Latest 701-100 Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : 701-100
Exam Name : LPIC-OT Exam 701: DevOps Tools Engineer
Vendor Name : "LPI"







712-50 Dumps

712-50 Braindumps

712-50 Real Questions

712-50 Practice Test

    1. Actual Questions


      killexams.com EC-Council 712-50


      EC-Council Certified CISO (CCISO)


      https://killexams.com/pass4sure/exam-detail/712-50


      Question: 330

      Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation. Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?


      1. National Institute of Standards and Technology (NIST) Special Publication 800-53

      2. Payment Card Industry Digital Security Standard (PCI DSS)

      3. International Organization for Standardization – ISO 27001/2

      4. British Standard 7799 (BS7799)




Answer: C



Question: 331

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?


  1. Get approval from the board of directors

  2. Screen potential vendor solutions

  3. Verify that the cost of mitigation is less than the risk

  4. Create a risk metrics for all unmitigated risks




Answer: C



Question: 332

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of


  1. Network based security preventative controls

  2. Software segmentation controls

  3. Network based security detective controls

  4. User segmentation controls



Answer: A



Question: 333

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation. Your Corporate Information Security Policy should include which of the following?


  1. Information security theory

  2. Roles and responsibilities

  3. Incident response contacts

  4. Desktop configuration standards




Answer: B



Question: 334

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?


  1. Annually

  2. Semi-annually

  3. Quarterly

  4. Never




Answer: D



Question: 335

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called


  1. Security certification

  2. Security system analysis

  3. Security accreditation

  4. Alignment with business practices and goals.




Answer: C



Question: 336

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?


  1. Conduct background checks on individuals before hiring them

  2. Develop an Information Security Awareness program

  3. Monitor employee browsing and surfing habits

  4. Set your firewall permissions aggressively and monitor logs regularly.




Answer: A



Question: 337

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget. Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?


  1. Scope

  2. Budget

  3. Resources

  4. Constraints




Answer: A



Question: 338

What are the primary reasons for the development of a business case for a security project?


  1. To estimate risk and negate liability to the company

  2. To understand the attack vectors and attack sources

  3. To communicate risk and forecast resource needs

  4. To forecast usage and cost per software licensing




Answer: C



Question: 339

File Integrity Monitoring (FIM) is considered a


  1. Network based security preventative control

  2. Software segmentation control

  3. Security detective control

  4. User segmentation control




Answer: C



Question: 340

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.” What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?


  1. Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance

  2. Understand the business and focus your efforts on enabling operations securely

  3. Draw from your experience and recount stories of how other companies have been compromised

  4. Cite corporate policy and insist on compliance with audit findings




Answer: B



Question: 341

Acceptable levels of information security risk tolerance in an organization should be determined by?


  1. Corporate legal counsel

  2. CISO with reference to the company goals

  3. CEO and board of director

  4. Corporate compliance committee




Answer: C



Question: 342

When dealing with risk, the information security practitioner may choose to:


  1. assign

  2. transfer

  3. acknowledge

  4. defer




Answer: C



Question: 343

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. What type of control is being implemented by supervisors and data owners?


  1. Management

  2. Operational

  3. Technical

  4. Administrative




Answer: B