[Sep-2021] 712-50 Pre-Exam Practice Tests | Exam Questions and Answers for CCISO Study Guide
EC-Council Certified CISO (CCISO) Certification Sample Questions
NEW QUESTION 31
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
- A. Be able to retaliate under the framework of Active Defense
- B. Well established and defined digital forensics process
- C. Establishing Enterprise-owned Botnets for preemptive attacks
- D. Collaboration with law enforcement
Answer: B
NEW QUESTION 32
What type of attack requires the least amount of technical equipment and has the highest success rate?
- A. Social engineering
- B. War driving
- C. Shrink wrap attacks
- D. Operating system attacks
Answer: A
NEW QUESTION 33
How often should the SSAE16 report of your vendors be reviewed?
- A. Bi-annually
- B. Semi-annually
- C. Annually
- D. Quarterly
Answer: C
NEW QUESTION 34
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
- A. Use within an organization to ensure compliance with laws and regulations
- B. Use within an organization to formulate security requirements and objectives
- C. To enable organizations that adopt it to obtain certifications
- D. Implementation of business-enabling information security
Answer: D
NEW QUESTION 35
A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?
- A. Compliance management
- B. Physical control testing
- C. Security awareness training
- D. Audit validation
Answer: A
NEW QUESTION 36
Who is responsible for securing networks during a security incident?
- A. Disaster Recovery (DR) manager
- B. Chief Information Security Officer (CISO)
- C. Security Operations Center (SO
- D. Incident Response Team (IRT)
Answer: D
NEW QUESTION 37
A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?
- A. If the findings do not impact regulatory compliance, review current security controls.
- B. If the findings impact regulatory compliance, remediate the high findings as quickly as possible.
- C. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.
- D. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
Answer: B
NEW QUESTION 38
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults.
Which of the following is a default community string?
- A. Execute
- B. Administrator
- C. Public
- D. Read
Answer: C
NEW QUESTION 39
Which of the following are necessary to formulate responses to external audit findings?
- A. Technical Staff, Budget Authority, Management
- B. Internal Audit, Management, and Technical Staff
- C. Internal Audit, Budget Authority, Management
- D. Technical Staff, Internal Audit, Budget Authority
Answer: A
NEW QUESTION 40
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security
- A. Technical control
- B. Procedural control
- C. Administrative control
- D. Management control
Answer: D
NEW QUESTION 41
The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because
- A. This represents a conflict of interest
- B. This represents a bad implementation of the Least Privilege principle
- C. The IT team is not certified to perform audits
- D. The IT team is not familiar in IT audit practices
Answer: A
NEW QUESTION 42
Which of the following is the MOST effective method for discovering common technical vulnerabilities within the IT environment?
- A. Performing system scans
- B. Reviewing system administrator logs
- C. Auditing configuration templates
- D. Checking vendor product releases
Answer: A
NEW QUESTION 43
You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?
- A. Risk conditional
- B. Risk minimal
- C. Risk averse
- D. Risk tolerant
Answer: D
NEW QUESTION 44
A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?
- A. Alignment with International Organization for Standardization (ISO) standards.
- B. Compliance with patient data protection regulations for each country where they operate.
- C. Compliance to the Payment Card Industry (PCI) regulations.
- D. Alignment with financial reporting regulations for each country where they operate.
Answer: B
NEW QUESTION 45
An organization's firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?
- A. A high threat environment
- B. A low risk tolerance environment
- C. A high risk tolerance environment
- D. I low vulnerability environment
Answer: C
NEW QUESTION 46
......
EC-COUNCIL Exam Practice Test To Gain Brilliante Result: https://www.passsureexam.com/712-50-pass4sure-exam-dumps.html
Tested Material Used To 712-50: https://drive.google.com/open?id=1xFv_WTKRcchMlLYm9OI0PLOy29m7DPnx