512-50 Exam Details

  • Exam Code
    :512-50
  • Exam Name
    :EC-Council Information Security Manager (E|ISM)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :404 Q&As
  • Last Updated
    :Jul 14, 2026

EC-COUNCIL 512-50 Online Questions & Answers

  • Question 91:

    When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

    A. Download open source security tools and deploy them on your production network
    B. Download trial versions of commercially available security tools and deploy on your production network
    C. Download open source security tools from a trusted site, test, and then deploy on production network
    D. Download security tools from a trusted source and deploy to production network

  • Question 92:

    Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust

    existing security controls to ensure they are adequate for risk mitigation needs.

    You have identified potential solutions for all of your risks that do not have security controls.

    What is the NEXT step?

    A. Get approval from the board of directors
    B. Screen potential vendor solutions
    C. Verify that the cost of mitigation is less than the risk
    D. Create a risk metrics for all unmitigated risks

  • Question 93:

    SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

    The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

    A. Validate the effectiveness of current controls
    B. Create detailed remediation funding and staffing plans
    C. Report the audit findings and remediation status to business stake holders
    D. Review security procedures to determine if they need modified according to findings

  • Question 94:

    During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

    A. Identify and evaluate the existing controls.
    B. Disclose the threats and impacts to management.
    C. Identify information assets and the underlying systems.
    D. Identify and assess the risk assessment process used by management.

  • Question 95:

    From an information security perspective, information that no longer supports the main purpose of the business should be:

    A. assessed by a business impact analysis.
    B. protected under the information classification policy.
    C. analyzed under the data ownership policy.
    D. analyzed under the retention policy

  • Question 96:

    When creating contractual agreements and procurement processes why should security requirements be included?

    A. To make sure they are added on after the process is completed
    B. To make sure the costs of security is included and understood
    C. To make sure the security process aligns with the vendor's security process
    D. To make sure the patching process is included with the costs

  • Question 97:

    Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?

    A. Alignment with business goals
    B. ISO27000 accreditation
    C. PCI attestation of compliance
    D. Financial statements

  • Question 98:

    Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

    Your Corporate Information Security Policy should include which of the following?

    A. Information security theory
    B. Roles and responsibilities
    C. Incident response contacts
    D. Desktop configuration standards

  • Question 99:

    How often should an environment be monitored for cyber threats, risks, and exposures?

    A. Weekly
    B. Monthly
    C. Quarterly
    D. Daily

  • Question 100:

    Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

    From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO's approach to security?

    A. Lack of risk management process
    B. Lack of sponsorship from executive management
    C. IT security centric agenda
    D. Compliance centric agenda

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 512-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.