[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 31-40

Get Full Version of the Exam

Question No.31

Ensuring that the actions of a set of people, applications and systems follow the organization#39;s rules is BEST described as:

  1. Risk management

  2. Security management

  3. Mitigation management

  4. Compliance management

Correct Answer: D

Question No.32

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

  1. The organization uses exclusively a quantitative process to measure risk

  2. The organization uses exclusively a qualitative process to measure risk

  3. The organization#39;s risk tolerance is high

  4. The organization#39;s risk tolerance is lo

Correct Answer: C

Question No.33

A method to transfer risk is to:

  1. Implement redundancy

  2. move operations to another region

  3. purchase breach insurance

  4. Alignment with business operations

Correct Answer: C

Question No.34

Which of the following is MOST important when dealing with an Information Security Steering committee:

  1. Include a mix of members from different departments and staff levels.

  2. Ensure that security policies and procedures have been vetted and approved.

  3. Review all past audit and compliance reports.

  4. Be briefed about new trends and products at each meeting by a vendor.

Correct Answer: C

Question No.35

Which of the following is MOST likely to be discretionary?

  1. Policies

  2. Procedures

  3. Guidelines

  4. Standards

Correct Answer: C

Question No.36

The success of the Chief Information Security Officer is MOST dependent upon:

  1. favorable audit findings

  2. following the recommendations of consultants and contractors

  3. development of relationships with organization executives

  4. raising awareness of security issues with end users

Correct Answer: C

Question No.37

Within an organization#39;s vulnerability management program, who has the responsibility to implement remediation actions?

  1. Security officer

  2. Data owner

  3. Vulnerability engineer

  4. System administrator

Correct Answer: D

Question No.38

Risk that remains after risk mitigation is known as

  1. Persistent risk

  2. Residual risk

  3. Accepted risk

  4. Non-tolerated risk

Correct Answer: B

Question No.39

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

  1. Technology governance defines technology policies and standards while security governance does not.

  2. Security governance defines technology best practices and Information Technology governance does not.

  3. Technology Governance is focused on process risks whereas Security Governance is focused on business risk.

  4. The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Correct Answer: D

Question No.40

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

  1. When there is a need to develop a more unified incident response capability.

  2. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

  3. When there is a variety of technologies deployed in the infrastructure.

  4. When it results in an overall lower cost of operating the security program.

Correct Answer: B

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF