Which of the following functions evaluates patches used to close software vulnerabilities and perform validation of new systems to assure compliance with security?
A. Incident response
B. Risk management
C. System security administration
D. System testing
Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?
A. Cost benefit
B. Risk appetite
C. Business continuity
D. Likelihood of impact
Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?
A. Terms and Conditions
B. Statements of Work
C. Service Level Agreements (SLA)
D. Key Performance Indicators (KPI)
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes.
Which of the following represents the MOST LIKELY cause of this situation?
A. Poor audit support for the security program
B. Poor alignment of the security program to business needs
C. This is normal since business units typically resist security requirements
D. A lack of executive presence within the security program
Which of the following can the company implement in order to avoid this type of security issue in the future?
A. Network based intrusion detection systems
B. An audit management process
C. A security training program for developers
D. A risk management process
Which of the following methodologies references the recommended industry standard that all project managers should follow?
A. The Security Systems Development Life Cycle
B. Project Management System Methodology
C. Project Management Body of Knowledge
D. The Security Project and Management Methodology
A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets.
This demonstrates which of the following principles?
A. Increased security program presence
B. Regulatory compliance effectiveness
C. Security organizational policy enforcement
D. Proper organizational policy enforcement
Which of the following is considered a project versus a managed process?
A. ongoing risk assessment of routine operations
B. continuous vulnerability assessment and vulnerability repair
C. monitoring external and internal environment during incident response
D. installation of a new firewall system
A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach.
Which of the following is a foundational requirement in order to initiate this type of program?
A. A complete inventory of Information technology assets including infrastructure, networks, applications and data
B. A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
C. A clear set of security policies and procedures that are more concept-based than controls-based than controls-based
D. A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
Which of the following items of a computer system will an anti-virus program scan for viruses?
A. Boot Sector
B. Password Protected Files
C. Windows Process List
D. Deleted Files
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.