March Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

712-50 EC-Council Certified CISO (CCISO) Questions and Answers

Questions 4

To make sure that the actions of all employees, applications, and systems follow the organization’s rules and regulations can BEST be described as which of the following?

Options:

A.

Compliance management

B.

Asset management

C.

Risk management

D.

Security management

Buy Now
Questions 5

XYZ is a publicly-traded software development company.

Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?

Options:

A.

Chief Financial Officer (CFO)

B.

Chief Software Architect (CIO)

C.

CISO

D.

Chief Executive Officer (CEO)

Buy Now
Questions 6

What does RACI stand for?

Options:

A.

Reasonable, Actionable, Controlled, and Implemented

B.

Responsible, Actors, Consult, and Instigate

C.

Responsible, Accountable, Consulted, and Informed

D.

Review, Act, Communicate, and Inform

Buy Now
Questions 7

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Buy Now
Questions 8

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Options:

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Buy Now
Questions 9

What type of attack requires the least amount of technical equipment and has the highest success rate?

Options:

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Buy Now
Questions 10

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Options:

A.

Well established and defined digital forensics process

B.

Establishing Enterprise-owned Botnets for preemptive attacks

C.

Be able to retaliate under the framework of Active Defense

D.

Collaboration with law enforcement

Buy Now
Questions 11

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Buy Now
Questions 12

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Buy Now
Questions 13

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Buy Now
Questions 14

An anonymity network is a series of?

Options:

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Buy Now
Questions 15

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Buy Now
Questions 16

What is the FIRST step in developing the vulnerability management program?

Options:

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Buy Now
Questions 17

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Buy Now
Questions 18

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Buy Now
Questions 19

Which of the following is the MOST important reason for performing assessments of the security portfolio?

Options:

A.

To assure that the portfolio is aligned to the needs of the broader organization

B.

To create executive support of the portfolio

C.

To discover new technologies and processes for implementation within the portfolio

D.

To provide independent 3rd party reviews of security effectiveness

Buy Now
Questions 20

Using the Transport Layer Security (TLS) protocol enables a client in a network to be:

Options:

A.

Provided with a digital signature

B.

Assured of the server’s identity

C.

Identified by a network

D.

Registered by the server

Buy Now
Questions 21

Which of the following is a common technology for visual monitoring?

Options:

A.

Closed circuit television

B.

Open circuit television

C.

Blocked video

D.

Local video

Buy Now
Questions 22

What are the primary reasons for the development of a business case for a security project?

Options:

A.

To estimate risk and negate liability to the company

B.

To understand the attack vectors and attack sources

C.

To communicate risk and forecast resource needs

D.

To forecast usage and cost per software licensing

Buy Now
Questions 23

Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?

Options:

A.

Purge

B.

Clear

C.

Mangle

D.

Destroy

Buy Now
Questions 24

The Board of Directors of a publicly-traded company is concerned about the security implications of a strategic project that will migrate 50% of the organization’s information technology assets to the cloud. They have requested a briefing on the project plan and a progress report of the security stream of the project. As the CISO, you have been tasked with preparing the report for the Chief Executive Officer to present.

Using the Earned Value Management (EVM), what does a Cost Variance (CV) of -1,200 mean?

Options:

A.

The project is over budget

B.

The project budget has reserves

C.

The project cost is in alignment with the budget

D.

The project is under budget

Buy Now
Questions 25

Many successful cyber-attacks currently include:

Options:

A.

Phishing Attacks

B.

Misconfigurations

C.

Social engineering

D.

All of these

Buy Now
Questions 26

Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?

Options:

A.

Virtual

B.

Dedicated

C.

Fusion

D.

Command

Buy Now
Questions 27

The primary responsibility for assigning entitlements to a network share lies with which role?

Options:

A.

CISO

B.

Data owner

C.

Chief Information Officer (CIO)

D.

Security system administrator

Buy Now
Questions 28

As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.

