A missing/ineffective security control is identified.
Which of the following should be the NEXT step?
A. Perform an audit to measure the control formally
B. Escalate the issue to the IT organization
C. Perform a risk assessment to measure risk
D. Establish Key Risk Indicators
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?
A. Better understand the threats and vulnerabilities affecting the environment
B. Better understand strengths and weakness of the program
C. Meet regulatory compliance requirements
D. Meet legal requirements
Control Objectives for Information and Related Technology (COBIT) is which of the following?
A. An audit guideline for certifying secure systems and controls
B. An information Security audit standard
C. A framework for Information Technology management and governance
D. A set of international regulations for Information Technology governance
Which of the following are not stakeholders of IT security projects?
A. Board of directors
B. Help Desk
C. Third party vendors
D. CISO
Which of the following illustrates an operational control process:
A. Classifying an information system as part of a risk assessment
B. Conducting an audit of the configuration management process
C. Installing an appropriate fire suppression system in the data center
D. Establishing procurement standards for cloud vendors
A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability.
What do you do?
A. tell him to shut down the server
B. tell him to call the police
C. tell him to invoke the incident response process
D. tell him to analyze the problem, preserve the evidence and provide a full analysis and report.
Which of the following are primary concerns for management with regard to assessing internal control objectives?
A. Confidentiality, Availability, Integrity
B. Compliance, Effectiveness, Efficiency
C. Communication, Reliability, Cost
D. Confidentiality, Compliance, Cost
The effectiveness of an audit is measured by?
A. The number of security controls the company has in use
B. How it exposes the risk tolerance of the company
C. The number of actionable items in the recommendations
D. How the recommendations directly support the goals of the company
When is an application security development project complete?
A. When the application turned over to production.
B. After one year
C. When the application reaches the maintenance phase.
D. When the application is retired.
An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application.
What should be the NEXT step?
A. Create technology recovery plans
B. Determine the annual loss expectancy (ALE)
C. Build a secondary hot site
D. Create a crisis management plan
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.