Eccouncil 712-50 CCISO Exam Practice Test Instant Access

Question 1

With respect to the audit management process, management response serves what function?

Aplacing underperforming units on notice for failing to meet standards

Bdetermining whether or not resources will be allocated to remediate a finding

Cadding controls to ensure that proper oversight is achieved by management

Drevealing the ''root cause'' of the process failure and mitigating for all internal and external units

Answer : B

Question 2

If your organization operates under a model of "assumption of breach", you should:

AProtect all information resource assets equally

BEstablish active firewall monitoring protocols

CPurchase insurance for your compliance liability

DFocus your security efforts on high value assets

Answer : C

Question 3

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

AIn-line hardware keyloggers don't require physical access

BIn-line hardware keyloggers don't comply to industry regulations

CIn-line hardware keyloggers are undetectable by software

DIn-line hardware keyloggers are relatively inexpensive

Answer : C

Question 4

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

AHave internal audit conduct another audit to see what has changed.

BContract with an external audit company to conduct an unbiased audit

CReview the recommendations and follow up to see if audit implemented the changes

DMeet with audit team to determine a timeline for corrections

Answer : C

Question 5

Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand. You should:

ACreate timelines for mitigation

BDevelop a cost-benefit analysis

CCalculate annual loss expectancy

DCreate a detailed technical executive summary

Answer : B

Question 6

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

ATechnology governance defines technology policies and standards while security governance does not.

BSecurity governance defines technology best practices and Information Technology governance does not.

CTechnology Governance is focused on process risks whereas Security Governance is focused on business risk.

DThe effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Answer : D

Question 7

When dealing with a risk management process, asset classification is important because it will impact the overall:

AThreat identification

BRisk monitoring

CRisk treatment

DRisk tolerance

Answer : C

Eccouncil EC-Council Certified CISO 712-50 CCISO Exam Practice Test