Risk that remains after risk mitigation is known as
A. Persistent risk
B. Residual risk
C. Accepted risk
D. Non-tolerated risk
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
A. The organization uses exclusively a quantitative process to measure risk
B. The organization uses exclusively a qualitative process to measure risk
C. The organization's risk tolerance is high
D. The organization's risk tolerance is lo
The PRIMARY objective for information security program development should be:
A. Reducing the impact of the risk to the business.
B. Establishing strategic alignment with business continuity requirements
C. Establishing incident response programs.
D. Identifying and implementing the best security solutions.
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?
A. Enforce the existing security standards and do not allow the deployment of the new technology.
B. Amend the standard to permit the deployment.
C. If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
D. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
A. Identify threats, risks, impacts and vulnerabilities
B. Decide how to manage risk
C. Define the budget of the Information Security Management System
D. Define Information Security Policy
From an information security perspective, information that no longer supports the main purpose of the business should be:
A. assessed by a business impact analysis.
B. protected under the information classification policy.
C. analyzed under the data ownership policy.
D. analyzed under the retention policy
You have implemented a new security control. Which of the following risk strategy options have you engaged in?
A. Risk Avoidance
B. Risk Acceptance
C. Risk Transfer
D. Risk Mitigation
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of
A. Risk Tolerance
B. Qualitative risk analysis
C. Risk Appetite
D. Quantitative risk analysis
Which of the following most commonly falls within the scope of an information security governance steering committee?
A. Approving access to critical financial systems
B. Developing content for security awareness programs
C. Interviewing candidates for information security specialist positions
D. Vetting information security policies
Which of the following is MOST important when dealing with an Information Security Steering committee:
A. Include a mix of members from different departments and staff levels.
B. Ensure that security policies and procedures have been vetted and approved.
C. Review all past audit and compliance reports.
D. Be briefed about new trends and products at each meeting by a vendor.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 512-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.