EC-Council 712-50 Exam Questions 2021

NEW QUESTION 1
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

• A. Lack of risk management process
• B. Lack of sponsorship from executive management
• C. IT security centric agenda
• D. Compliance centric agenda

Answer: C

NEW QUESTION 2
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

• A. Data breach disclosure
• B. Consumer right disclosure
• C. Security incident disclosure
• D. Special circumstance disclosure

Answer: A

NEW QUESTION 3
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

• A. Providing a risk program governance structure
• B. Ensuring developers include risk control comments in code
• C. Creating risk assessment templates based on specific threats
• D. Allowing for the acceptance of risk for regulatory compliance requirements

Answer: A

NEW QUESTION 4
Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

• A. Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data
• B. Create separate controls for the business units based on the types of business and functions they perform
• C. Ensure business units are involved in the creation of controls and defining conditions under which they must be applied
• D. Provide the business units with control mandates and schedules of audits for compliance validation

Answer: C

Explanation: Topic 4, Information Security Core Competencies

NEW QUESTION 5
Which of the following are primary concerns for management with regard to assessing internal control objectives?

• A. Confidentiality, Availability, Integrity
• B. Compliance, Effectiveness, Efficiency
• C. Communication, Reliability, Cost
• D. Confidentiality, Compliance, Cost

Answer: B

NEW QUESTION 6
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:

• A. Controlled spear phishing campaigns
• B. Password changes
• C. Baselining of computer systems
• D. Scanning for viruses

Answer: A

NEW QUESTION 7
The PRIMARY objective of security awareness is to:

• A. Ensure that security policies are read.
• B. Encourage security-conscious employee behavior.
• C. Meet legal and regulatory requirements.
• D. Put employees on notice in case follow-up action for noncompliance is necessary

Answer: B

NEW QUESTION 8
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

• A. International Organization for Standardizations – 22301 (ISO-22301)
• B. Information Technology Infrastructure Library (ITIL)
• C. Payment Card Industry Data Security Standards (PCI-DSS)
• D. International Organization for Standardizations – 27005 (ISO-27005)

Answer: A

NEW QUESTION 9
Which of the following activities must be completed BEFORE you can calculate risk?

• A. Determining the likelihood that vulnerable systems will be attacked by specific threats
• B. Calculating the risks to which assets are exposed in their current setting
• C. Assigning a value to each information asset
• D. Assessing the relative risk facing the organization’s information assets

Answer: C

NEW QUESTION 10
Which of the following are necessary to formulate responses to external audit findings?

• A. Internal Audit, Management, and Technical Staff
• B. Internal Audit, Budget Authority, Management
• C. Technical Staff, Budget Authority, Management
• D. Technical Staff, Internal Audit, Budget Authority

Answer: C

NEW QUESTION 11
Which of the following international standards can be BEST used to define a Risk Management process in an organization?

• A. National Institute for Standards and Technology 800-50 (NIST 800-50)
• B. International Organization for Standardizations – 27005 (ISO-27005)
• C. Payment Card Industry Data Security Standards (PCI-DSS)
• D. International Organization for Standardizations – 27004 (ISO-27004)

Answer: B

NEW QUESTION 12
Which of the following activities is the MAIN purpose of the risk assessment process?

• A. Creating an inventory of information assets
• B. Classifying and organizing information assets into meaningful groups
• C. Assigning value to each information asset
• D. Calculating the risks to which assets are exposed in their current setting

Answer: D

NEW QUESTION 13
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

• A. Controlled mitigation effort
• B. Risk impact comparison
• C. Relative likelihood of event
• D. Comparative threat analysis

Answer: C

NEW QUESTION 14
The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help
mitigate the risks?

• A. Provide developer security training
• B. Deploy Intrusion Detection Systems
• C. Provide security testing tools
• D. Implement Compensating Controls

Answer: D

NEW QUESTION 15
The Information Security Management program MUST protect:

• A. all organizational assets
• B. critical business processes and /or revenue streams
• C. intellectual property released into the public domain
• D. against distributed denial of service attacks

Answer: B

NEW QUESTION 16
A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the following qualifications and experience would be MOST desirable to find in a candidate?

• A. Multiple certifications, strong technical capabilities and lengthy resume
• B. Industry certifications, technical knowledge and program management skills
• C. College degree, audit capabilities and complex project management
• D. Multiple references, strong background check and industry certifications

Answer: B

NEW QUESTION 17
In terms of supporting a forensic investigation, it is now imperative that managers, first- responders, etc., accomplish the following actions to the computer under investigation:

• A. Secure the area and shut-down the computer until investigators arrive
• B. Secure the area and attempt to maintain power until investigators arrive
• C. Immediately place hard drive and other components in an anti-static bag
• D. Secure the area.

Answer: B