When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?
A. Prior to signing the agreement and before any security services are being performed
B. Once the agreement has been signed and the security vendor states that they will need access to the network
C. Once the vendor is on premise and before they perform security services
D. At the time the security services are being performed and the vendor needs access to the network
An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?
A. Lack of version/source controls
B. Lack of change management controls
C. Ineffective configuration management controls
D. High turnover in the application development department
What oversight should the information security team have in the change management process for application security?
A. Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
B. Information security should be aware of all application changes and work with developers before changes and deployed in production
C. Information security should be informed of changes to applications only
D. Development team should tell the information security team about any application security flaws
When selecting a security solution with reoccurring maintenance costs after the first year
A. Implement the solution and ask for the increased operating cost budget when it is time
B. Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
C. Defer selection until the market improves and cash flow is positive
D. The CISO should cut other essential programs to ensure the new solution's continued use
Which of the following is the BEST indicator of a successful project?
A. it comes in at or below the expenditures planned for in the baseline budget
B. it meets most of the specifications as outlined in the approved project definition
C. it is completed on time or early as compared to the baseline project plan
D. the deliverables are accepted by the key stakeholders
Which of the following is the MOST important component of any change management process?
A. Outage planning
B. Scheduling
C. Approval tracking
D. Back-out procedures
In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which of the following tools represents the BEST choice to achieve this awareness?
A. Intrusion Detection System (IDS), firewall, switch, syslog
B. Security Incident Event Management (SIEM), IDS, router, syslog
C. VMware, router, switch, firewall, syslog, vulnerability management system (VMS)
D. SIEM, IDS, firewall, VMS
Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?
A. Launch an internal awareness campaign
B. Installation of new firewalls and intrusion detection systems
C. Integrate security requirements into project inception
D. User awareness training for all employees
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do. What is the BEST approach to handle this situation?
A. Tune the sensors to help reduce false positives so the team can react better
B. Request additional resources to handle the workload
C. Tell the team to do their best and respond to each alert
D. Tell the team to only respond to the critical and high alerts
The patching and monitoring of systems on a consistent schedule is required by?
A. Industry best practices
B. Audit best practices
C. Risk Management framework
D. Local privacy laws
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.