EC-COUNCIL 712-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 712-50 Online Questions & Answers

• Question 351:

  As the CISO, you need to create an IT security strategy.

  Which of the following is the MOST important thing to review before you start writing the plan?

  A. The existing IT environment
  B. Other corporate technology trends
  C. The company business plan
  D. The present IT budget
  C. The company business plan

• Question 352:

  The process of creating a system which divides documents based on their security level to manage access to private data is known as ____________________.

  A. security coding
  B. Privacy protection
  C. data security system
  D. data classification
  D. data classification

• Question 353:

  Which of the following is a symmetric encryption algorithm?

  A. 3DES
  B. RSA
  C. ECC
  D. MD5
  A. 3DES

• Question 354:

  When managing the critical path of an IT security project, which of the following is MOST important?

  A. Knowing all the stakeholders.
  B. Knowing the milestones and timelines of deliverables.
  C. Knowing the people on the data center team.
  D. Knowing the threats to the organization.
  B. Knowing the milestones and timelines of deliverables.

• Question 355:

  The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling.

  What is the most likely reason for such broad access?

  A. The need to change accounting periods on a regular basis.
  B. The need to create and modify the chart of accounts and its allocations.
  C. The requirement to post entries for closed accounting period.
  D. The lack of policies and procedures for the proper segregation of duties.
  D. The lack of policies and procedures for the proper segregation of duties.

  ---

  Explanation/Reference:

  The segregation of duties principle suggests that critical functions, such as accounting and financial reporting, should be divided among different people to ensure that no single person has complete control over the entire process.

• Question 356:

  Who in the organization determines access to information?

  A. Compliance officer
  B. Legal department
  C. Data Owner
  D. Information security officer
  C. Data Owner

• Question 357:

  The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

  A. Risk Management Program
  B. Anti-Spam controls
  C. Identity and Access Management Program
  D. Security Awareness Program
  D. Security Awareness Program

• Question 358:

  Regulatory requirements typically force organizations to implement ____________.

  A. Financial controls
  B. Mandatory controls
  C. Discretionary controls
  D. Optional controls
  B. Mandatory controls

• Question 359:

  Which of the following is critical in creating a security program aligned with an organization's goals?

  A. Develop a culture in which users, managers and IT professionals all make good decisions about information risk
  B. Provide clear communication of security program support requirements and audit schedules
  C. Create security awareness programs that include clear definition of security program goals and charters
  D. Ensure security budgets enable technical acquisition and resource allocation based in internal compliance requirements
  A. Develop a culture in which users, managers and IT professionals all make good decisions about information risk

• Question 360:

  Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

  A. Security Operations
  B. Internal/External Audit
  C. Risk Management
  D. Security Administrators
  B. Internal/External Audit