The performance quality audit activity is done in what project management process group?

Options:

A.

Executing

B.

Controlling

C.

Planning

D.

Closing

Buy Now
Questions 29

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

Options:

A.

Determine the annual loss expectancy (ALE)

B.

Create a crisis management plan

C.

Create technology recovery plans

D.

Build a secondary hot site

Buy Now
Questions 30

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

Options:

A.

Perform a vulnerability scan of the network

B.

External penetration testing by a qualified third party

C.

Internal Firewall ruleset reviews

D.

Implement network intrusion prevention systems

Buy Now
Questions 31

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

Options:

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

Buy Now
Questions 32

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Options:

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Buy Now
Questions 33

You have implemented the new controls. What is the next step?

Options:

A.

Document the process for the stakeholders

B.

Monitor the effectiveness of the controls

C.

Update the audit findings report

D.

Perform a risk assessment

Buy Now
Questions 34

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

Options:

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Buy Now
Questions 35

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Options:

A.

Validate that security awareness program content includes information about the potential vulnerability

B.

Conduct a thorough risk assessment against the current implementation to determine system functions

C.

Determine program ownership to implement compensating controls

D.

Send a report to executive peers and business unit owners detailing your suspicions

Buy Now
Questions 36

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

Options:

A.

Perform an audit to measure the control formally

B.

Escalate the issue to the IT organization

C.

Perform a risk assessment to measure risk

D.

Establish Key Risk Indicators

Buy Now
Questions 37

The regular review of a firewall ruleset is considered a

Options:

A.

Procedural control

B.

Organization control

C.

Technical control

D.

Management control

Buy Now
Questions 38

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options:

A.

A substantive test of program library controls

B.

A compliance test of program library controls

C.

A compliance test of the program compiler controls

D.

A substantive test of the program compiler controls

Buy Now
Questions 39

IT control objectives are useful to IT auditors as they provide the basis for understanding the:

Options:

A.

Desired results or purpose of implementing specific control procedures.

B.

The audit control checklist.

C.

Techniques for securing information.

D.

Security policy

Buy Now
Questions 40

Dataflow diagrams are used by IT auditors to:

Options:

A.

Order data hierarchically.

B.

Highlight high-level data definitions.

C.

Graphically summarize data paths and storage processes.

D.

Portray step-by-step details of data generation.

Buy Now
Questions 41

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

Options:

A.

Information Technology Infrastructure Library (ITIL)

B.

International Organization for Standardization (ISO) standards

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

National Institute for Standards and Technology (NIST) standard

Buy Now
Questions 42

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization’s products and services?

Options:

A.

Strong authentication technologies

B.

Financial reporting regulations

C.

Credit card compliance and regulations

D.

Local privacy laws

Buy Now
Questions 43

Which of the following is the MOST important for a CISO to understand when identifying threats?

Options:

A.

How vulnerabilities can potentially be exploited in systems that impact the organization

B.

How the security operations team will behave to reported incidents

C.

How the firewall and other security devices are configured to prevent attacks

D.

How the incident management team prepares to handle an attack

Buy Now
Questions 44

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

Options:

A.

Threat

B.

Vulnerability

C.

Attack vector

D.

Exploitation

Buy Now
Questions 45

Credit card information, medical data, and government records are all examples of:

Options:

A.

Confidential/Protected Information

B.

Bodily Information

C.

Territorial Information

D.

Communications Information

Buy Now
Questions 46

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

Options:

A.

Technology governance defines technology policies and standards while security governance does not.

B.

Security governance defines technology best practices and Information Technology governance does not.

C.

Technology Governance is focused on process risks whereas Security Governance is focused on business risk.

D.

The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Buy Now
Questions 47

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

Options:

A.

Susceptibility to attack, mitigation response time, and cost

B.

Attack vectors, controls cost, and investigation staffing needs

C.

Vulnerability exploitation, attack recovery, and mean time to repair

D.

