최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

문제1

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of the following is the MOST probable threat actor involved in this incident?

A. Poorly configured firewalls

B. An insider

C. Malware

D. Advanced Persistent Threat (APT)

정답: B

문제2

Which of the following information would MOST likely be reported at the board-level within an organization?

A. System scanning trends and results as they pertain to insider and external threat sources

B. Significant risks and security incidents that have been discovered since the last assembly of the membership

C. The numbers and types of cyberattacks experienced by the organization since the last assembly of the membership

D. The capabilities of a security program in terms of staffing support

정답: B

문제3

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

A. Ineffective security awareness program

B. Lack of technical controls when dealing with credit card data

C. Lack of compliance to the Payment Card Industry (PCI) standards

D. Security practices not in alignment with ISO 27000 frameworks

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제4

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

A. Alignment with business practices and goals.

B. Security certification

C. Security accreditation

D. Security system analysis

정답: C

문제5

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

A. Information Security

B. Compliance

C. Internal Audit

D. Database Administration

정답: A

문제6

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

A. Lack of asset management processes

B. Lack of change management processes

C. Lack of proper access controls

D. Lack of hardening standards

정답: B

문제7

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization's products and services?

A. Financial reporting regulations

B. Local privacy laws

C. Strong authentication technologies

D. Credit card compliance and regulations

정답: B

문제8

The alerting, monitoring, and lifecycle management of security-related events are typically managed by the:

A. Security Threat and vulnerability management process

B. Governance, risk, and compliance tools

C. Risk assessment process

D. Security controls group

정답: A

문제9

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

A. Understand the business and focus your efforts on enabling operations securely

B. Cite corporate policy and insist on compliance with audit findings

C. Draw from your experience and recount stories of how other companies have been compromised

D. Cite compliance with laws, statutes, and regulations - explaining the financial implications for the company for non-compliance

정답: A

문제10

The success of the Chief Information Security Officer is MOST dependent upon:

A. following the recommendations of consultants and contractors

B. favorable audit findings

C. raising awareness of security issues with end users

D. development of relationships with organization executives

정답: D

문제11

Which of the following is MOST important when dealing with an Information Security Steering committee:

A. Ensure that security policies and procedures have been vetted and approved.

B. Include a mix of members from different departments and staff levels.

C. Review all past audit and compliance reports.

D. Be briefed about new trends and products at each meeting by a vendor.

정답: C

문제12

Which of the following is MOST likely to be discretionary?

A. Policies

B. Standards

C. Guidelines

D. Procedures

정답: C

문제13

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

A. SCORE (Security Consensus Operational Readiness Evaluation)

B. Plan-Select-Implement-Evaluate

C. Plan-Check-Do-Act

D. Plan-Do-Check-Act

정답: D

문제14

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

A. High turnover in the application development department

B. Lack of change management controls

C. Lack of version/source controls

D. Ineffective configuration management controls

정답: C

문제15

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

A. Implementation of business-enabling information security

B. Use within an organization to formulate security requirements and objectives

C. Use within an organization to ensure compliance with laws and regulations

D. To enable organizations that adopt it to obtain certifications

정답: A

문제16

Which of the following best describes an access control process that confirms the identity of the entity seeking access to a logical or physical area?

A. Identification

B. Accountability

C. Authentication

D. Authorization

정답: D

문제17

Creating a secondary authentication process for network access would be an example of?

A. An administrator with too much time on their hands.

B. Network segmentation.

C. Supporting the concept of layered security

D. Putting undue time commitment on the system administrator.

정답: C

문제18

As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?

A. Nothing, this falls outside your area of influence.

B. Post a guard at the door to maintain physical security

C. Close and chain the door shut and send a company-wide memo banning the practice.

D. Have a risk assessment performed.

정답: D

문제19

Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.
To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

A. Business Impact Analysis

B. Security roadmap

C. Business Continuity plan

D. Annual report to shareholders

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제20

Who is responsible for securing networks during a security incident?

A. Chief Information Security Officer (CISO)

B. Security Operations Center (SO

C. Disaster Recovery (DR) manager

D. Incident Response Team (IRT)

정답: D

최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

우리와 연락하기

유용한 링크

최신 업데이트