When choosing a risk mitigation method what is the MOST important factor?
A. Approval from the board of directors
B. Metrics of mitigation method success
C. Cost of the mitigation is less than a risk
D. Mitigation method complies with PCI regulations
Payment Card Industry (PCI) compliance requirements are based on what criteria?
A. The size of the organization processing credit card data
B. The types of cardholder data retained
C. The duration card holder data is retained
D. The number of transactions performed per year by an organization
Which of the following are the MOST important factors for proactively determining system vulnerabilities?
A. Subscribe to vendor mailing lists and distribute notifications of system requirements
B. Configure firewall, perimeter router and Intrusion Prevention System (IPS)
C. Conduct security testing, vulnerability scanning, and penetration testing
D. Deploy Intrusion Detection System (IDS) and install anti-virus on systems
You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?
A. Chief Executive Officer
B. Chief Information Officer
C. Chief Information Security Officer
D. Chief Information Officer
Which of the following is a benefit of a risk-based approach to audit planning?
A. Resources are allocated to the areas of the highest concern
B. Scheduling may be performed months in advance
C. Budgets are more likely to be met by the IT audit staff
D. Staff will be exposed to a variety of technologies
The regular review of a firewall ruleset is considered a _______________________.
A. Procedural control
B. Organization control
C. Management control
D. Technical control
The exposure factor of a threat to your organization is defined by?
A. Annual loss expectancy minus current cost of controls
B. Percentage of loss experienced due to a realized threat event
C. Asset value times exposure factor
D. Annual rate of occurrence
The Information Security Governance program MUST:
A. integrate with other organizational governance processes
B. show a return on investment for the organization
C. integrate with other organizational governance processes
D. support user choice for Bring Your Own Device (BYOD)
Risk is defined as:
A. Quantitative plus qualitative impact
B. Asset loss times likelihood of event
C. Advisory plus capability plus vulnerability
D. Threat times vulnerability divided by control
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
A. The organization uses exclusively a qualitative process to measure risk
B. The organization's risk tolerance is low
C. The organization uses exclusively a quantitative process to measure risk
D. The organization's risk tolerance is high
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.