최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

문제1

Which of the following is a benefit of information security governance?

A. Increasing the risk of decisions based on incomplete management information.

B. Direct involvement of senior management in developing control processes

C. Reduction of the potential for civil and legal liability

D. Questioning the trust in vendor relationships.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Which of the following is the MOST important to share with an Information Security Steering Committee:

A. Ensure that security policies and procedures have been vetted and approved

B. Review audit and compliance reports

C. Be briefed about new trends and products at each meeting by a vendor

D. Include a mix of members from different departments and staff levels

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

A. The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

B. The project was initiated without an effort to get support from impacted business units in the organization

C. The software is out of date and does not provide for a scalable solution across the enterprise

D. The software license expiration is probably out of synchronization with other software licenses

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

At what level of governance are individual projects monitored and managed?

A. Enterprise

B. Portfolio

C. Program

D. Milestone

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

A. Statement of Work

B. Terms and Conditions

C. Service Level Agreements (SLA)

D. Key Performance Indicators (KPI)

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제6

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

A. Compliance management

B. Disaster recovery

C. Security Governance

D. Vendor management

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?

A. Virtual SOC

B. Hybrid SOC

C. In-house SOC

D. Security Network Operations Center (SNOC)

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제8

What is a key policy that should be part of the information security plan?

A. Training policy

B. Acceptable Use policy

C. Account management policy

D. Remote Access policy

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제9

What role should the CISO play in properly scoping a PCI environment?

A. Validate the business units' suggestions as to what should be included in the scoping process

B. Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data

C. Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment

D. Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제10

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?

A. Create remediation plans to address program gaps

B. Inform peer executives of the audit results

C. Validate gaps and accept or dispute the audit findings

D. Determine if security policies and procedures are adequate

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

As the CISO for your company you are accountable for the protection of information resources commensurate with:

A. Customer demand

B. Cost and time to replace

C. Risk of exposure

D. Insurability tables

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Which of the following is a benefit of a risk-based approach to audit planning?

A. Staff will be exposed to a variety of technologies

B. Resources are allocated to the areas of the highest concern

C. Scheduling may be performed months in advance

D. Budgets are more likely to be met by the IT audit staff

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제13

Which of the following is the MOST important for a CISO to understand when identifying threats?

A. How vulnerabilities can potentially be exploited in systems that impact the organization

B. How the firewall and other security devices are configured to prevent attacks

C. How the incident management team prepares to handle an attack

D. How the security operations team will behave to reported incidents

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제14

An audit was conducted and many critical applications were found to have no disaster recovery plans in place.
You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application.
What should be the NEXT step?

A. Create technology recovery plans

B. Build a secondary hot site

C. Determine the annual loss expectancy (ALE)

D. Create a crisis management plan

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

우리와 연락하기

유용한 링크

최신 업데이트