1. Home
  2. EC-COUNCIL
  3. 512-50

EC-COUNCIL 512-50 Online Practice Questions and Exam Preparation

512-50 Exam Details

  • Exam Code
    :512-50
  • Exam Name
    :EC-Council Information Security Manager (E|ISM)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :404 Q&As
  • Last Updated
    :May 25, 2026

EC-COUNCIL 512-50 Online Questions & Answers

  • Question 191:

    SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.

    What is the MOST logical course of action the CISO should take?

    A. Review the original solution set to determine if another system would fit the organization's risk appetite and budget regulatory compliance requirements
    B. Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be provided when needed
    C. Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor
    D. Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements

  • Question 192:

    A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not

    enforced consistently.

    Which of the following is the MOST likely reason for the policy shortcomings?

    A. Lack of a formal security awareness program
    B. Lack of a formal security policy governance process
    C. Lack of formal definition of roles and responsibilities
    D. Lack of a formal risk management policy

  • Question 193:

    A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

    A. Information Technology Infrastructure Library (ITIL)
    B. International Organization for Standardization (ISO) standards
    C. Payment Card Industry Data Security Standards (PCI-DSS)
    D. National Institute for Standards and Technology (NIST) standard

  • Question 194:

    Payment Card Industry (PCI) compliance requirements are based on what criteria?

    A. The types of cardholder data retained
    B. The duration card holder data is retained
    C. The size of the organization processing credit card data
    D. The number of transactions performed per year by an organization

  • Question 195:

    Which of the following is a major benefit of applying risk levels?

    A. Risk management governance becomes easier since most risks remain low once mitigated
    B. Resources are not wasted on risks that are already managed to an acceptable level
    C. Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology
    D. Risk appetite can increase within the organization once the levels are understood

  • Question 196:

    The primary purpose of a risk register is to:

    A. Maintain a log of discovered risks
    B. Track individual risk assessments
    C. Develop plans for mitigating identified risks
    D. Coordinate the timing of scheduled risk assessments

  • Question 197:

    You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

    A. Validate that security awareness program content includes information about the potential vulnerability
    B. Conduct a thorough risk assessment against the current implementation to determine system functions
    C. Determine program ownership to implement compensating controls
    D. Send a report to executive peers and business unit owners detailing your suspicions

  • Question 198:

    Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

    What action should you take FIRST?

    A. Destroy the repository of stolen data
    B. Contact your local law enforcement agency
    C. Consult with other C-Level executives to develop an action plan
    D. Contract with a credit reporting company for paid monitoring services for affected customers

  • Question 199:

    Which of the following is true regarding expenditures?

    A. Capital expenditures are never taxable
    B. Operating expenditures are for acquiring assets, capital expenditures are for support costs of that asset
    C. Capital expenditures are used to define depreciation tables of intangible assets
    D. Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that asset

  • Question 200:

    An organization's Information Security Policy is of MOST importance because

    A. it communicates management's commitment to protecting information resources
    B. it is formally acknowledged by all employees and vendors
    C. it defines a process to meet compliance requirements
    D. it establishes a framework to protect confidential information

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 512-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.