Leading EC-Council Certified CISO (CCISO) 712-50 Free Samples

NEW QUESTION 1

The alerting, monitoring and life-cycle management of security related events is typically handled by the

• A. security threat and vulnerability management process
• B. risk assessment process
• C. risk management process
• D. governance, risk, and compliance tools

Answer: A

NEW QUESTION 2

Who in the organization determines access to information?

• A. Legal department
• B. Compliance officer
• C. Data Owner
• D. Information security officer

Answer: C

NEW QUESTION 3

Which of the following is the MOST important component of any change management process?

• A. Scheduling
• B. Back-out procedures
• C. Outage planning
• D. Management approval

Answer: D

NEW QUESTION 4

Who should be involved in the development of an internal campaign to address email phishing?

• A. Business unit leaders, CIO, CEO
• B. Business Unite Leaders, CISO, CIO and CEO
• C. All employees
• D. CFO, CEO, CIO

Answer: B

NEW QUESTION 5

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

• A. The auditors have not followed proper auditing processes
• B. The CIO of the organization disagrees with the finding
• C. The risk tolerance of the organization permits this risk
• D. The organization has purchased cyber insurance

Answer: C

NEW QUESTION 6

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

• A. International encryption restrictions
• B. Compliance to Payment Card Industry (PCI) data security standards
• C. Compliance with local government privacy laws
• D. Adherence to local data breach notification laws

Answer: B

NEW QUESTION 7

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

• A. Get approval from the board of directors
• B. Screen potential vendor solutions
• C. Verify that the cost of mitigation is less than the risk
• D. Create a risk metrics for all unmitigated risks

Answer: C

NEW QUESTION 8

Which of the following are the triple constraints of project management?

• A. Time, quality, and scope
• B. Cost, quality, and time
• C. Scope, time, and cost
• D. Quality, scope, and cost

Answer: C

Explanation:
Reference:
https://www.teamgantt.com/blog/triple-constraint-project-management#:~:text=Each%20side%20or%20point%

NEW QUESTION 9

You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.
Which of the following is NOT documented in the SSP?

• A. The controls in place to secure the system
• B. Name of the connected system
• C. The results of a third-party audits and recommendations
• D. Type of information used in the system

Answer: C

Explanation:
Reference:
https://www.govinfo.gov/content/pkg/GOVPUB-C13-63e84ab7af43b36228f10e4f0b5f8c38/pdf/GOVPUB-C13- (65)

NEW QUESTION 10

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

• A. Internal Audit
• B. Corporate governance
• C. Risk Oversight
• D. Key Performance Indicators

Answer: B

Explanation:
Reference: https://www.igi-global.com/dictionary/corporate-governance/5957

NEW QUESTION 11

Risk appetite directly affects what part of a vulnerability management program?

• A. Staff
• B. Scope
• C. Schedule
• D. Scan tools

Answer: B

NEW QUESTION 12

File Integrity Monitoring (FIM) is considered a

• A. Network based security preventative control
• B. Software segmentation control
• C. Security detective control
• D. User segmentation control

Answer: C

NEW QUESTION 13

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

• A. Cost benefit
• B. Risk appetite
• C. Business continuity
• D. Likelihood of impact

Answer: B

NEW QUESTION 14

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

• A. Risk Avoidance
• B. Risk Acceptance
• C. Risk Transfer
• D. Risk Mitigation

Answer: D

NEW QUESTION 15

Which of the following best describes a portfolio?

• A. The portfolio is used to manage and track individual projects
• B. The portfolio is used to manage incidents and events
• C. A portfolio typically consists of several programs
• D. A portfolio delivers one specific service or program to the business

Answer: C

NEW QUESTION 16

You are just hired as the new CISO and are being briefed on all the Information Security projects that your
section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?

• A. Scope of the project
• B. Training of the personnel on the project
• C. Timeline of the project milestones
• D. Vendor for the project

Answer: A

NEW QUESTION 17

Which of the following is a fundamental component of an audit record?

• A. Date and time of the event
• B. Failure of the event
• C. Originating IP-Address
• D. Authentication type

Answer: A

NEW QUESTION 18

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans.
Which control is MOST important to protect AI products?

• A. Hash datasets
• B. Sanitize datasets
• C. Delete datasets
• D. Encrypt datasets

Answer: D

NEW QUESTION 19
......