512-50 Dumps 512-50 Braindumps 512-50 Real Questions 512-50 Practice Test 512-50 Actual Questions EC-COUNCIL 512-50 Information Security Manager (E|ISM) https://killexams.com/pass4sure/exam-detail/512-50 Question: 84 Which of the following is MOST important when dealing with an Information Security Steering committee: A. Include a mix of members from different departments and staff levels. B. Ensure that security policies and procedures have been vetted and approved. C. Review all past audit and compliance reports. D. Be briefed about new trends and products at each meeting by a vendor. Answer: C Question: 85 When briefing senior management on the creation of a governance process, the MOST important aspect should be: A. information security metrics. B. knowledge required to analyze each issue. C. baseline against which metrics are evaluated. D. linkage to business area objectives. Answer: D Question: 86 What is the BEST way to achieve on-going compliance monitoring in an organization? A. Only check compliance right before the auditors are scheduled to arrive onsite. B. Outsource compliance to a 3rd party vendor and let them manage the program. C. Have Compliance and Information Security partner to correct issues as they arise. D. Have Compliance direct Information Security to fix issues after the auditors report. Answer: C Question: 87 Which of the following is considered the MOST effective tool against social engineering? A. Anti-phishing tools B. Anti-malware tools C. Effective Security Vulnerability Management Program D. Effective Security awareness program Answer: D Question: 88 Risk is defined as: A. Threat times vulnerability divided by control B. Advisory plus capability plus vulnerability C. Asset loss times likelihood of event D. Quantitative plus qualitative impact Answer: A Question: 89 When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment? A. When there is a need to develop a more unified incident response capability. B. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements. C. When there is a variety of technologies deployed in the infrastructure. D. When it results in an overall lower cost of operating the security program. Answer: B Question: 90 The FIRST step in establishing a security governance program is to? A. Conduct a risk assessment. B. Obtain senior level sponsorship. C. Conduct a workshop for all end users. D. Prepare a security budget. Answer: B Question: 91 Risk that remains after risk mitigation is known as A. Persistent risk B. Residual risk C. Accepted risk D. Non-tolerated risk Answer: B Question: 92 In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation? A. The organization uses exclusively a quantitative process to measure risk B. The organization uses exclusively a qualitative process to measure risk C. The organizationās risk tolerance is high D. The organizationās risk tolerance is lo Answer: C Question: 93 The PRIMARY objective for information security program development should be: A. Reducing the impact of the risk to the business. B. Establishing strategic alignment with business continuity requirements C. Establishing incident response programs. D. Identifying and implementing the best security solutions. Answer: A Question: 94 A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take? A. Enforce the existing security standards and do not allow the deployment of the new technology. B. Amend the standard to permit the deployment. C. If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level. D. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues. Answer: C Question: 95 According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first? A. Identify threats, risks, impacts and vulnerabilities B. Decide how to manage risk C. Define the budget of the Information Security Management System D. Define Information Security Policy Answer: D Question: 96 From an information security perspective, information that no longer supports the main purpose of the business should be: A. assessed by a business impact analysis. B. protected under the information classification policy. C. analyzed under the data ownership policy. D. analyzed under the retention policy Answer: D Question: 97 What is the main purpose of the Incident Response Team? A. Ensure efficient recovery and reinstate repaired systems B. Create effective policies detailing program activities C. Communicate details of information security incidents D. Provide current employee awareness programs Answer: A Question: 98 Information security policies should be reviewed: A. by stakeholders at least annually B. by the CISO when new systems are brought online C. by the Incident Response team after an audit D. by internal audit semiannually Answer: A Question: 99 An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization? A. International Organization for Standardizations C 27004 (ISO-27004) B. Payment Card Industry Data Security Standards (PCI-DSS) C. Control Objectives for Information Technology (COBIT) D. International Organization for Standardizations C 27005 (ISO-27005) Answer: A Question: 100 Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001? A. Use within an organization to formulate security requirements and objectives B. Implementation of business-enabling information security C. Use within an organization to ensure compliance with laws and regulations D. To enable organizations that adopt it to obtain certifications Answer: B 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG