Eccouncil 512-50 EISM Exam Questions Instant Access

Question 1

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

ANeed to comply with breach disclosure laws

BNeed to transfer the risk associated with hosting PII data

CNeed to better understand the risk associated with using PII data

DFiduciary responsibility to safeguard credit card information

Answer : C

Question 2

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

AInform senior management of the risk involved.

BAgree to work with the security officer on these shifts as a form of preventative control.

CDevelop a computer assisted audit technique to detect instances of abuses of the arrangement.

DReview the system log for each of the late night shifts to determine whether any irregular actions occurred.

Answer : A

Question 3

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

AManagement Control

BTechnical Control

CTraining Control

DOperational Control

Answer : D

Question 4

A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the following qualifications and experience would be MOST desirable to find in a candidate?

AMultiple certifications, strong technical capabilities and lengthy resume

BIndustry certifications, technical knowledge and program management skills

CCollege degree, audit capabilities and complex project management

DMultiple references, strong background check and industry certifications

Answer : B

Question 5

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

ADetermine appetite

BEvaluate risk avoidance criteria

CPerform a risk assessment

DMitigate risk

Answer : D

Question 6

Security related breaches are assessed and contained through which of the following?

AThe IT support team.

BA forensic analysis.

CIncident response

DPhysical security team.

Answer : C

Question 7

The risk found after a control has been fully implemented is called:

AResidual Risk

BTotal Risk

CPost implementation risk

DTransferred risk

Answer : A

Eccouncil Information Security Manager 512-50 EISM Exam Questions