According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
A. Susceptibility to attack, expected duration of attack, and mitigation availability
B. Attack vectors, controls cost, and investigation staffing needs
C. Susceptibility to attack, mitigation response time, and cost
D. Vulnerability exploitation, attack recovery, and mean time to repair
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?
A. Conduct a Disaster Recovery (DR) exercise every year to test the plan
B. Conduct periodic tabletop exercises to refine the BC plan
C. Test every three years to ensure that the BC plan is valid
D. Define the Recovery Point Objective (RPO)
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure.
What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?
A. Decrease the vulnerabilities within the scan tool settings
B. Scan a representative sample of systems
C. Filter the scan output so only pertinent data is analyzed
D. Perform the scans only during off-business hours
Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?
A. Human Resources and Budget
B. Audit and Legal
C. Budget and Compliance
D. Legal and Human Resources
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
A. Technical control
B. Management control
C. Procedural control
D. Organization control
Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?
A. Temporal Probability (TP)
B. Annualized Rate of Occurrence (ARO)
C. Single Loss Expectancy (SLE)
D. Exposure Factor (EF)
Creating a secondary authentication process for network access would be an example of?
A. An administrator with too much time on their hands
B. Supporting the concept of layered security
C. Network segmentation
D. Putting undue time commitment on the system administrator
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
A. Decide how to manage risk
B. Define Information Security Policy
C. Identify threats, risks, impacts and vulnerabilities
D. Define the budget of the Information Security Management System
Risk appetite directly affects what part of a vulnerability management program?
A. Scope
B. Schedule
C. Staff
D. Scan tools
Which of the following is a fundamental component of an audit record?
A. Originating IP-Address
B. Date and time of the event
C. Failure of the event
D. Authentication type
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.