• Home
  • Articles
  • Updated Mar-2024 100% Cover Real 712-50 Exam Questions - 100% Pass Guarantee [Q91-Q109]

Updated Mar-2024 100% Cover Real 712-50 Exam Questions - 100% Pass Guarantee [Q91-Q109]

Share

Updated Mar-2024 100% Cover Real 712-50 Exam Questions - 100% Pass Guarantee

Use Real EC-COUNCIL Dumps - 100% Free 712-50 Exam Dumps

NEW QUESTION # 91
The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

  • A. Alignment with business practices and goals.
  • B. Security accreditation
  • C. Security certification
  • D. Security system analysis

Answer: C


NEW QUESTION # 92
At what level of governance are individual projects monitored and managed?

  • A. Portfolio
  • B. Enterprise
  • C. Program
  • D. Milestone

Answer: A


NEW QUESTION # 93
Which of the following is considered the MOST effective tool against social engineering?

  • A. Anti-phishing tools
  • B. Effective Security awareness program
  • C. Anti-malware tools
  • D. Effective Security Vulnerability Management Program

Answer: B


NEW QUESTION # 94
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

  • A. Lack of compliance to the Payment Card Industry (PCI) standards
  • B. Lack of technical controls when dealing with credit card data
  • C. Ineffective security awareness program
  • D. Security practices not in alignment with ISO 27000 frameworks

Answer: A

Explanation:
Scenario3


NEW QUESTION # 95
You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis.
Which of the following activities will help you in this?

  • A. Quantitative analysis
  • B. Estimate activity duration
  • C. Qualitative analysis
  • D. Risk mitigation

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 96
A Chief Information Security Officer received a list of high, medium, and low impact audit findings.
Which of the following represents the BEST course of action?

  • A. if the findings impact regulatory compliance, remediate the high findings as quickly as possible.
  • B. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.
  • C. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
  • D. If the findings do not impact regulatory compliance, review current security controls.

Answer: A

Explanation:
Explanation/Reference:


NEW QUESTION # 97
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1. Covering tracks
2. Scanning and enumeration
3. Maintaining Access
4. Reconnaissance
5. Gaining Access

  • A. 4, 3, 5, 2, 1
  • B. 4, 5, 2, 3, 1
  • C. 4, 2, 5, 3, 1
  • D. 2, 5, 3, 1, 4

Answer: C


NEW QUESTION # 98
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

  • A. Upper management support
  • B. Involve internal audit
  • C. More frequent project milestone meetings
  • D. More training of staff members

Answer: A


NEW QUESTION # 99
Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

  • A. Statement of Work
  • B. Terms and Conditions
  • C. Key Performance Indicators (KPI)
  • D. Service Level Agreements (SLA)

Answer: D


NEW QUESTION # 100
When deploying an Intrusion Prevention System (IPS), the BEST way to get maximum protection from the system is to deploy it___________

  • A. In-line and turn on alert mode to stop malicious traffic.
  • B. In promiscuous mode and only detect malicious traffic.
  • C. In-line and turn on blocking mode to stop malicious traffic in-line.
  • D. In promiscuous mode and block malicious traffic.

Answer: C


NEW QUESTION # 101
Which of the following is a symmetric encryption algorithm?

  • A. 3DES
  • B. ECC
  • C. MD5
  • D. RSA

Answer: A


NEW QUESTION # 102
Risk appetite is typically determined by which of the following organizational functions?

  • A. Board of Directors
  • B. Business units
  • C. Audit and compliance
  • D. Security

Answer: B


NEW QUESTION # 103
What is the relationship between information protection and regulatory compliance?

  • A. That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.
  • B. The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.
  • C. That all information in an organization must be protected equally.
  • D. There is no relationship between the two.

Answer: A


NEW QUESTION # 104
Risk appetite directly affects what part of a vulnerability management program?

  • A. Staff
  • B. Schedule
  • C. Scope
  • D. Scan tools

Answer: C


NEW QUESTION # 105
The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

  • A. The asset is more expensive than the remediation
  • B. The audit finding is incorrect
  • C. The remediation costs are irrelevant; it must be implemented regardless of cost.
  • D. The asset being protected is less valuable than the remediation costs

Answer: D


NEW QUESTION # 106
The process for identifying, collecting, and producing digital information in support of legal proceedings is called

  • A. electronic review.
  • B. electronic discovery.
  • C. chain of custody.
  • D. evidence tampering.

Answer: B


NEW QUESTION # 107
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?

  • A. Determine if security policies and procedures are adequate
  • B. Validate gaps and accept or dispute the audit findings
  • C. Inform peer executives of the audit results
  • D. Create remediation plans to address program gaps

Answer: B


NEW QUESTION # 108
The alerting, monitoring and life-cycle management of security related events is typically handled by the_________________.

  • A. governance, risk, and compliance tools
  • B. risk management process
  • C. security threat and vulnerability management process
  • D. risk assessment process

Answer: C


NEW QUESTION # 109
......

712-50 Dumps PDF - 712-50 Real Exam Questions Answers: https://www.examcollectionpass.com/EC-COUNCIL/712-50-practice-exam-dumps.html

Realistic 712-50 Dumps Latest Practice Tests Dumps: https://drive.google.com/open?id=14pu61N5AwxAxFMvq_2nwk8KqvIvHV7BH

Related Articles

more
EC-COUNCIL 712-50 Certification Practice Exam