The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?
A. Risk metricsAs the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand. Which is the BEST type of risk that defines this event?
A. Compliance RiskAs the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams.
What else should be in the reporting process?
A. Names and phone numbers of those who conducted the auditA CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach.
Which of the following is a foundational requirement in order to initiate this type of program?
A. A complete inventory of Information technology assets including infrastructure, networks, applications and dataScenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that
your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements.
During your investigation of the rumored compromise, you discover that data has been breached and that the repository of stolen data is on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?
A. Consult with other executives to develop an action planAn example of professional unethical behavior is:
A. Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the materialA bastion host should be placed:
A. Inside the DMZWhich of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?
A. Information Security (IS) procedures often require augmentation with other standardsA security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure.
What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?
A. Decrease the vulnerabilities within the scan tool settingsA department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims.
Which of the following vendor provided documents is BEST to make your decision?
A. Vendor provided reference from an existing reputable client detailing their implementationNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.