Eccouncil 512-50 EISM Exam Practice Test Instant Access

Question 1

Which of the following statements about Encapsulating Security Payload (ESP) is true?

AIt is an IPSec protocol.

BIt is a text-based communication protocol.

CIt uses TCP port 22 as the default port and operates at the application layer.

DIt uses UDP port 22

Answer : A

Question 2

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

What is one proven method to account for common elements found within separate regulations and/or standards?

AHire a GRC expert

BUse the Find function of your word processor

CDesign your program to meet the strictest government standards

DDevelop a crosswalk

Answer : D

Question 3

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

AScan a representative sample of systems

BPerform the scans only during off-business hours

CDecrease the vulnerabilities within the scan tool settings

DFilter the scan output so only pertinent data is analyzed

Answer : A

Question 4

As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?

ARecovery Point Objective (RPO)

BDisaster Recovery Plan

CRecovery Time Objective (RTO)

DBusiness Continuity Plan

Answer : D

Question 5

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

AA security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

BA clear set of security policies and procedures that are more concept-based than controls-based

CA complete inventory of Information Technology assets including infrastructure, networks, applications and data

DA clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

Answer : D

Question 6

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

AMetrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

BAnnual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program

CUnderstanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

DEndorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Answer : C

Topic 2, Information Security Controls and Audit Management

Question 7

Creating a secondary authentication process for network access would be an example of?

ANonlinearities in physical security performance metrics

BDefense in depth cost enumerated costs

CSystem hardening and patching requirements

DAnti-virus for mobile devices

Answer : A

Eccouncil Information Security Manager 512-50 EISM Exam Practice Test