Susceptibility to attack, expected duration of attack, and mitigation availability

Buy Now
Questions 48

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

Options:

A.

Controlled mitigation effort

B.

Risk impact comparison

C.

Relative likelihood of event

D.

Comparative threat analysis

Buy Now
Questions 49

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

Options:

A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

Buy Now
Questions 50

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Options:

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Buy Now
Questions 51

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

Options:

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months

Buy Now
Questions 52

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

Options:

A.

International Organization for Standardizations – 22301 (ISO-22301)

B.

Information Technology Infrastructure Library (ITIL)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Buy Now
Questions 53

When project costs continually increase throughout implementation due to large or rapid changes in customer

or user requirements, this is commonly known as:

Options:

A.

Cost/benefit adjustments

B.

Scope creep

C.

Prototype issues

D.

Expectations management

Buy Now
Questions 54

As the Chief Information Security Officer, you are performing an assessment of security posture to understand

what your Defense-in-Depth capabilities are. Which network security technology examines network traffic flows

to detect and actively stop vulnerability exploits and attacks?

Options:

A.

Gigamon

B.

Intrusion Prevention System

C.

Port Security

D.

Anti-virus

Buy Now
Questions 55

What are the three stages of an identity and access management system?

Options:

A.

Authentication, Authorize, Validation

B.

Provision, Administration, Enforcement

C.

Administration, Validation, Protect

D.

Provision, Administration, Authentication

Buy Now
Questions 56

Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

Options:

A.

Alignment with business goals

B.

ISO27000 accreditation

C.

PCI attestation of compliance

D.

Financial statements

Buy Now
Questions 57

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

Options:

A.

There is integration between IT security and business staffing.

B.

There is a clear definition of the IT security mission and vision.

C.

There is an auditing methodology in place.

D.

The plan requires return on investment for all security projects.

Buy Now
Questions 58

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Options:

A.

The Net Present Value (NPV) of the project is positive

B.

The NPV of the project is negative

C.

The Return on Investment (ROI) is larger than 10 months

D.

The ROI is lower than 10 months

Buy Now
Questions 59

Involvement of senior management is MOST important in the development of:

Options:

A.

IT security implementation plans.

B.

Standards and guidelines.

C.

IT security policies.

D.

IT security procedures.

Buy Now
Questions 60

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

Options:

A.

NIST and Privacy Regulations

B.

ISO 27000 and Payment Card Industry Data Security Standards

C.

NIST and data breach notification laws

D.

ISO 27000 and Human resources best practices

Buy Now
Questions 61

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

Options:

A.

Deploy a SEIM solution and have current staff review incidents first thing in the morning

B.

Contract with a managed security provider and have current staff on recall for incident response

C.

Configure your syslog to send SMS messages to current staff when target events are triggered

D.

Employ an assumption of breach protocol and defend only essential information resources

Buy Now
Questions 62

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

Options:

A.

Define the risk appetite

B.

Determine budget constraints

C.

Review project charters

D.

Collaborate security projects

Buy Now
Questions 63

What oversight should the information security team have in the change management process for application security?

Options:

A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Buy Now
Questions 64

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

Options:

A.

Download open source security tools and deploy them on your production network

B.

Download trial versions of commercially available security tools and deploy on your production network

C.

Download open source security tools from a trusted site, test, and then deploy on production network

D.

Download security tools from a trusted source and deploy to production network

Buy Now
Questions 65

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Options:

A.

Scope creep

B.

Deadline extension

C.

Scope modification

D.

Deliverable expansion

Buy Now
Questions 66

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

Options:

A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

Buy Now
Questions 67

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

Options:

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Buy Now
Exam Code: 712-50
Exam Name: EC-Council Certified CISO (CCISO)
Last Update: Mar 28, 2024
Questions: 449

PDF + Testing Engine

$130

Testing Engine

$95

PDF (Q&A)

$80