EC-COUNCIL 512-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 512-50 Online Questions & Answers

• Question 271:

  An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

  A. Determine the annual loss expectancy (ALE)
  B. Create a crisis management plan
  C. Create technology recovery plans
  D. Build a secondary hot site
  C. Create technology recovery plans

• Question 272:

  Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization's products and services?

  A. Strong authentication technologies
  B. Financial reporting regulations
  C. Credit card compliance and regulations
  D. Local privacy laws
  D. Local privacy laws

• Question 273:

  Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. What is one proven method to account for common elements found within separate regulations and/or standards?

  A. Hire a GRC expert
  B. Use the Find function of your word processor
  C. Design your program to meet the strictest government standards
  D. Develop a crosswalk
  D. Develop a crosswalk

• Question 274:

  Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. When multiple regulations or standards apply to your industry you should set controls to meet the:

  A. Easiest regulation or standard to implement
  B. Stricter regulation or standard
  C. Most complex standard to implement
  D. Recommendations of your Legal Staff
  C. Most complex standard to implement

• Question 275:

  When dealing with a risk management process, asset classification is important because it will impact the overall:

  A. Threat identification
  B. Risk monitoring
  C. Risk treatment
  D. Risk tolerance
  C. Risk treatment

• Question 276:

  The total cost of security controls should:

  A. Be equal to the value of the information resource being protected
  B. Be greater than the value of the information resource being protected
  C. Be less than the value of the information resource being protected
  D. Should not matter, as long as the information resource is protected
  C. Be less than the value of the information resource being protected

• Question 277:

  Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

  A. System testing
  B. Risk assessment
  C. Incident response
  D. Planning
  A. System testing

• Question 278:

  When is an application security development project complete?

  A. When the application is retired.
  B. When the application turned over to production.
  C. When the application reaches the maintenance phase.
  D. After one year.
  A. When the application is retired.

• Question 279:

  A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

  A. tell him to shut down the server
  B. tell him to call the police
  C. tell him to invoke the incident response process
  D. tell him to analyze the problem, preserve the evidence and provide a full analysis and report
  C. tell him to invoke the incident response process

• Question 280:

  The alerting, monitoring and life-cycle management of security related events is typically handled by the

  A. security threat and vulnerability management process
  B. risk assessment process
  C. risk management process
  D. governance, risk, and compliance tools
  A. security threat and vulnerability management process