712-50 EC-Council Certified CISO Practice Test Set 4

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)? 


Options are :

  • Meet legal requirements
  • Meet regulatory compliance requirements
  • Better understand the threats and vulnerabilities affecting the environment
  • Better understand strengths and weaknesses of the program (Correct)

Answer : Better understand strengths and weaknesses of the program

EC0-479 EC-Council Certified Security Analyst Practice Exam Set 4

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is 


Options are :

  • Forensic experts
  • Penetration testers
  • Internal Audit
  • External Audit (Correct)

Answer : External Audit

To have accurate and effective information security policies how often should the CISO review the organization policies? 


Options are :

  • At least once a year (Correct)
  • Quarterly
  • Before an audi
  • Every 6 months

Answer : At least once a year

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized? 


Options are :

  • Management Control (Correct)
  • Training Control
  • Operational Control
  • Technical Control

Answer : Management Control

ECCouncil 312-76Disaster Recover Professional Practice Exam Set 8

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?


Options are :

  • Daily (Correct)
  • Monthly
  • Weekly
  • Hourly

Answer : Daily

Which is the BEST solution to monitor, measure, and report changes to critical data in a system? 


Options are :

  • Application logs
  • SNMP traps
  • Syslog
  • File integrity monitoring (Correct)

Answer : File integrity monitoring

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans? 


Options are :

  • Business Continuity plan
  • Incident response plan
  • Disaster recovery plan (Correct)
  • Damage control plan

Answer : Disaster recovery plan

ECCouncil 412-79 Certified Security Analyst (ECSA) Exam Set 6

At which point should the identity access management team be notified of the termination of an employee? 


Options are :

  • During the monthly review cycle
  • Immediately so the employee account(s) can be disabled (Correct)
  • Before an audit
  • At the end of the day once the employee is off site

Answer : Immediately so the employee account(s) can be disabled

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard? 


Options are :

  • To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.
  • To provide a common basis for developing organizational security standards
  • To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization (Correct)
  • To provide effective security management practice and to provide confidence in interorganizational dealings

Answer : To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints? 


Options are :

  • Take the system off line until the budget is available
  • Deploy countermeasures and compensating controls until the budget is available (Correct)
  • Schedule an emergency meeting and request the funding to fix the issue
  • Transfer financial resources from other critical programs

Answer : Deploy countermeasures and compensating controls until the budget is available

ECCouncil EC0-479 Certified Security Analyst (ECSA) Exam Set 5

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management? 


Options are :

  • National Institute of Standards and Technology Special Publication SP 800-12
  • Request For Comment 2196
  • National Institute of Standards and Technology Special Publication SP 800-26
  • International Organization for Standardization 27001 (Correct)

Answer : International Organization for Standardization 27001

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability.  What do you do? 


Options are :

  • tell him to shut down the server
  • tell him to invoke the incident response process (Correct)
  • tell him to analyze the problem, preserve the evidence and provide a full analysis and report
  • tell him to call the police

Answer : tell him to invoke the incident response process

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s 


Options are :

  • Security Awareness Program (Correct)
  • Identity and Access Management Program.
  • Anti-Spam controls.
  • Risk Management Program.

Answer : Security Awareness Program

ECCouncil 412-79v8 Certified Security Analyst (ECSA) Exam Set 4

You have implemented the new controls. What is the next step? 


Options are :

  • Monitor the effectiveness of the controls (Correct)
  • Update the audit findings report
  • Document the process for the stakeholders
  • Perform a risk assessment

Answer : Monitor the effectiveness of the controls

The effectiveness of an audit is measured by? 


Options are :

  • How it exposes the risk tolerance of the company
  • The number of security controls the company has in use
  • How the recommendations directly support the goals of the company (Correct)
  • The number of actionable items in the recommendations

Answer : How the recommendations directly support the goals of the company

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology. 


Options are :

  • ISO 27001
  • ISO 27005 (Correct)
  • ISO 27002
  • ISO 27004

Answer : ISO 27005

EC0-232 EC-Council E-Commerce Architect Practice Test Set 1

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding.  Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes? 


