[2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily.pdf

712-50 Free Questions Good Demo For EC-Council 712-50 Exam [2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily 1. When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it A. In promiscuous mode and only detect malicious traffic. B. In-line and turn on blocking mode to stop malicious traffic. C. In promiscuous mode and block malicious traffic. D. In-line and turn on alert mode to stop malicious traffic. Answer: B 2. From an information security perspective, information that no longer supports the main purpose of the business should be: A. assessed by a business impact analysis. B. protected under the information classification policy. C. analyzed under the data ownership policy. D. analyzed under the retention policy Answer: D 3. An organization information security policy serves to A. establish budgetary input in order to meet compliance requirements B. establish acceptable systems and user behavior C. define security configurations for systems D. define relationships with external law enforcement agencies Answer: B 4. When managing the security architecture for your company you must consider: A. Security and IT Staff size B. Company Values C. Budget D. All of the above Answer: D 5. What is the main purpose of the Incident Response Team? A. Ensure efficient recovery and reinstate repaired systems B. Create effective policies detailing program activities C. Communicate details of information security incidents D. Provide current employee awareness programs Answer: A 6. You have recently drafted a revised information security policy. From whom should [2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization? A. Chief Information Security Officer B. Chief Executive Officer C. Chief Information Officer D. Chief Legal Counsel Answer: B 7. A global retail company is creating a new compliance management process . Which of the following regulations is of MOST importance to be tracked and managed by this process? A. Information Technology Infrastructure Library (ITIL) B. International Organization for Standardization (ISO) standards C. Payment Card Industry Data Security Standards (PCI-DSS) D. National Institute for Standards and Technology (NIST) standard Answer: C 8. What is a difference from the list below between quantitative and qualitative Risk Assessment? A. Quantitative risk assessments result in an exact number (in monetary terms) B. Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green) C. Qualitative risk assessments map to business objectives D. Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green) Answer: A 9. Risk that remains after risk mitigation is known as A. Persistent risk B. Residual risk C. Accepted risk D. Non-tolerated risk Answer: B 10. Quantitative Risk Assessments have the following advantages over qualitative risk assessments: A. They are objective and can express risk / cost in real numbers B. They are subjective and can be completed more quickly C. They are objective and express risk / cost in approximates [2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily D. They are subjective and can express risk /cost in real numbers Answer: A 11. What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard? A. Determine appetite B. Evaluate risk avoidance criteria C. Perform a risk assessment D. Mitigate risk Answer: D 12. The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of: A. Due Protection B. Due Care C. Due Compromise D. Due process Answer: B 13. A method to transfer risk is to: A. Implement redundancy B. move operations to another region C. purchase breach insurance D. Alignment with business operations Answer: C 14. What is the first thing that needs to be completed in order to create a security program for your organization? A. Risk assessment B. Security program budget C. Business continuity plan D. Compliance and regulatory analysis Answer: A 15. Which of the following is considered the MOST effective tool against social engineering? A. Anti-phishing tools B. Anti-malware tools [2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily C. Effective Security Vulnerability Management Program D. Effective Security awareness program Answer: D 16. An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase . What does this selection indicate? A. A high threat environment B. A low risk tolerance environment C. I low vulnerability environment D. A high risk tolerance environment Answer: D 17. Which of the following is a benefit of information security governance? A. Questioning the trust in vendor relationships. B. Increasing the risk of decisions based on incomplete management information. C. Direct involvement of senior management in developing control processes D. Reduction of the potential for civil and legal liability Answer: D 18. An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied . What is the NEXT logical step in applying the controls in the organization? A. Determine the risk tolerance B. Perform an asset classification C. Create an architecture gap analysis D. Analyze existing controls on systems Answer: B 19. An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System . Which of the following international standards can BEST assist this organization? A. International Organization for Standardizations C 27004 (ISO-27004) B. Payment Card Industry Data Security Standards (PCI-DSS) C. Control Objectives for Information Technology (COBIT) D. International Organization for Standardizations C 27005 (ISO-27005) Answer: A [2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily 20. A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units . Which of the following standards and guidelines can BEST address this organization’s need? A. International Organization for Standardizations C 22301 (ISO-22301) B. Information Technology Infrastructure Library (ITIL) C. Payment Card Industry Data Security Standards (PCI-DSS) D. International Organization for Standardizations C 27005 (ISO-27005) Answer: A 21. What should an organization do to ensure that they have a sound Business Continuity (BC) Plan? A. Test every three years to ensure that things work as planned B. Conduct periodic tabletop exercises to refine the BC plan C. Outsource the creation and execution of the BC plan to a third party vendor D. Conduct a Disaster Recovery (DR) exercise every year to test the plan Answer: B 22. The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for A. Confidentiality, Integrity and Availability B. Assurance, Compliance and Availability C. International Compliance D. Integrity and Availability Answer: A 23. Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes? A. Need to comply with breach disclosure laws B. Need to transfer the risk associated with hosting PII data C. Need to better understand the risk associated with using PII data D. Fiduciary responsibility to safeguard credit card information Answer: C 24. Which of the following is a weakness of an asset or group of assets that can be [2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily exploited by one or more threats? A. Threat B. Vulnerability C. Attack vector D. Exploitation Answer: B 25. After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of A. Risk Tolerance B. Qualitative risk analysis C. Risk Appetite D. Quantitative risk analysis Answer: D 26. According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first? A. Identify threats, risks, impacts and vulnerabilities B. Decide how to manage risk C. Define the budget of the Information Security Management System D. Define Information Security Policy Answer: D 27. Risk is defined as: A. Threat times vulnerability divided by control B. Advisory plus capability plus vulnerability C. Asset loss times likelihood of event D. Quantitative plus qualitative impact Answer: A 28. Developing effective security controls is a balance between: A. Risk Management and Operations B. Corporate Culture and Job Expectations C. Operations and Regulations D. Technology and Vendor Management Answer: A 29. In which of the following cases, would an organization be more prone to risk [2022] Great 712-50 Exam Questions - Pass EC-Council 712-50 Exam Easily acceptance vs. risk mitigation? A. The organization uses exclusively a quantitative process to measure risk B. The organization uses exclusively a qualitative process to measure risk C. The organization’s risk tolerance is high D. The organization’s risk tolerance is lo Answer: C 30. Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as: A. Risk management B. Security management C. Mitigation management D. Compliance management Answer: D 31. Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program? A. Reduction of budget B. Decreased security awareness C. Improper use of information resources D. Fines for regulatory non-compliance Answer: D 32. Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions? A. Security officer B. Data owner C. Vulnerability engineer D. System administrator Answer: D 33. Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization? A. Poses a strong technical background B. Understand all regulations affecting the organization C. Understand the business goals of the organization D. Poses a strong auditing background Answer: C 34. A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure . What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability? A. Scan a representative sample of systems B. Perform the scans only during off-business hours C. Decrease the vulnerabilities within the scan tool settings D. Filter the scan output so only pertinent data is analyzed Answer: A 35. Who in the organization determines access to information? A. Legal department B. Compliance officer C. Data Owner D. Information security officer Answer: C Go To 712-50 Exam Questions Full Version