[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 1-10

Get Full Version of the Exam

Question No.1

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

  1. Risk Tolerance

  2. Qualitative risk analysis

  3. Risk Appetite

  4. Quantitative risk analysis

Correct Answer: D

Question No.2

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

  1. International Organization for Standardizations ?27004 (ISO-27004)

  2. Payment Card Industry Data Security Standards (PCI-DSS)

  3. Control Objectives for Information Technology (COBIT)

  4. International Organization for Standardizations ?27005 (ISO-27005)

Correct Answer: A

Question No.3

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

  1. How many credit card records are stored?

  2. How many servers do you have?

  3. What is the scope of the certification?

  4. What is the value of the assets at risk?

Correct Answer: C

Question No.4

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

  1. Providing a risk program governance structure

  2. Ensuring developers include risk control comments in code

  3. Creating risk assessment templates based on specific threats

  4. Allowing for the acceptance of risk for regulatory compliance requirements

Correct Answer: A

Question No.5

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

  1. Subscribe to vendor mailing list to get notification of system vulnerabilities

  2. Deploy Intrusion Detection System (IDS) and install anti-virus on systems

  3. Configure firewall, perimeter router and Intrusion Prevention System (IPS)

  4. Conduct security testing, vulnerability scanning, and penetration testing

Correct Answer: D

Question No.6

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

  1. Audit validation

  2. Physical control testing

  3. Compliance management

  4. Security awareness training

Correct Answer: C

Question No.7

The PRIMARY objective of security awareness is to:

  1. Ensure that security policies are read.

  2. Encourage security-conscious employee behavior.

  3. Meet legal and regulatory requirements.

  4. Put employees on notice in case follow-up action for noncompliance is necessary

Correct Answer: B

Question No.8

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

  1. Due Protection

  2. Due Care

  3. Due Compromise

  4. Due process

Correct Answer: B

Question No.9

From an information security perspective, information that no longer supports the main purpose of the business should be:

  1. assessed by a business impact analysis.

  2. protected under the information classification policy.

  3. analyzed under the data ownership policy.

  4. analyzed under the retention policy

Correct Answer: D

Question No.10

Which of the following is considered the MOST effective tool against social engineering?

  1. Anti-phishing tools

  2. Anti-malware tools

  3. Effective Security Vulnerability Management Program

  4. Effective Security awareness program

Correct Answer: D

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF