single Loss Expectancy (SLE)

  2. Exposure Factor (EF)

  3. Annualized Rate of Occurrence (ARO)

  4. Temporal Probability (TP)

Correct Answer: C

Question No.170

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

  1. assign the responsibility to the information security team.

  2. assign the responsibility to the team responsible for the management of the controls.

  3. create operational reports on the effectiveness of the controls.

  4. perform an independent audit of the security controls.

Correct Answer: D

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF