EC-Council 712-50 Exam Questions and Answers 2021

NEW QUESTION 1
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

• A. The need to change accounting periods on a regular basis.
• B. The requirement to post entries for a closed accounting period.
• C. The need to create and modify the chart of accounts and its allocations.
• D. The lack of policies and procedures for the proper segregation of duties.

Answer: D

NEW QUESTION 2
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

• A. Traffic Analysis
• B. Deep-Packet inspection
• C. Packet sampling
• D. Heuristic analysis

Answer: B

NEW QUESTION 3
Which of the following is considered a project versus a managed process?

• A. monitoring external and internal environment during incident response
• B. ongoing risk assessments of routine operations
• C. continuous vulnerability assessment and vulnerability repair
• D. installation of a new firewall system

Answer: D

NEW QUESTION 4
In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

• A. Internal Audit
• B. Database Administration
• C. Information Security
• D. Compliance

Answer: C

NEW QUESTION 5
Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

• A. Single Loss Expectancy (SLE)
• B. Exposure Factor (EF)
• C. Annualized Rate of Occurrence (ARO)
• D. Temporal Probability (TP)

Answer: C

NEW QUESTION 6
An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

• A. Number of change orders rejected
• B. Number and length of planned outages
• C. Number of unplanned outages
• D. Number of change orders processed

Answer: C

NEW QUESTION 7
Which of the following intellectual Property components is focused on maintaining brand recognition?

• A. Trademark
• B. Patent
• C. Research Logs
• D. Copyright

Answer: A

NEW QUESTION 8
The ability to demand the implementation and management of security controls on third parties providing services to an organization is

• A. Security Governance
• B. Compliance management
• C. Vendor management
• D. Disaster recovery

Answer: C

NEW QUESTION 9
Which of the following are the MOST important factors for proactively determining system vulnerabilities?

• A. Subscribe to vendor mailing list to get notification of system vulnerabilities
• B. Deploy Intrusion Detection System (IDS) and install anti-virus on systems
• C. Configure firewall, perimeter router and Intrusion Prevention System (IPS)
• D. Conduct security testing, vulnerability scanning, and penetration testing

Answer: D

NEW QUESTION 10
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

• A. Organization control
• B. Procedural control
• C. Management control
• D. Technical control

Answer: D

NEW QUESTION 11
When dealing with risk, the information security practitioner may choose to:

• A. assign
• B. transfer
• C. acknowledge
• D. defer

Answer: C

NEW QUESTION 12
The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

• A. Number of callers who report security issues.
• B. Number of callers who report a lack of customer service from the call center
• C. Number of successful social engineering attempts on the call center
• D. Number of callers who abandon the call before speaking with a representative

Answer: C

NEW QUESTION 13
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

• A. Determine appetite
• B. Evaluate risk avoidance criteria
• C. Perform a risk assessment
• D. Mitigate risk

Answer: D

NEW QUESTION 14
How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

• A. Quarterly
• B. Semi-annually
• C. Bi-annually
• D. Annually

Answer: D

NEW QUESTION 15
As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?

• A. Nothing, this falls outside your area of influence.
• B. Close and chain the door shut and send a company-wide memo banning the practice.
• C. Have a risk assessment performed.
• D. Post a guard at the door to maintain physical security

Answer: C

NEW QUESTION 16
Which of the following are not stakeholders of IT security projects?

• A. Board of directors
• B. Third party vendors
• C. CISO
• D. Help Desk

Answer: B

NEW QUESTION 17
Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

• A. Define the risk appetite
• B. Determine budget constraints
• C. Review project charters
• D. Collaborate security projects

Answer: A