Exam Code : 701-100
Exam Name : LPIC-OT Exam 701: DevOps Tools Engineer
Vendor Name :
"LPI"
712-50 Dumps
712-50 Braindumps
712-50 Real Questions
712-50 Practice Test
Actual Questions
killexams.com EC-Council 712-50
EC-Council Certified CISO (CCISO)
https://killexams.com/pass4sure/exam-detail/712-50
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation. Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?
National Institute of Standards and Technology (NIST) Special Publication 800-53
Payment Card Industry Digital Security Standard (PCI DSS)
International Organization for Standardization – ISO 27001/2
British Standard 7799 (BS7799)
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?
Get approval from the board of directors
Screen potential vendor solutions
Verify that the cost of mitigation is less than the risk
Create a risk metrics for all unmitigated risks
Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of
Network based security preventative controls
Software segmentation controls
Network based security detective controls
User segmentation controls
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation. Your Corporate Information Security Policy should include which of the following?
Information security theory
Roles and responsibilities
Incident response contacts
Desktop configuration standards
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
Annually
Semi-annually
Quarterly
Never
The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called
Security certification
Security system analysis
Security accreditation
Alignment with business practices and goals.
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?
Conduct background checks on individuals before hiring them
Develop an Information Security Awareness program
Monitor employee browsing and surfing habits
Set your firewall permissions aggressively and monitor logs regularly.
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget. Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?
Scope
Budget
Resources
Constraints
What are the primary reasons for the development of a business case for a security project?
To estimate risk and negate liability to the company
To understand the attack vectors and attack sources
To communicate risk and forecast resource needs
To forecast usage and cost per software licensing
File Integrity Monitoring (FIM) is considered a
Network based security preventative control
Software segmentation control
Security detective control
User segmentation control
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.” What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance
Understand the business and focus your efforts on enabling operations securely
Draw from your experience and recount stories of how other companies have been compromised
Cite corporate policy and insist on compliance with audit findings
Acceptable levels of information security risk tolerance in an organization should be determined by?
Corporate legal counsel
CISO with reference to the company goals
CEO and board of director
Corporate compliance committee
When dealing with risk, the information security practitioner may choose to:
assign
transfer
acknowledge
defer
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. What type of control is being implemented by supervisors and data owners?
Management
Operational
Technical
Administrative