[Free] 2018(Jan) EnsurePass Testking ECCouncil 712-50 Dumps with VCE and PDF 141-150

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 712-50
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified CISO (CCISO)

Question No: 141 – (Topic 2)

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

  1. Validate that security awareness program content includes information about the potential vulnerability

  2. Conduct a thorough risk assessment against the current implementation to determine system functions

  3. Determine program ownership to implement compensating controls

  4. Send a report to executive peers and business unit owners detailing your suspicions

Answer: B

Question No: 142 – (Topic 2)

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

  1. ISO 27001

  2. ISO 27002

  3. ISO 27004

  4. ISO 27005

Answer: D

Question No: 143 – (Topic 2)

With respect to the audit management process, management response serves what function?

  1. placing underperforming units on notice for failing to meet standards

  2. determining whether or not resources will be allocated to remediate a finding

  3. adding controls to ensure that proper oversight is achieved by management

  4. revealing the “root cause” of the process failure and mitigating for all internal and external units

Answer: B

Question No: 144 – (Topic 2)

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

  1. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.

  2. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

  3. If the findings impact regulatory compliance, remediate the high findings as quickly as possible.

  4. If the findings do not impact regulatory compliance, review current security controls.

Answer: C

Question No: 145 – (Topic 2)

During the course of a risk analysis your IT auditor identified threats and potential impacts.

Next, your IT auditor should:

  1. Identify and evaluate the existing controls.

  2. Disclose the threats and impacts to management.

  3. Identify information assets and the underlying systems.

  4. Identify and assess the risk assessment process used by management.

Answer: A

Question No: 146 – (Topic 2)

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

  1. Inform senior management of the risk involved.

  2. Agree to work with the security officer on these shifts as a form of preventative control.

  3. Develop a computer assisted audit technique to detect instances of abuses of the arrangement.

  4. Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Answer: A

Question No: 147 – (Topic 2)

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

  1. Servers, routers, switches, modem

  2. Firewall, exchange, web server, intrusion detection system (IDS)

  3. Firewall, anti-virus console, IDS, syslog

  4. IDS, syslog, router, switches

Answer: C

Question No: 148 – (Topic 2)

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

  1. The IT team is not familiar in IT audit practices

  2. This represents a bad implementation of the Least Privilege principle

  3. This represents a conflict of interest

  4. The IT team is not certified to perform audits

Answer: C

Question No: 149 – (Topic 2)

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

  1. Control Objective for Information Technology (COBIT)

  2. Committee of Sponsoring Organizations (COSO)

  3. Payment Card Industry (PCI)

  4. Information Technology Infrastructure Library (ITIL)

Answer: A

Question No: 150 – (Topic 2)

How often should an environment be monitored for cyber threats, risks, and exposures?

  1. Weekly

  2. Monthly

  3. Quarterly

  4. Daily

Answer: D

100% Ensurepass Free Download!
Download Free Demo:712-50 Demo PDF
100% Ensurepass Free Guaranteed!
712-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No