Eccouncil 712-50 practice test

EC-Council Certified CISO Exam

Last exam update: Dec 02 ,2023
Page 1 out of 30
Viewing questions 1-15 out of 449

Question 1

What is a key policy that should be part of the information security plan?

  • A. Account management policy
  • B. Training policy
  • C. Acceptable Use policy
  • D. Remote Access policy
Answer:

C

Reference:
https://www.exabeam.com/information-security/information-security-policy/

Discussions
0 / 1000

Question 2

A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO)
receives impact data in financial terms to use as input to select the proper level of coverage in a new
cybersecurity insurance policy.
What is the MOST effective method of risk analysis to provide the CFO with the information
required?

  • A. Conduct a quantitative risk assessment
  • B. Conduct a hybrid risk assessment
  • C. Conduct a subjective risk assessment
  • D. Conduct a qualitative risk assessment
Answer:

D

Discussions
0 / 1000

Question 3

As the CISO, you are the project sponsor for a highly visible log management project. The objective of
the project is to centralize all the enterprise logs into a security information and event management
(SIEM) system. You requested the results of the performance quality audits activity.
The performance quality audit activity is done in what project management process group?

  • A. Executing
  • B. Controlling
  • C. Planning
  • D. Closing
Answer:

A

Reference:
https://blog.masterofproject.com/executing-process-group-project-
management/#:~:text=Executing%20Process%20Group%20Activity%20%2310,of%20the%20project
%20are%20met

Discussions
0 / 1000

Question 4

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor
security operations during off-hours. To reduce the impact of staff shortages and increase coverage
during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?

  • A. Virtual SOC
  • B. In-house SOC
  • C. Security Network Operations Center (SNOC)
  • D. Hybrid SOC
Answer:

A

Reference:
https://www.techtarget.com/searchsecurity/tip/Benefits-of-virtual-SOCs-Enterprise-run-
vs-fully-managed

Discussions
0 / 1000

Question 5

What is the primary difference between regulations and standards?

  • A. Standards will include regulations
  • B. Standards that aren’t followed are punishable by fines
  • C. Regulations are made enforceable by the power provided by laws
  • D. Regulations must be reviewed and approved by the business
Answer:

C

Discussions
0 / 1000

Question 6

The Board of Directors of a publicly-traded company is concerned about the security implications of a
strategic project that will migrate 50% of the organizations information technology assets to the
cloud. They have requested a briefing on the project plan and a progress report of the security
stream of the project. As the CISO, you have been tasked with preparing the report for the Chief
Executive Officer to present.
Using the Earned Value Management (EVM), what does a Cost Variance (CV) of -1,200 mean?

  • A. The project is over budget
  • B. The project budget has reserves
  • C. The project cost is in alignment with the budget
  • D. The project is under budget
Answer:

A

Reference:
https://www.pmi.org/learning/library/earned-value-management-systems-analysis-
8026#:~:text=The%20cost%20variance%20is%20defined,the%20project%20is%20on%20budget

Discussions
0 / 1000

Question 7

Optical biometric recognition such as retina scanning provides access to facilities through reading the
unique characteristics of a persons eye.
However, authorization failures can occur with individuals who have?

  • A. Glaucoma or cataracts
  • B. Two different colored eyes (heterochromia iridium)
  • C. Contact lens
  • D. Malaria
Answer:

A

Discussions
0 / 1000

Question 8

A bastion host should be placed:

  • A. Inside the DMZ
  • B. In-line with the data center firewall
  • C. Beyond the outer perimeter firewall
  • D. As the gatekeeper to the organization’s honeynet
Answer:

C

Reference:
https://www.skillset.com/questions/a-bastion-host-is-which-of-the-following

Discussions
0 / 1000

Question 9

A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to
make better decisions on protecting information and assets.
What is the MAIN goal of threat hunting to the SecOps Manager?

  • A. Improve discovery of valid detected events
  • B. Enhance tuning of automated tools to detect and prevent attacks
  • C. Replace existing threat detection strategies
  • D. Validate patterns of behavior related to an attack
Answer:

A

Reference:
https://www.techtarget.com/searchsecurity/feature/7-SecOps-roles-and-responsibilities-
for-the-modern-enterprise

Discussions
0 / 1000

Question 10

Which of the following are the triple constraints of project management?

  • A. Time, quality, and scope
  • B. Cost, quality, and time
  • C. Scope, time, and cost
  • D. Quality, scope, and cost
Answer:

C

Reference:
https://www.teamgantt.com/blog/triple-constraint-project-
management#:~:text=Each%20side%20or%20point%20of,scope%2C%20time%2C%20and%20cost

Discussions
0 / 1000

Question 11

What key technology can mitigate ransomware threats?

  • A. Use immutable data storage
  • B. Phishing exercises
  • C. Application of multiple end point anti-malware solutions
  • D. Blocking use of wireless networks
Answer:

A

Reference:
https://cloud.google.com/blog/products/identity-security/5-pillars-of-protection-to-
prevent-ransomware-attacks

Discussions
0 / 1000

Question 12

What does RACI stand for?

  • A. Reasonable, Actionable, Controlled, and Implemented
  • B. Responsible, Actors, Consult, and Instigate
  • C. Responsible, Accountable, Consulted, and Informed
  • D. Review, Act, Communicate, and Inform
Answer:

C

Reference:
https://www.google.com/search?q=What+does+RACI+stand+for&oq=What+does+RACI+stand+for&
aqs=edge..69i57.220j0j4&sourceid=chrome&ie=UTF-8

Discussions
0 / 1000

Question 13

The primary responsibility for assigning entitlements to a network share lies with which role?

  • A. CISO
  • B. Data owner
  • C. Chief Information Officer (CIO)
  • D. Security system administrator
Answer:

B

Reference:
https://resources.infosecinstitute.com/certification/data-and-system-ownership/

Discussions
0 / 1000

Question 14

What organizational structure combines the functional and project structures to create a hybrid of
the two?

  • A. Traditional
  • B. Composite
  • C. Project
  • D. Matrix
Answer:

D

Reference:
https://www.knowledgehut.com/tutorials/project-management/organization-structures

Discussions
0 / 1000

Question 15

XYZ is a publicly-traded software development company.
Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?

  • A. Chief Financial Officer (CFO)
  • B. Chief Software Architect (CIO)
  • C. CISO
  • D. Chief Executive Officer (CEO)
Answer:

C

Reference:
https://www.eccouncil.org/information-security-management/

Discussions
0 / 1000
To page 2