When should IT security project management be outsourced?
A. On projects not forecasted in the yearly budget
B. When organizational resources are limited
C. When the benefits of outsourcing outweigh the inherent risks of outsourcing
D. On new, enterprise-wide security initiatives
Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:
A. Detective Controls
B. Proactive Controls
C. Organizational Controls
D. Preemptive Controls
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?
A. SNMP traps
B. Syslog
C. File integrity monitoring
D. Application logs
Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?
A. Information Security (IS) procedures often require augmentation with other standards
B. Implementation of it eases an organization's auditing and compliance burden
C. It provides for a consistent and repeatable staffing model for technology organizations
D. It allows executives to more effectively monitor IT implementation costs
Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?
A. Information technology Infrastructure Library (ITIL)
B. Committee of Sponsoring Organizations (COSO)
C. Control Objective for Information Technology (COBIT)
D. Payment Card Industry (PCI)
Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?
A. Perform a vulnerability scan of the network
B. Internal Firewall ruleset reviews
C. Implement network intrusion prevention systems
D. External penetration testing by a qualified third party
The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is considering a bad practice MAINLY because_______________.
A. The IT team is not familiar in IT audit practices
B. This represents a bad implementation of the Least Privilege principle
C. The IT team is not certified to perform audits
D. This represents a conflict of interest
Which of the following activities is the MAIN purpose of the risk assessment process?
A. Creating an inventory of information assets
B. Calculating the risks to which assets are exposed in their current setting
C. Classifying and organizing information assets into meaningful groups
D. Assigning value to each information asset
You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process.
Which of the following represents your BEST course of action?
A. Determine program ownership to implement compensating controls
B. Send a report to executive peers and business unit owners detailing your suspicions
C. Validate that security awareness program content includes information about the potential vulnerability
D. Conduct a throughout risk assessment against the current implementation to determine system functions
The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's
A. Risk Management Program
B. Anti-Spam controls
C. Identity and Access Management Program
D. Security Awareness Program
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.