Eccouncil 512-50 practice test

The FIRST step in establishing a security governance program is to?

• A. Conduct a risk assessment.
• B. Obtain senior level sponsorship.
• C. Conduct a workshop for all end users.
• D. Prepare a security budget.

Which of the following has the GREATEST impact on the implementation of an information security
governance model?

• A. Organizational budget
• B. Distance between physical locations
• C. Number of employees
• D. Complexity of organizational structure

From an information security perspective, information that no longer supports the main purpose of
the business should be:

• A. assessed by a business impact analysis.
• B. protected under the information classification policy.
• C. analyzed under the data ownership policy.
• D. analyzed under the retention policy

When briefing senior management on the creation of a governance process, the MOST important
aspect should be:

• A. information security metrics.
• B. knowledge required to analyze each issue.
• C. baseline against which metrics are evaluated.
• D. linkage to business area objectives.

Which of the following most commonly falls within the scope of an information security governance
steering committee?

• A. Approving access to critical financial systems
• B. Developing content for security awareness programs
• C. Interviewing candidates for information security specialist positions
• D. Vetting information security policies

A security professional has been promoted to be the CISO of an organization. The first task is to
create a security policy for this organization. The CISO creates and publishes the security policy. This
policy however, is ignored and not enforced consistently. Which of the following is the MOST likely
reason for the policy shortcomings?

• A. Lack of a formal security awareness program
• B. Lack of a formal security policy governance process
• C. Lack of formal definition of roles and responsibilities
• D. Lack of a formal risk management policy

Which of the following is the MAIN reason to follow a formal risk management process in an
organization that hosts and uses privately identifiable information (PII) as part of their business
models and processes?

• A. Need to comply with breach disclosure laws
• B. Need to transfer the risk associated with hosting PII data
• C. Need to better understand the risk associated with using PII data
• D. Fiduciary responsibility to safeguard credit card information

The alerting, monitoring and life-cycle management of security related events is typically handled by
the

• A. security threat and vulnerability management process
• B. risk assessment process
• C. risk management process
• D. governance, risk, and compliance tools

One of the MAIN goals of a Business Continuity Plan is to

• A. Ensure all infrastructure and applications are available in the event of a disaster
• B. Allow all technical first-responders to understand their roles in the event of a disaster
• C. Provide step by step plans to recover business processes in the event of a disaster
• D. Assign responsibilities to the technical teams responsible for the recovery of all data.

When managing an Information Security Program, which of the following is of MOST importance in
order to influence the culture of an organization?

• A. An independent Governance, Risk and Compliance organization
• B. Alignment of security goals with business goals
• C. Compliance with local privacy regulations
• D. Support from Legal and HR teams