The amount of risk an organization is willing to accept in pursuit of its mission is known as
A. Risk mitigation
B. Risk transfer
C. Risk tolerance
D. Risk acceptance
The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is
A. Penetration testers
B. External Audit
C. Internal Audit
D. Forensic experts
Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?
A. To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.
B. To provide a common basis for developing organizational security standards
C. To provide effective security management practice and to provide confidence in inter- organizational dealings
D. To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?
A. Plan-Check-Do-Act
B. Plan-Do-Check-Act
C. Plan-Select-Implement-Evaluate
D. SCORE (Security Consensus Operational Readiness Evaluation)
As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?
A. Executive summary
B. Penetration test agreement
C. Names and phone numbers of those who conducted the audit
D. Business charter
To have accurate and effective information security policies how often should the CISO review the organization policies?
A. Every 6 months
B. Quarterly
C. Before an audit
D. At least once a year
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?
A. Senior Executives
B. Office of the Auditor
C. Office of the General Counsel
D. All employees and users
The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because
A. The IT team is not familiar in IT audit practices
B. This represents a bad implementation of the Least Privilege principle
C. This represents a conflict of interest
D. The IT team is not certified to perform audits
Creating a secondary authentication process for network access would be an example of?
A. Nonlinearities in physical security performance metrics
B. Defense in depth cost enumerated costs
C. System hardening and patching requirements
D. Anti-virus for mobile devices
With respect to the audit management process, management response serves what function?
A. placing under performing units on notice for failing to meet standards
B. determining whether or not resources will be allocated to remediate a finding
C. adding controls to ensure that proper oversight is achieved by management
D. revealing the "root cause" of the process failure and mitigating for all internal and external units
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 512-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.