Eccouncil 512-50 EISM Exam Practice Test Instant Access

Question 1

To have accurate and effective information security policies how often should the CISO review the organization policies?

AEvery 6 months

BQuarterly

CBefore an audit

DAt least once a year

Answer : D

Question 2

Which of the following illustrates an operational control process:

AClassifying an information system as part of a risk assessment

BInstalling an appropriate fire suppression system in the data center

CConducting an audit of the configuration management process

DEstablishing procurement standards for cloud vendors

Answer : B

Question 3

Which of the following is a critical operational component of an Incident Response Program (IRP)?

AWeekly program budget reviews to ensure the percentage of program funding remains constant.

BAnnual review of program charters, policies, procedures and organizational agreements.

CDaily monitoring of vulnerability advisories relating to your organization's deployed technologies.

DMonthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Answer : C

Question 4

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:

AControlled spear phishing campaigns

BPassword changes

CBaselining of computer systems

DScanning for viruses

Answer : A

Question 5

Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?

AAlignment with business goals

BISO27000 accreditation

CPCI attestation of compliance

DFinancial statements

Answer : B

Question 6

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

When multiple regulations or standards apply to your industry you should set controls to meet the:

AEasiest regulation or standard to implement

BStricter regulation or standard

CMost complex standard to implement

DRecommendations of your Legal Staff

Answer : C

Question 7

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

AQualitative analysis

BQuantitative analysis

CRisk mitigation

DEstimate activity duration

Answer : A

Eccouncil 512-50 Information Security Manager EISM Exam Practice Test