최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

문제1

Ensuring that the actions of a set of people, applications and systems follow the organization's rules is BEST described as:

A. Security management

B. Risk management

C. Compliance management

D. Mitigation management

정답: C

문제2

Which of the following are necessary to formulate responses to external audit findings?

A. Technical Staff, Budget Authority, Management

B. Internal Audit, Budget Authority, Management

C. Internal Audit, Management, and Technical Staff

D. Technical Staff, Internal Audit, Budget Authority

정답: A

문제3

Creating a secondary authentication process for network access would be an example of?

A. System hardening and patching requirements

B. Defense in depth cost enumerated costs

C. Anti-virus for mobile devices

D. Nonlinearities in physical security performance metrics

정답: D

문제4

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

A. Hybrid cloud

B. Community cloud

C. Private cloud

D. Public cloud

정답: A

문제5

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

A. Vulnerability exploitation, attack recovery, and mean time to repair

B. Susceptibility to attack, mitigation response time, and cost

C. Susceptibility to attack, expected duration of attack, and mitigation availability

D. Attack vectors, controls cost, and investigation staffing needs

정답: B

문제6

An example of professional unethical behavior is:

A. Storing client lists and other sensitive corporate internal documents on a removable thumb drive

B. Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C. Gaining access to an affiliated employee's work email account as part of an officially sanctioned internal investigation

D. Copying documents from an employer's server which you assert that you have an intellectual property claim to possess, but the company disputes

정답: D

문제7

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do. What is the BEST approach to handle this situation?

A. Tune the sensors to help reduce false positives so the team can react better

B. Request additional resources to handle the workload

C. Tell the team to do their best and respond to each alert

D. Tell the team to only respond to the critical and high alerts

정답: A

문제8

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agend a.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

A. The CISO has not implemented a policy management framework

B. The CISO has not implemented a security awareness program

C. The CISO does not report directly to the CEO of the organization

D. The CISO reports to the IT organization

정답: D

문제9

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

A. Daily

B. Hourly

C. Weekly

D. Monthly

정답: A

문제10

What is the BEST reason for having a formal request for proposal process?

A. Clearly identifies risks and benefits before funding is spent

B. Informs suppliers a company is going to make a purchase

C. Creates a timeline for purchasing and budgeting

D. Allows small companies to compete with larger companies

정답: A

문제11

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

A. Filter the scan output so only pertinent data is analyzed

B. Perform the scans only during off-business hours

C. Scan a representative sample of systems

D. Decrease the vulnerabilities within the scan tool settings

정답: C

문제12

Risk that remains after risk mitigation is known as

A. Persistent risk

B. Non-tolerated risk

C. Residual risk

D. Accepted risk

정답: C

문제13

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

A. The auditors have not followed proper auditing processes

B. The risk tolerance of the organization permits this risk

C. The organization has purchased cyber insurance

D. The CIO of the organization disagrees with the finding

정답: B

문제14

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

A. Business Impact Analysis

B. Economic Impact analysis

C. Cost-benefit analysis

D. Return on Investment

정답: C

문제15

Which of the following activities is the MAIN purpose of the risk assessment process?

A. Assigning value to each information asset

B. Creating an inventory of information assets

C. Classifying and organizing information assets into meaningful groups

D. Calculating the risks to which assets are exposed in their current setting

정답: D

문제16

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

A. Download trial versions of commercially available security tools and deploy on your production network

B. Download open source security tools from a trusted site, test, and then deploy on production network

C. Download security tools from a trusted source and deploy to production network

D. Download open source security tools and deploy them on your production network

정답: B

문제17

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

A. Meet legal requirements

B. Better understand strengths and weaknesses of the program

C. Meet regulatory compliance requirements

D. Better understand the threats and vulnerabilities affecting the environment

정답: B

문제18

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

A. PRINCE2

B. ISO 27004

C. ISO 27001

D. ITILv3

정답: B

문제19

From an information security perspective, information that no longer supports the main purpose of the business should be:

A. analyzed under the data ownership policy.

B. protected under the information classification policy.

C. assessed by a business impact analysis.

D. analyzed under the retention policy

정답: D

문제20

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

A. Shared key

B. None

C. Asynchronous

D. Open

정답: A

최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

우리와 연락하기

유용한 링크

최신 업데이트