최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

문제1

Credit card information, medical data, and government records are all examples of:

A. Communications Information

B. Bodily Information

C. Territorial Information

D. Confidential/Protected Information

정답: D

문제2

Which of the following represents the BEST method of ensuring security program alignment to business needs?

A. Create security consortiums, such as strategic security planning groups, that include business unit participation

B. Create a comprehensive security awareness program and provide success metrics to business units

C. Ensure security implementations include business unit testing and functional validation prior to production rollout

D. Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role

정답: A

문제3

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans.
Which control is MOST important to protect AI products?

A. Hash datasets

B. Sanitize datasets

C. Encrypt datasets

D. Delete datasets

정답: C

문제4

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

A. Quantitative risk analysis

B. Risk Appetite

C. Qualitative risk analysis

D. Risk Tolerance

정답: A

문제5

The primary responsibility for assigning entitlements to a network share lies with which role?

A. Chief Information Officer (CIO)

B. Data owner

C. CISO

D. Security system administrator

정답: B

문제6

The primary purpose of a risk register is to:

A. Maintain a log of discovered risks

B. Track individual risk assessments

C. Develop plans for mitigating identified risks

D. Coordinate the timing of scheduled risk assessments

정답: A

문제7

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

A. Discussing decisions with a very large group of people always provides a better outcome

B. Contracting rules typically require you to have conversations with two or more groups

C. This makes sure the files you exchange aren't unnecessarily flagged by the Data Loss Prevention (DLP) system

D. It helps to avoid regulatory or internal compliance issues

정답: D

문제8

Human resource planning for security professionals in your organization is a:

A. Training requirement that is met through once every year user training.

B. Simple and easy task because the threats are getting easier to find and correct.

C. Training requirement that is on-going and always changing.

D. Not needed because automation and anti-virus software has eliminated the threats.

정답: C

문제9

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

A. A clear set of security policies and procedures that are more concept-based than controls-based

B. A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

C. A complete inventory of Information Technology assets including infrastructure, networks, applications and data

D. A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

정답: B

문제10

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

A. Self -Study (noncomputerized)

B. Formal Class

C. Distance learning/Web seminars

D. One-One Training

정답: A

문제11

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and dat a. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

A. Decreasing the number of employees with administrator privileges

B. Forcing password changes every 90 days

C. Multi-factor authentication employing hard tokens

D. Professional user education on phishing conducted by a reputable vendor

정답: C

문제12

Which of the following are the triple constraints of project management?

A. Cost, quality, and time

B. Scope, time, and cost

C. Quality, scope, and cost

D. Time, quality, and scope

정답: B

문제13

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

A. High turnover in the application development department

B. Lack of change management controls

C. Lack of version/source controls

D. Ineffective configuration management controls

정답: C

문제14

A stakeholder is a person or group:

A. That will ultimately use the system.

B. Vested in the success and/or failure of a project or initiative regardless of budget implications.

C. Vested in the success and/or failure of a project or initiative and is tied to the project budget.

D. That has budget authority.

정답: B

최신 712-50 무료덤프 - EC-COUNCIL EC-Council Certified CISO (CCISO)

우리와 연락하기

유용한 링크

최신 업데이트