The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees.
Which of the following can be used as a KPI?
A. Number of successful social engineering attempts on the call center
B. Number of callers who abandon the call before speaking with a representative
C. Number of callers who report a lack of customer service from the call center
D. Number of callers who report security issues.
The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is _______________.
A. External Audit
B. Forensic experts
C. Internal Audit
D. Penetration testers
When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?
A. Schedule an emergency meeting and request the finding to fix the issue
B. Take the system off line until budget is available
C. Transfer financial resources from other critical programs
D. Deploy countermeasures and compensation controls until the budget is available
Which of the following BEST describes an international standard framework that is based on the security model Information Technology-Code of Practice for Information Security Management?
A. National Institute of Standards and technology Special Publication SP 800-12
B. Request for Comment 2196
C. International Organization for Standardization 27001
D. National Institute of Standards and technology Special Publication SP 800-26
In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?
A. Internal Audit
B. Information Security
C. Compliance
D. Database Administration
Creating a secondary authentication process for network access would be an example of?
A. Defense in depth cost enumerated costs
B. Nonlinearities in physical security performance metrics
C. System hardening and patching requirements
D. Anti-virus for mobile devices
Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?
A. Vulnerability
B. Threat
C. Exploitation
D. Attack vector
How often should an environment be monitored for cyber threats, risks, and exposures?
A. Weekly
B. Daily
C. Monthly
D. Quarterly
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture.
What would be the BEST choice of security metrics to present to the BOD?
A. All vulnerabilities found on servers and desktops
B. Only critical and high vulnerabilities servers
C. Only critical and high vulnerabilities on servers and desktops
D. All vulnerabilities that impact important production servers
When deploying an Intrusion Prevention System (IPS), the BEST way to get maximum protection from the system is to deploy it___________
A. In-line and turn on alert mode to stop malicious traffic.
B. In promiscuous mode and block malicious traffic.
C. In promiscuous mode and only detect malicious traffic.
D. In-line and turn on blocking mode to stop malicious traffic in-line.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.