[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 171-180

Get Full Version of the Exam

Question No.171

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

  1. Perform an audit to measure the control formally

  2. Escalate the issue to the IT organization

  3. Perform a risk assessment to measure risk

  4. Establish Key Risk Indicators

Correct Answer: C

Question No.172

Assigning the role and responsibility of Information Assurance to a dedicated and independent

security group is an example of:

  1. Detective Controls

  2. Proactive Controls

  3. Preemptive Controls

  4. Organizational Controls

Correct Answer: D

Question No.173

To get an Information Security project back on schedule, which of the following will provide the MOST help?

  1. Upper management support

  2. More frequent project milestone meetings

  3. Stakeholder support

  4. Extend work hours

Correct Answer: A

Question No.174

Your company has a quot;no right to privacyquot; notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee#39;s email account. What should you do? (choose the BEST answer):

  1. Grant her access, the employee has been adequately warned through the AUP.

  2. Assist her with the request, but only after her supervisor signs off on the action.

  3. Reset the employee#39;s password and give it to the supervisor.

  4. Deny the request citing national privacy laws.

Correct Answer: B

Question No.175

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (Choose the best answer):

  1. Deploy a SEIM solution and have current staff review incidents first thing in the morning

  2. Contract with a managed security provider and have current staff on recall for incident response

  3. Configure your syslog to send SMS messages to current staff when target events are triggered

  4. Employ an assumption of breach protocol and defend only essential information resources

Correct Answer: B

Question No.176

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

  1. Time zone differences

  2. Compliance to local hiring laws

  3. Encryption import/export regulations

  4. Local customer privacy laws

Correct Answer: C

Question No.177

An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

  1. The CISO

  2. Audit and Compliance

  3. The CFO

  4. The business owner

Correct Answer: D

Question No.178

Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

  1. Risk Management

  2. Risk Assessment

  3. System Testing

  4. Vulnerability Assessment

Correct Answer: B

Question No.179

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

  1. tell him to shut down the server

  2. tell him to call the police

  3. tell him to invoke the incident response process

  4. tell him to analyze the problem, preserve the evidence and provide a full analysis and report

Correct Answer: C

Question No.180

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

  1. At the time the security services are being performed and the vendor needs access to the network

  2. Once the agreement has been signed and the security vendor states that they will need access to the network

  3. Once the vendor is on premise and before they perform security services

  4. Prior to signing the agreement and before any security services are being performed

Correct Answer: D

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF