Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers."
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
A. Cite compliance with laws, statutes, and regulations ?explaining the financial implications for the company for non-compliance
B. Understand the business and focus your efforts on enabling operations securely
C. Draw from your experience and recount stories of how other companies have been compromised
D. Cite corporate policy and insist on compliance with audit findings
Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?
A. ITIL
B. Privacy Act
C. Sarbanes Oxley
D. PCI-DSS
A digital signature addresses which of the following concerns?
A. Message alteration
B. Message copying
C. Message theft
D. Unauthorized reading
Annual Loss Expectancy is derived from the function of which two factors?
A. Annual Rate of Occurrence and Asset Value
B. Single Loss Expectancy and Exposure Factor
C. Safeguard Value and Annual Rate of Occurrence
D. Annual Rate of Occurrence and Single Loss Expectancy
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?
A. Review time schedules
B. Verify budget
C. Verify resources
D. Verify constraints
When analyzing and forecasting a capital expense budget what are not included?
A. Network connectivity costs
B. New datacenter to operate from
C. Upgrade of mainframe
D. Purchase of new mobile devices to improve operations
A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered
A. Zero-day attack mitigation
B. Preventive detection control
C. Corrective security control
D. Dynamic blocking control
If the result of an NPV is positive, then the project should be selected. The net present value shows the present value of the project, based on the decisions taken for its selection. What is the net present value equal to?
A. Net profit ?per capita income
B. Total investment ?Discounted cash
C. Average profit ?Annual investment
D. Initial investment ?Future value
When creating contractual agreements and procurement processes why should security requirements be included?
A. To make sure they are added on after the process is completed
B. To make sure the costs of security is included and understood
C. To make sure the security process aligns with the vendor's security process
D. To make sure the patching process is included with the costs
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?
A. Lack of identification of technology stake holders
B. Lack of business continuity process
C. Lack of influence with leaders outside IT
D. Lack of a security awareness program
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 512-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.