When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?
A. Threat Level, Risk of Compromise, and Consequences of Compromise
B. Risk Avoidance, Threat Level, and Consequences of Compromise
C. Reputational Impact, Financial impact, and Risk of Compromise
D. Risk transfer, reputational Impact, and Consequences of Compromise
When managing the critical path of an IT security project, which of the following is MOST important?
A. Knowing all the stakeholders.
B. Knowing the milestones and timelines of deliverables.
C. Knowing the people on the data center team.
D. Knowing the threats to the organization.
When you develop your audit remediation plan what is the MOST important criteria?
A. To validate the remediation process with the auditor.
B. To validate that the cost of the remediation is less than risk of the finding.
C. To remediate half of the findings before the next audit.
D. To remediate all of the findings before the next audit.
To have accurate and effective information security policies how often should the CISO review the organization policies?
A. Before an audit
B. At least once a year
C. Quarterly
D. Every 6 months
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?
A. Plan-Check-Do-Act
B. Plan-Select-Implement-Evaluate
C. Plan-Do-Check-Act
D. SCORE (Security Consensus Operational Readiness Evaluation)
A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding.
Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?
A. The organization has purchased cyber insurance
B. The risk tolerance of the organization permits this risk
C. The CIO of the organization disagrees with the finding
D. The auditors have not followed proper auditing processes
The risk found after a control has been fully implemented is called:
A. Total Risk
B. Transferred Risk
C. Residual Risk
D. Post Implementation Risk
An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents.
Which of the following would be considered a MAJOR constraint for the project?
A. Compliance to local hiring laws
B. Encryption import/export regulations
C. Local customer privacy laws
D. Time zone differences
A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old.
After reading it, what should be your first priority?
A. Review the recommendations and follow up to see if audit implemented the changes
B. Meet with audit team to determine a timeline for corrections
C. Have internal audit conduct another audit to see what has changed.
D. Contract with an external audit company to conduct an unbiased audit
The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?
A. Risk metrics
B. Operational metrics
C. Compliance metrics
D. Management metrics
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.