Options are :

  • The organization has purchased cyber insurance
  • The risk tolerance of the organization permits this risk (Correct)
  • The CIO of the organization disagrees with the finding
  • The auditors have not followed proper auditing processes

Answer : The risk tolerance of the organization permits this risk

How often should an environment be monitored for cyber threats, risks, and exposures? 


Options are :

  • Daily (Correct)
  • Monthly
  • Quarterly
  • Weekly
  • None

Answer : Daily

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001? 


Options are :

  • Implementation of business-enabling information security (Correct)
  • Use within an organization to formulate security requirements and objectives
  • Use within an organization to ensure compliance with laws and regulations
  • To enable organizations that adopt it to obtain certifications

Answer : Implementation of business-enabling information security

ECCouncil 312-50 Certified Ethical Hacker Practice Test Set 8

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks? 


Options are :

  • Information Technology Infrastructure Library (ITIL)
  • Committee of Sponsoring Organizations (COSO)
  • Control Objective for Information Technology (COBIT) (Correct)
  • Payment Card Industry (PCI)

Answer : Control Objective for Information Technology (COBIT)

When is an application security development project complete? 


Options are :

  • When the application is retired. (Correct)
  • When the application reaches the maintenance phase.
  • When the application turned over to production.
  • After one year.

Answer : When the application is retired.

Control Objectives for Information and Related Technology (COBIT) is which of the following? 


Options are :

  • A framework for Information Technology management and governance (Correct)
  • A set of international regulations for Information Technology governance
  • An audit guideline for certifying secure systems and controls
  • An Information Security audit standard

Answer : A framework for Information Technology management and governance

ECCouncil 312-38 Network Security Administrator (ENSA) Exam Set 3

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step? 


Options are :

  • Build a secondary hot site
  • Create technology recovery plans (Correct)
  • Determine the annual loss expectancy (ALE)
  • Create a crisis management plan

Answer : Create technology recovery plans

The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics? 


Options are :

  • Operational metrics (Correct)
  • Compliance metrics
  • Risk metrics
  • Management metrics

Answer : Operational metrics

When should IT security project management be outsourced? 


Options are :

  • On projects not forecasted in the yearly budget
  • On new, enterprise-wide security initiatives
  • When the benefits of outsourcing outweigh the inherent risks of outsourcing (Correct)
  • When organizational resources are limited

Answer : When the benefits of outsourcing outweigh the inherent risks of outsourcing

ECCouncil EC0-479 Certified Security Analyst (ECSA) Exam Set 8

Which of the following illustrates an operational control process: 


Options are :

  • Installing an appropriate fire suppression system in the data center (Correct)
  • Classifying an information system as part of a risk assessment
  • Establishing procurement standards for cloud vendors
  • Conducting an audit of the configuration management process

Answer : Installing an appropriate fire suppression system in the data center

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network? 


Options are :

  • External penetration testing by a qualified third party (Correct)
  • Internal Firewall ruleset reviews
  • Perform a vulnerability scan of the network
  • Implement network intrusion prevention systems

Answer : External penetration testing by a qualified third party

The ultimate goal of an IT security projects is: 


Options are :

  • Support business requirements (Correct)
  • Complete security
  • Implement information security policies
  • Increase stock value

Answer : Support business requirements

ECCouncil 712-50 Certified CISO (CCISO) Practice Exam Set 6

When managing the critical path of an IT security project, which of the following is MOST important? 


Options are :

  • Knowing the milestones and timelines of deliverables. (Correct)
  • Knowing who all the stakeholders are.
  • Knowing the threats to the organization.
  • Knowing the people on the data center team.

Answer : Knowing the milestones and timelines of deliverables.

An information security department is required to remediate system vulnerabilities when they are discovered.  Please select the three primary remediation methods that can be used on an affected system. 


Options are :

  • Install software patch, Operate system, Maintain system
  • Install software patch, configuration adjustment, Software Removal (Correct)
  • Software removal, install software patch, maintain system
  • Discover software, Remove affected software, Apply software patch

Answer : Install software patch, configuration adjustment, Software Removal

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions