EC-COUNCIL 712-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 712-50 Online Questions & Answers

• Question 221:

  When managing the security architecture for your company you must consider:

  A. Budget
  B. Security and IT Staff size
  C. Company values
  D. All of the above
  D. All of the above

• Question 222:

  Which of the following is a fundamental component of an audit record?

  A. Originating IP-Address
  B. Date and time of the event
  C. Failure of the event
  D. Authentication type
  B. Date and time of the event

• Question 223:

  The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to_________________________.

  A. assign the responsibility to the information security team
  B. assign the responsibility to the team responsible for the management of the controls
  C. perform an independent audit of the security controls
  D. create operational reports on the effectiveness of the controls.
  C. perform an independent audit of the security controls

• Question 224:

  As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order. 1.Covering tracks 2.Scanning and enumeration 3.Maintaining Access 4.Reconnaissance 5.Gaining Access

  A. 4, 3, 5, 2, 1
  B. 4, 2, 5, 3, 1
  C. 2, 5, 3, 1, 4
  D. 4, 5, 2, 3, 1
  B. 4, 2, 5, 3, 1

• Question 225:

  Which of the following is true regarding expenditures?

  A. Capital expenditures are never taxable
  B. Operating expenditures are for acquiring assets, capital expenditures are for support costs of that asset
  C. Capital expenditures are used to define depreciation tables of intangible assets
  D. Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that asset
  D. Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that asset

• Question 226:

  The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability.

  What would be the BEST approach for the CISO to reassure the IT group?

  A. Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility
  B. Work with the IT group and tell them to put IPS in-line and say it won't cause any network impact
  C. Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn't block any legitimate traffic
  D. Explain to the IT group that the IPS won't cause any network impact because it will fail open
  C. Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn't block any legitimate traffic

• Question 227:

  At what level of governance are individual projects monitored and managed?

  A. Program
  B. Milestone
  C. Enterprise
  D. Portfolio
  A. Program

  ---

  Explanation/Reference:

• Question 228:

  A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old.

  After reading it, what should be your first priority?

  A. Review the recommendations and follow up to see if audit implemented the changes
  B. Meet with audit team to determine a timeline for corrections
  C. Have internal audit conduct another audit to see what has changed.
  D. Contract with an external audit company to conduct an unbiased audit
  A. Review the recommendations and follow up to see if audit implemented the changes

• Question 229:

  A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets.

  This demonstrates which of the following principles?

  A. Increased security program presence
  B. Regulatory compliance effectiveness
  C. Security organizational policy enforcement
  D. Proper organizational policy enforcement
  D. Proper organizational policy enforcement

  ---

  Explanation/Reference:

  The implementation of smart cards for credential management, resulting in reduced costs associated with help desk operations supporting password resets, demonstrates the principle of proper organizational policy enforcement. By implementing smart cards, the CISO is enforcing the organizational policy of using strong authentication mechanisms and reducing reliance on password-based authentication. This action aligns with the security policy and demonstrates the proper implementation and enforcement of organizational policies. Option C, security organizational policy enforcement, is similar to the correct answer but is not as comprehensive. The implementation of smart cards is a specific instance of enforcing a security organizational policy, rather than encompassing the broader concept of policy enforcement in general.

  Therefore, the most appropriate answer is D. Proper organizational policy enforcement.

• Question 230:

  An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization's IT environment.

  Which of the following can be used to measure the effectiveness of this newly implemented process?

  A. Number and length of planned outages
  B. Number of change orders processed
  C. Number of change orders rejected
  D. Number of unplanned outages
  D. Number of unplanned outages